AI Security Review
scanned 17h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was established. The package is an AI-agent orchestration tool that can install first-party Codex hooks, AGENTS.md, skills/prompts, plugin cache, and optional MCP compatibility when the user runs setup.
Decision evidence
public snapshot- package.json defines postinstall, but dist/scripts/postinstall.js only runs on global npm lifecycle and writes an install stamp/reminder.
- dist/cli/setup.js user-invoked setup writes Codex config/hooks/AGENTS/plugin cache and optional MCP/Claude compatibility settings.
- dist/config/codex-hooks.js builds Codex lifecycle hooks invoking dist/scripts/codex-native-hook.js for multiple hook events.
- dist/mcp/code-intel-server.js exposes MCP tools that run local npx/tsc/ast-grep on requested workspaces.
- No install-time mutation of AGENTS.md, .mcp.json, Claude settings, or Codex hooks found in dist/scripts/postinstall.js.
- Postinstall is guarded to npm global installs and only touches $CODEX_HOME/.omx/install-state.json via dist/cli/update.js.
- Agent/control-surface writes are tied to explicit omx setup/plugin modes, with dry-run/force/merge guards and backups.
- Network observed is package-aligned update/install logic to registry.npmjs.org and github.com/PennixRv/oh-my-codex, not credential exfiltration.
- No credential harvesting or hardcoded exfiltration endpoint identified in inspected hot paths.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/autoresearch/runtime.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli/hooks.jsView on unpkg · L40Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/mcp/code-intel-server.jsView on unpkg · L546Package ships non-JavaScript build or shell helper files.
src/scripts/run-autoresearch-showcase.shView on unpkg