AI Security Review
scanned 16h ago · by lpm-firewall-aiNo confirmed malicious install-time attack surface is established. The package is an AI/Codex orchestration CLI with powerful user-invoked setup, update, MCP, hook, and evaluator features, but postinstall only records an OMX-owned install stamp.
Decision evidence
public snapshot- package.json defines postinstall lifecycle script
- dist/cli/setup.js can write Codex config, prompts, skills, native agents, plugin cache, and optional MCP config when user runs setup
- dist/cli/update.js can run npm install -g and schedule a detached update after user confirmation
- dist/mcp/code-intel-server.js invokes npx/tsc/ast-grep as MCP tool behavior
- dist/autoresearch/runtime.js can run git and a configured evaluator command with shell:true
- dist/scripts/postinstall.js is guarded to global installs and only updates $CODEX_HOME/.omx/install-state.json plus logs a setup reminder
- No postinstall setup of AGENTS.md, Codex config.toml, Claude settings, MCP servers, hooks, or shell startup files observed
- Setup/plugin/MCP writes are exposed through explicit omx setup or plugin commands, not automatic install-time mutation
- Network/package-manager activity found in update/code-intel paths is user-invoked and package-aligned
- No credential harvesting, exfiltration endpoint, remote payload fetch-and-execute, or destructive install behavior found
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
dist/autoresearch/runtime.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cli/hooks.jsView on unpkg · L40Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/mcp/code-intel-server.jsView on unpkg · L546Package ships non-JavaScript build or shell helper files.
src/scripts/run-autoresearch-showcase.shView on unpkg