AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. A global npm postinstall can register this package's local marketplace and plugin with Codex. The plugin then exposes an MCP server that starts local Pi subprocesses and manages isolated worktrees.
Decision evidence
public snapshot- `package.json` defines `postinstall`.
- `scripts/install.mjs` runs Codex marketplace/plugin add commands on global install.
- Installer creates `CODEX_HOME` when set.
- MCP server launches local `pi` RPC subprocesses and writes local run/worktree state.
- Non-global `postinstall` exits before any Codex mutation.
- Installer removes only its own named marketplace before re-adding it.
- No HTTP, socket, download, eval, or dynamic-code loader appears in packaged source.
- Runtime restricts working directories to configured allowed roots and redacts persisted tool-call arguments.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install.mjsView on unpkg · L1