AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package has broad router/proxy/automation functionality and an install-time runtime dependency warm-up, but inspected behavior is package-aligned and user-facing.
Decision evidence
public snapshot- package.json defines postinstall: node cli/hooks/postinstall.js || exit 0
- cli/hooks/postinstall.js calls runtime helpers that npm-install better-sqlite3, systray2, and playwright into ~/.zevai/runtime and may download Chromium
- src/app/api/cli-tools/codex-settings/route.js can write ~/.codex/config.toml and ~/.codex/auth.json when its POST route is used
- Lifecycle helper package names/versions are hardcoded package-aligned runtime deps, not remote script URLs
- postinstall failures are non-fatal and no credential/env harvesting or exfiltration logic was found in the inspected hook/CLI helpers
- Codex config writes are exposed behind an explicit dashboard Apply/Reset UI, not lifecycle/import-time mutation
- Network use is aligned with app functions: npm registry update/runtime deps, browser runtime downloads, OAuth/provider proxy/usage endpoints
- Dynamic require in open-sse/translator/index.js only lazily registers local translator modules
- No reviewer/prompt-injection files or unconsented AI-agent control-surface writes were found
Source & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
cli/app/.next-cli-build/server/chunks/42.jsView on unpkg · L1RSA private key in cli/app/.next-cli-build/server/chunks/42.js
cli/app/.next-cli-build/server/chunks/42.jsView on unpkg · L1Package source references child process execution.
open-sse/handlers/ttsProviders/localDevice.jsView on unpkg · L1Package source references shell execution.
open-sse/handlers/ttsProviders/localDevice.jsView on unpkg · L35Package source references dynamic require/import behavior.
open-sse/translator/index.jsView on unpkg · L32Package source references weak cryptographic algorithms.
src/mitm/cert/install.jsView on unpkg · L2Source writes installer persistence such as shell profile or service configuration.
cli/src/cli/tray/autostart.jsView on unpkg · L3A single source file combines environment access, network access, and code or shell execution; review context before blocking.
cli/app/src/mitm/server.jsView on unpkg · L24Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
cli/app/src/mitm/server.jsView on unpkg · L24Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
cli/cli.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
cli/app/src/lib/updater/updater.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
cli/src/cli/tray/tray.ps1View on unpkgPackage ships high-entropy non-source blobs.
cli/app/.next-cli-build/static/media/ba9851c3c22cd980-s.woff2View on unpkgThis package version adds a dangerous source file absent from the previous stored version.
cli/app/cli/hooks/camoufoxRuntime.jsView on unpkgRSA private key in cli/app/.next-cli-build/server/chunks/8971.js
cli/app/.next-cli-build/server/chunks/8971.jsView on unpkg · L1