AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `package.json` runs `cli/hooks/postinstall.js` during install.
- `cli/hooks/postinstall.js` silently warms runtime dependencies in the user data directory.
- `cli/hooks/sqliteRuntime.js` invokes npm install for `better-sqlite3@12.6.2`.
- `src/app/api/cli-tools/codex-settings/route.js` writes `~/.codex/config.toml` and `auth.json` on POST.
- Codex configuration redirects the CLI to a ZevaiRouter provider and replaces API-key mode.
- Postinstall names fixed runtime packages; no arbitrary command or URL input is used.
- Lifecycle hook contains no writes to Codex, Claude, Cursor, or other AI-agent config paths.
- Codex config mutation occurs only through a dashboard POST action, not at install or import time.
- The config route merges/removes package-specific settings and has an explicit reset path.
- No source evidence found of credential exfiltration, remote payload execution, or stealth persistence.
Source & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
cli/app/.next-cli-build/server/chunks/2540.jsView on unpkg · L1RSA private key in cli/app/.next-cli-build/server/chunks/2540.js
cli/app/.next-cli-build/server/chunks/2540.jsView on unpkg · L1Package source references child process execution.
open-sse/handlers/ttsProviders/localDevice.jsView on unpkg · L1Package source references shell execution.
open-sse/handlers/ttsProviders/localDevice.jsView on unpkg · L35Package source references dynamic require/import behavior.
open-sse/translator/index.jsView on unpkg · L32Package source references weak cryptographic algorithms.
src/mitm/cert/install.jsView on unpkg · L2Source writes installer persistence such as shell profile or service configuration.
cli/src/cli/tray/autostart.jsView on unpkg · L3This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
cli/app/src/mitm/server.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
cli/app/src/mitm/server.jsView on unpkg · L24Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
cli/app/src/mitm/server.jsView on unpkg · L24Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
cli/cli.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
cli/app/src/lib/updater/updater.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
cli/src/cli/tray/tray.ps1View on unpkgPackage ships high-entropy non-source blobs.
cli/app/.next-cli-build/static/media/ba9851c3c22cd980-s.woff2View on unpkgRSA private key in cli/app/.next-cli-build/server/chunks/8971.js
cli/app/.next-cli-build/server/chunks/8971.jsView on unpkg · L1