AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-invoked local web UI for pi agent sessions with package-aligned local file/session/model controls.
Static reason
No blocking static signals were detected.
Trigger
User runs pi-web CLI or starts the Next app.
Impact
Local agent session and project data can be viewed or managed through the intended UI; no stealth install-time behavior found.
Mechanism
Local Next.js web UI for pi coding agent state
Rationale
Source inspection shows no lifecycle execution, remote code retrieval, credential exfiltration, persistence, or unconsented install-time agent control mutation. The risky primitives are explicit runtime features of a local web UI for the pi coding agent and are documented/package-aligned.
Evidence
package.jsonbin/pi-web.jsREADME.mdnext.config.ts.next/server/app/favicon.ico.body.next/app-path-routes-manifest.json~/.pi/agent/sessionsmodels.json
Network endpoints4
localhost:30141github.com/agegr/pi-web#readmegithub.com/agegr/pi-web/issuesraw.githubusercontent.com/agegr/pi-web/main/docs/screenshot2.png
Decision evidence
public snapshotAI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
- bin/pi-web.js spawns Next.js and auto-opens a local URL when explicitly run via the pi-web CLI.
- Built .next API routes include local file/session/model/skill management for the pi coding agent, including git worktree commands.
Evidence against
- package.json has no preinstall/install/postinstall hooks; only a user-invoked bin entrypoint.
- bin/pi-web.js only starts bundled Next app with process.execPath and opens http://localhost:<port>; no remote payload download or exfiltration.
- README.md documents local pi session/model/file access as the package purpose.
- .next/server/app/favicon.ico.body is a valid 512x512 PNG favicon, not an executable payload.
- Search found no unconsented AI-agent control-surface mutation at install/import time.
Behavioral surface
ChildProcessEnvironmentVarsFilesystem
Source & flagged code
2 flagged · loading source.next/server/app/favicon.ico.bodyView file
•path = .next/server/app/favicon.ico.body
kind = high_entropy_blob
sizeBytes = 22542
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
.next/server/app/favicon.ico.bodyView on unpkg•path = .next/server/app/favicon.ico.body
kind = payload_in_excluded_dir
sizeBytes = 22542
magicHex = [redacted]
High
Payload In Excluded Dir
Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.next/server/app/favicon.ico.bodyView on unpkgFindings
2 High2 Medium2 Low
HighShips High Entropy Blob.next/server/app/favicon.ico.body
HighPayload In Excluded Dir.next/server/app/favicon.ico.body
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem