registry  /  @agegr/pi-web  /  0.7.10

@agegr/pi-web@0.7.10

Web UI for the pi coding agent

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a user-invoked local web UI for pi agent sessions with package-aligned local file/session/model controls.

Static reason
No blocking static signals were detected.
Trigger
User runs pi-web CLI or starts the Next app.
Impact
Local agent session and project data can be viewed or managed through the intended UI; no stealth install-time behavior found.
Mechanism
Local Next.js web UI for pi coding agent state
Rationale
Source inspection shows no lifecycle execution, remote code retrieval, credential exfiltration, persistence, or unconsented install-time agent control mutation. The risky primitives are explicit runtime features of a local web UI for the pi coding agent and are documented/package-aligned.
Evidence
package.jsonbin/pi-web.jsREADME.mdnext.config.ts.next/server/app/favicon.ico.body.next/app-path-routes-manifest.json~/.pi/agent/sessionsmodels.json
Network endpoints4
localhost:30141github.com/agegr/pi-web#readmegithub.com/agegr/pi-web/issuesraw.githubusercontent.com/agegr/pi-web/main/docs/screenshot2.png

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/pi-web.js spawns Next.js and auto-opens a local URL when explicitly run via the pi-web CLI.
  • Built .next API routes include local file/session/model/skill management for the pi coding agent, including git worktree commands.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only a user-invoked bin entrypoint.
  • bin/pi-web.js only starts bundled Next app with process.execPath and opens http://localhost:<port>; no remote payload download or exfiltration.
  • README.md documents local pi session/model/file access as the package purpose.
  • .next/server/app/favicon.ico.body is a valid 512x512 PNG favicon, not an executable payload.
  • Search found no unconsented AI-agent control-surface mutation at install/import time.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.55 KB of source

Source & flagged code

2 flagged · loading source
.next/server/app/favicon.ico.bodyView file
path = .next/server/app/favicon.ico.body kind = high_entropy_blob sizeBytes = 22542 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

.next/server/app/favicon.ico.bodyView on unpkg
path = .next/server/app/favicon.ico.body kind = payload_in_excluded_dir sizeBytes = 22542 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.next/server/app/favicon.ico.bodyView on unpkg

Findings

2 High2 Medium2 Low
HighShips High Entropy Blob.next/server/app/favicon.ico.body
HighPayload In Excluded Dir.next/server/app/favicon.ico.body
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem