AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `.next/server/app/api/skills/install/route.js` accepts a package name and runs `npx skills add <package> -y --agent pi`.
- The install route supports global or project scope, enabling pi agent-skill installation from the web UI.
- `.next/server/app/api/skills/update/route.js` also invokes npx to update installed skills.
- `package.json` defines no preinstall, install, postinstall, or prepare lifecycle hook.
- `bin/pi-web.js` only launches the packaged Next server and optionally opens its local URL.
- `bin/pi-web-options.js` defaults to port 30141; README describes this as a local pi-agent UI.
- No package-owned credential harvesting, exfiltration endpoint, eval, or stealth persistence was confirmed.
- `.next/server/app/favicon.ico.body` is a valid PNG image, not an executable payload.
Source & flagged code
3 flagged · loading sourcePackage ships high-entropy non-source blobs.
.next/server/app/favicon.ico.bodyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.next/server/app/favicon.ico.bodyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/pi-web.jsView on unpkg