registry  /  @agegr/pi-web  /  0.7.8

@agegr/pi-web@0.7.8

Web UI for the pi coding agent

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious install-time, import-time, or hidden payload behavior was found. Runtime capabilities are a local web UI for the pi coding agent and match the package description.

Static reason
No blocking static signals were detected.
Trigger
user runs pi-web CLI or uses local web UI routes
Impact
local session/file/model/skill management when explicitly used
Mechanism
starts Next.js server and exposes package-aligned local pi management APIs
Rationale
Static inspection found powerful local-agent UI primitives, including API key storage, file/session access, git worktree commands, and explicit skill installation, but they are runtime user-invoked and aligned with the documented pi-web purpose. There are no lifecycle hooks, credential exfiltration endpoints, stealth persistence, or executable hidden payloads.
Evidence
package.jsonbin/pi-web.jsnext.config.tsREADME.md.next/server/app/favicon.ico.body.next/server/app/api/skills/install/route.js
Network endpoints4
localhost:30141github.com/agegr/pi-web#readmegithub.com/agegr/pi-web.gitgithub.com/agegr/pi-web/issues

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks
    • bin/pi-web.js only starts bundled Next server and opens local browser URL
    • README.md describes local UI for pi sessions, models, files, skills, and worktrees
    • next.config.ts only reads package versions into public env values
    • API routes with file/session/auth/skill/git access are runtime user-invoked and package-aligned
    • .next/server/app/favicon.ico.body is a PNG header, not an executable payload
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystem
    Supply chainNo supply-chain packaging signals triggered.
    ManifestNo manifest risk signals triggered.
    scanned 2 file(s), 3.18 KB of source

    Source & flagged code

    2 flagged · loading source
    .next/server/app/favicon.ico.bodyView file
    path = .next/server/app/favicon.ico.body kind = high_entropy_blob sizeBytes = 22542 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    .next/server/app/favicon.ico.bodyView on unpkg
    path = .next/server/app/favicon.ico.body kind = payload_in_excluded_dir sizeBytes = 22542 magicHex = [redacted]
    High
    Payload In Excluded Dir

    Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

    .next/server/app/favicon.ico.bodyView on unpkg

    Findings

    2 High2 Medium2 Low
    HighShips High Entropy Blob.next/server/app/favicon.ico.body
    HighPayload In Excluded Dir.next/server/app/favicon.ico.body
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem