registry  /  @chendpoc/pi-memory  /  0.1.12

@chendpoc/pi-memory@0.1.12

Local episodic memory for Pi coding agent — knowledge graph + memory_recall tool + implicit preflight

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package implements a local Pi memory extension/CLI with user-invoked training, local bundle management, optional LLM calls, and a memory append tool aligned with the README.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Pi extension session_start/context hooks or explicit pi-memory CLI/tool commands
Impact
User-approved memory indexing and context injection; no confirmed unauthorized exfiltration or install-time execution
Mechanism
local memory recall/training with optional configured LLM requests
Rationale
The risky primitives are package-aligned and activated by Pi extension lifecycle or explicit CLI/tool use, not by npm install/import. Static inspection found no concrete malicious behavior beyond documented local memory and optional LLM functionality.
Evidence
package.jsondist/index.jsdist/cli.jssrc/service.tssrc/pi-extension.tssrc/sidecar/process.tssrc/sidecar/client.tssrc/adapters/openaiCompatClient.tssrc/adapters/ollamaClient.tssrc/adapters/piComplete.tssrc/tools/memoryAppend.tssrc/bundle/install.ts
Network endpoints2
localhost:11434localhost:8000

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • src/adapters/openaiCompatClient.ts posts prompts to configured OpenAI-compatible baseUrl with optional apiKey
  • src/adapters/piComplete.ts can read provider API keys from process.env for explicit LLM extractor/client use
  • src/sidecar/process.ts can spawn configured tlm binary at runtime if available
  • src/tools/memoryAppend.ts appends to configured MEMORY.md via registered tool
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts
  • dist/index.js only re-exports modules; no import-time execution observed
  • src/service.ts starts only on extension/session or CLI use and falls back to local graph query
  • src/trainer/sessionLoader.ts reads local Pi session files for documented memory training
  • src/bundle/install.ts validates manifest paths before copying bundle files
  • No credential harvesting, persistence, destructive behavior, or unprompted exfiltration found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
Manifest
WildcardDependency
scanned 79 file(s), 383 KB of source

Source & flagged code

1 flagged · loading source
src/service.tsView file
matchType = previous_version_dangerous_delta matchedPackage = @chendpoc/pi-memory@0.1.11 matchedIdentity = npm:QGNoZW5kcG9jL3BpLW1lbW9yeQ:0.1.11 similarity = 0.872 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

src/service.tsView on unpkg

Findings

1 Critical3 Medium3 Low
CriticalPrevious Version Dangerous Deltasrc/service.ts
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings