AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an agent runtime with user-invoked setup, marketplace, web bridge, and update features, but install-time behavior is inert guidance only.
Decision evidence
public snapshot- dist/core/host-exports/export.js can write marker-bearing slash commands into existing ~/.claude/commands and ~/.pi/agent/prompts on CLI runs
- dist/clients/web/server.js exposes a user-invoked local bridge that can run exec/file/http SourceRequests
- dist/core/bootstrap.js clones the official marketplace on first non-help CLI run
- scripts/postinstall.mjs only prints setup guidance and exits; no install-time file/control-surface mutation
- Host command exports are skipped for help/bare boot, require existing host roots, and avoid clobbering markerless user files
- Web server binds 127.0.0.1 by default and requires --token for non-loopback hosts
- Agent/runtime, marketplace bootstrap, self-update, and web bridge behavior are package-aligned and documented in README/help
- No credential harvesting, destructive persistence, hidden exfiltration, obfuscated payload, or remote code execution during install/import found
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
dist/clients/web/web-cmd.jsView on unpkg · L12Package source references shell execution.
dist/clients/attach/slash-commands.jsView on unpkg · L362Package source references dynamic require/import behavior.
dist/clients/attach/config-load.jsView on unpkg · L124Package source references weak cryptographic algorithms.
dist/builtin-pi-packages/pi-crtr-extensions/extensions/crouter-help.tsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/core/self-update.jsView on unpkg · L23Package ships high-entropy non-source blobs.
dist/web-client/assets/martian-mono-latin-wght-normal-5W32yIyr.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/clients/attach/attach-cmd.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/core/runtime/broker.jsView on unpkg