AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This Pi extension creates package-owned orchestration config/state and can start persistent user-systemd agent workers. It also offers explicit update commands for related adapters. No unconsented install-time behavior or remote exfiltration is established.
Decision evidence
public snapshot- `src/index.ts` is a Pi extension that loads on session start and manages agent workers.
- `src/index.ts` can launch user-systemd worker units for Pi, Codex, Claude, or OpenCode.
- `src/updates.ts` generates npm/pi/git update commands, executed only by `agent_fleet update` with `execute=true`.
- `src/opencode-peer-launcher.mjs` starts a local OpenCode server and writes package-owned peer state.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- No remote HTTP endpoint, credential exfiltration, eval/vm, or dynamic remote payload loading was found.
- The peer launcher connects only to localhost (`127.0.0.1`) and uses generated local credentials.
- Destructive operations are scoped to recorded worker units and package-owned Intercom state paths.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
src/agent-fleet-cli.mjsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/opencode-peer-launcher.mjsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
examples/opencode-manager-env.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/index.tsView on unpkg