AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The Pi extension creates a first-party LSP starter config on session start when no config exists. It can later execute user-configured LSP servers, including an `npx` fallback; no autonomous malicious chain is established.
Decision evidence
public snapshot- `extensions/lsp/index.ts` runs config scaffolding at Pi session start.
- `extensions/lsp/config.ts` writes `~/.pi/agent/extensions/lsp/config.json` if no global or project config exists.
- `extensions/lsp/protocol.ts` spawns configured LSP commands; `effects/command.ts` may invoke `npx --yes`.
- `package.json` has no preinstall/install/postinstall hooks.
- Starter server entries are all `disabled: true`; no server auto-starts by default.
- Commands and environment overrides come from user-controlled Pi config files.
- No HTTP/network client, credential harvesting, payload download, or destructive file operations found.
Source & flagged code
3 flagged · loading source`extensions/lsp/index.ts` runs config scaffolding at Pi session start.
extensions/lsp/index.tsView on unpkg`extensions/lsp/config.ts` writes `~/.pi/agent/extensions/lsp/config.json` if no global or project config exists.
extensions/lsp/config.tsView on unpkg`extensions/lsp/protocol.ts` spawns configured LSP commands; `effects/command.ts` may invoke `npx --yes`.
extensions/lsp/protocol.tsView on unpkg