registry  /  @getpipher/vision  /  0.2.0

@getpipher/vision@0.2.0

Capability-aware vision + paste extension for the pi coding agent. Delegates image analysis to a vision model only when the active primary model is text-only; passes images through natively for multimodal models (zero delegation).

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a pi coding-agent vision extension that reads user-specified images, optionally caches model responses, and delegates analysis to a user-configured vision model.

Static reason
No blocking static signals were detected.
Trigger
pi session_start/model_select events, user /vision commands, or describe_image tool invocation
Impact
Expected extension behavior; no install-time mutation or unconsented broad agent control-surface hijack found
Mechanism
capability-gated vision delegation and local config/cache management
Rationale
Static inspection shows package-aligned extension behavior with user/config-driven network delegation and local config/cache writes, but no lifecycle execution, credential/file harvesting, persistence, or hardcoded exfiltration. The wildcard peer/dev dependencies are supply-chain hygiene noise, not malicious behavior in this package source.
Evidence
package.jsonextensions/vision.tsextensions/paste.tslib/delegate.tslib/config.tslib/cache.tslib/image.tslib/capability.tslib/resilience.tsgetAgentDir()/vision.jsongetAgentDir()/vision-cache/*.jsonuser-supplied image paths

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks or bin entrypoint
    • extensions/vision.ts registers pi tools, commands, and shortcut; activation is session/user-command driven
    • lib/delegate.ts sends user-supplied image data only to configured model baseUrl /chat/completions from the pi model registry
    • lib/config.ts writes only getAgentDir()/vision.json after /vision setting changes
    • lib/cache.ts optionally stores successful descriptions in getAgentDir()/vision-cache content-addressed JSON files
    • No child_process, eval, dynamic require/import, credential harvesting, destructive actions, or hardcoded exfiltration endpoint found
    Behavioral surface
    Source
    ChildProcessCryptoFilesystemNetwork
    Supply chain
    HighEntropyStrings
    Manifest
    WildcardDependency
    scanned 8 file(s), 75.1 KB of source

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    2 Medium3 Low
    MediumNetwork
    MediumWildcard Dependency
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings