AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior or exfiltration was found. The package does provide a first-party Rig agent harness that can materialize agent hooks, native runtime tools, and Pi extension settings when invoked by Rig workflows or CLI commands.
Decision evidence
public snapshot- dist/src/session-hook-materializer-service.js can write plugin-marked hooks into project .claude/settings.json.
- dist/src/pi-command.js explicit `rig pi add/remove` mutates project .pi/settings.json.
- dist/src/tooling/file-tools.js and shell-tools.js copy shipped native rig-tools/rig-shell into runtime bin paths.
- dist/src/plugin.js registers provider-owned agent/tool seed entrypoints that spawn Rig runtime helpers.
- package.json defines no preinstall/install/postinstall lifecycle scripts.
- Default export is a Rig plugin registration; risky paths are capability/CLI invoked, not import-time execution.
- Network use seen is npm registry search in `rig pi search` and Rig steering fetch in runtime wrapper, not credential exfiltration.
- Agent commands require Rig runtime context/baked task context before workspace operations.
- .claude hook writes preserve non-plugin hooks and mark managed plugin entries.
Source & flagged code
3 flagged · loading sourceSource writes persistence or remote-access backdoor material.
dist/src/agent-harness/rig-agent.jsView on unpkg · L15A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/src/agent-harness/rig-agent.jsView on unpkg · L15