AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is established. At runtime, this is an agent-workspace plugin loader that discovers configured `.pi` extensions and imports their server modules.
Static reason
No blocking static signals were detected.
Trigger
Host application creates a workspace agent server or reloads configured external plugins.
Impact
A trusted host configuration can cause plugin code to execute; the reviewed package itself does not silently install or mutate foreign agent controls.
Mechanism
Runtime loading of package-owned/external agent plugins and configurable bridge HTTP requests.
Rationale
The source implements a real agent-extension loading capability, but its activation is host/runtime configuration driven and no concrete malicious behavior was found. Flag as a guarded lifecycle risk rather than malicious.
Evidence
package.jsondist/app-server.jsdist/server.jsdist/bridge-client.js
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/app-server.js` discovers external `.pi` plugin directories and settings, including `~/.pi/agent`.
- `dist/server.js` dynamically imports configured plugin server paths for hot reload.
- `dist/server.js` writes only plugin-local `.boring-signature.json` and `.error` state.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- No child-process execution, credential harvesting, or hard-coded third-party exfiltration endpoint was found.
- Bridge token refresh in `dist/bridge-client.js` uses caller-provided environment URL/token configuration.
- Plugin path handling includes containment checks and rejects unsafe relative package paths.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/WorkspaceProvider-kf-pjz6V.jsView file
2847}
L2848: const Po = () => import("./FileTree-zGmxifl_.js").then((e) => ({ default: e.FileTree }));
L2849: function Mc() {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/WorkspaceProvider-kf-pjz6V.jsView on unpkg · L2847Findings
3 Medium4 Low
MediumDynamic Requiredist/WorkspaceProvider-kf-pjz6V.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings