registry  /  @introspection-ai/pi-recipes  /  0.10.2

@introspection-ai/pi-recipes@0.10.2

Local session tooling for package-based workflows.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked `recipes install` command can install this package's Pi extension and create a recipe-local MCP configuration. Pi activation can load a user-selected recipe extension; no unconsented npm lifecycle mutation was found.

Static reason
No blocking static signals were detected.
Trigger
User runs `recipes install <source>`, `recipes setup`, or launches Pi with a selected recipe.
Impact
Creates package-aligned agent configuration and can execute selected recipe extension code; sends opt-out telemetry metadata.
Mechanism
First-party Pi extension setup, recipe-extension loading, and local MCP config materialization.
Rationale
Source inspection found first-party Pi extension setup and recipe-local AI-agent configuration on explicit CLI use, plus opt-out metadata telemetry. No npm install hook or concrete credential theft, destructive action, stealth persistence, or unconsented foreign control-surface mutation was present.
Evidence
package.jsondist/cli.jsdist/pi-extension.jsdist/recipe-mcp-config.jsdist/recipe-telemetry.jsdist/recipe-store.js.pi/mcp.local.json.pi/agents/<runId>/status.json
Network endpoints2
pi.recipes/api/installspi.recipes/api/catalog/recipes

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js` auto-runs `pi install npm:@introspection-ai/pi-recipes` during `recipes install` unless disabled.
  • `dist/recipe-mcp-config.js` creates recipe `.pi/mcp.local.json` with bearer-token placeholders.
  • `dist/pi-extension.js` loads a selected recipe extension through Jiti when the Pi extension is activated.
  • `dist/recipe-telemetry.js` POSTs install/publish metadata to `pi.recipes` unless opted out.
Evidence against
  • `package.json` has no install, preinstall, or postinstall lifecycle hook; `prepublishOnly` is publish-time only.
  • Extension setup is reached only by explicit `recipes setup` or `recipes install`, not npm installation.
  • Telemetry payload is limited to recipe/package metadata and has documented opt-out environment variables.
  • No source evidence of credential harvesting, destructive behavior, stealth persistence, or remote payload execution.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 34 file(s), 867 KB of source, external domains: github.com, pi.recipes
Oversized source lightweight scan
dist/mcp-daemon.js2.82 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsCryptoHighEntropyStrings
dist/mcp-run-worker.js2.81 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsCryptoHighEntropyStrings

Source & flagged code

5 flagged · loading source
dist/pi-extension.jsView file
16const COMPLETION_DELIVERY_RETRY_MS = 100; L17: const require = createRequire(import.meta.url); L18: class RecipeLaunchError extends Error {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/pi-extension.jsView on unpkg · L16
vendor/recipe-check/win32-x64/recipe-check.exeView file
path = vendor/recipe-check/win32-x64/recipe-check.exe kind = native_binary sizeBytes = 1990656 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

vendor/recipe-check/win32-x64/recipe-check.exeView on unpkg
harbor/pi_recipe_agent.pyView file
path = harbor/pi_recipe_agent.py kind = build_helper sizeBytes = 16236 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

harbor/pi_recipe_agent.pyView on unpkg
dist/mcp-run-worker.jsView file
path = dist/mcp-run-worker.js kind = oversized_source_file sizeBytes = 2951645 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/mcp-run-worker.jsView on unpkg
dist/mcp-daemon.jsView file
path = dist/mcp-daemon.js kind = oversized_cli_entrypoint sizeBytes = 2962063 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/mcp-daemon.jsView on unpkg

Findings

1 High6 Medium5 Low
HighOversized Source Filedist/mcp-run-worker.js
MediumDynamic Requiredist/pi-extension.js
MediumEnvironment Vars
MediumShips Native Binaryvendor/recipe-check/win32-x64/recipe-check.exe
MediumShips Build Helperharbor/pi_recipe_agent.py
MediumOversized Cli Entrypointdist/mcp-daemon.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings