AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked `recipes install` command can install this package's Pi extension and create a recipe-local MCP configuration. Pi activation can load a user-selected recipe extension; no unconsented npm lifecycle mutation was found.
Decision evidence
public snapshot- `dist/cli.js` auto-runs `pi install npm:@introspection-ai/pi-recipes` during `recipes install` unless disabled.
- `dist/recipe-mcp-config.js` creates recipe `.pi/mcp.local.json` with bearer-token placeholders.
- `dist/pi-extension.js` loads a selected recipe extension through Jiti when the Pi extension is activated.
- `dist/recipe-telemetry.js` POSTs install/publish metadata to `pi.recipes` unless opted out.
- `package.json` has no install, preinstall, or postinstall lifecycle hook; `prepublishOnly` is publish-time only.
- Extension setup is reached only by explicit `recipes setup` or `recipes install`, not npm installation.
- Telemetry payload is limited to recipe/package metadata and has documented opt-out environment variables.
- No source evidence of credential harvesting, destructive behavior, stealth persistence, or remote payload execution.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/pi-extension.jsView on unpkg · L16Package ships native binary artifacts.
vendor/recipe-check/win32-x64/recipe-check.exeView on unpkgPackage ships non-JavaScript build or shell helper files.
harbor/pi_recipe_agent.pyView on unpkgPackage contains source files above the static scanner size ceiling.
dist/mcp-run-worker.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/mcp-daemon.jsView on unpkg