registry  /  @minhduydev/mdpi  /  1.0.0

@minhduydev/mdpi@1.0.0

CLI to scaffold and manage a Pi coding-agent kit (.pi/) in any repo

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is a Pi coding-agent kit scaffold CLI. The main unresolved risk is first-party agent extension lifecycle behavior: after a user runs mdpi init and starts pi, a bundled extension patches a global Pi/VCC config and injects agent instructions.

Static reason
No blocking static signals were detected.
Trigger
User runs mdpi init, then starts pi in the project; mdpi install is an explicit separate command.
Impact
Can alter Pi agent behavior for context compaction and add persistent agent policy text, but no evidence of exfiltration, malware payloads, or npm install-time hijack.
Mechanism
project-local agent kit setup with global VCC config mutation and prompt injection hook
Rationale
Static inspection did not show malicious install-time execution, credential theft, exfiltration, or remote payload execution. Because the package ships an agent extension that mutates a global Pi config and injects prompt policy after explicit setup, it fits guarded first-party agent extension lifecycle risk rather than publish-block malware.
Evidence
package.jsondist/index.jsdist/template/.pi/settings.jsondist/template/.pi/extensions/context-optimizer.tsdist/template/.pi/extensions/memory.tsdist/template/.pi/scripts/gc-check.sh.pi/**~/.pi/agent/pi-vcc-config.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/template/.pi/extensions/context-optimizer.ts writes PI_VCC_CONFIG_PATH or ~/.pi/agent/pi-vcc-config.json on pi session_start.
  • dist/template/.pi/extensions/context-optimizer.ts injects a context-optimization system prompt on before_agent_start.
  • dist/template/.pi/settings.json auto-loads bundled extensions including ./extensions/context-optimizer.ts after mdpi init.
  • dist/index.js mdpi install explicitly spawns pi install for package ids declared in .pi/settings.json and .pi/packages.json.
Evidence against
  • package.json has no preinstall/install/postinstall scripts; only prepublishOnly build/typecheck.
  • dist/index.js exposes user-invoked CLI commands; init copies a bundled .pi kit into the current project.
  • No fetch/http client code or hardcoded exfiltration endpoint found in executable CLI.
  • dist/template/.pi/scripts/gc-check.sh is a local validation script using grep/find/wc and mdpi lint.
  • Memory extension stores repo-local .pi/memory files and includes secret scanning before writes.
  • No credential harvesting, destructive install-time behavior, native binary loading, eval, or remote payload execution found.
Behavioral surface
Source
ChildProcessCryptoFilesystemShell
Supply chain
HighEntropyStrings
Manifest
WildcardDependency
scanned 1 file(s), 68.7 KB of source

Source & flagged code

3 flagged · loading source
dist/template/.pi/scripts/gc-check.shView file
path = dist/template/.pi/scripts/gc-check.sh kind = payload_in_excluded_dir sizeBytes = 3694 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

dist/template/.pi/scripts/gc-check.shView on unpkg
path = dist/template/.pi/scripts/gc-check.sh kind = build_helper sizeBytes = 3694 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/template/.pi/scripts/gc-check.shView on unpkg
dist/template/.pi/skills/security-and-hardening/SKILL.mdView file
135patternName = generic_password severity = medium line = 135 matchedText = console.... });
Medium
Secret Pattern

Hardcoded password in dist/template/.pi/skills/security-and-hardening/SKILL.md

dist/template/.pi/skills/security-and-hardening/SKILL.mdView on unpkg · L135

Findings

1 High4 Medium4 Low
HighPayload In Excluded Dirdist/template/.pi/scripts/gc-check.sh
MediumShips Build Helperdist/template/.pi/scripts/gc-check.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
MediumSecret Patterndist/template/.pi/skills/security-and-hardening/SKILL.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings