AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package activates as a Pi extension and writes a first-party Pi-vcc settings file when loaded. It also patches the host Agent prototype to resume interrupted Pi sessions.
Decision evidence
public snapshot- `package.json` declares `./index.ts` as a Pi extension entrypoint.
- `index.ts` calls `scaffoldSettings()` on extension activation.
- `src/core/settings.ts` creates or updates Pi-vcc config under the agent directory.
- `src/core/invisible-continue.ts` monkey-patches `Agent.prototype` and can call `prompt([])`.
- No npm lifecycle scripts are declared in `package.json`.
- No network client, endpoint, shell execution, eval, or dynamic module loading was found.
- Filesystem reads are limited to the configured Pi-vcc config and active session files.
- Writes are limited to first-party Pi-vcc configuration and opt-in `/tmp/pi-vcc-debug.json`.
Source & flagged code
3 flagged · loading source`package.json` declares `./index.ts` as a Pi extension entrypoint.
package.jsonView on unpkg`src/core/settings.ts` creates or updates Pi-vcc config under the agent directory.
src/core/settings.tsView on unpkg`src/core/invisible-continue.ts` monkey-patches `Agent.prototype` and can call `prompt([])`.
src/core/invisible-continue.tsView on unpkg