registry  /  @monotykamary/pi-vcc  /  0.7.1

@monotykamary/pi-vcc@0.7.1

Algorithmic conversation compactor for pi - transcript-preserving structured summaries, no LLM calls

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package activates as a Pi extension and writes a first-party Pi-vcc settings file when loaded. It also patches the host Agent prototype to resume interrupted Pi sessions.

Static reason
No blocking static signals were detected.
Trigger
Pi loads the declared `./index.ts` extension; continuation runs after relevant compaction events.
Impact
Can change Pi extension configuration and agent-loop behavior, but no exfiltration, remote payload, or destructive action is established.
Mechanism
first-party extension setup plus Agent prototype continuation patch
Rationale
Source inspection shows package-aligned Pi extension behavior but confirms activation-time first-party agent configuration mutation and host-agent prototype patching. No concrete malicious chain was found.
Evidence
package.jsonindex.tssrc/core/settings.tssrc/core/invisible-continue.tssrc/hooks/before-compact.tssrc/core/load-messages.tssrc/tools/recall.ts~/.pi/agent/pi-vcc-config.json/tmp/pi-vcc-debug.json

Decision evidence

public snapshot
AI called this Suspicious at 85.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` declares `./index.ts` as a Pi extension entrypoint.
  • `index.ts` calls `scaffoldSettings()` on extension activation.
  • `src/core/settings.ts` creates or updates Pi-vcc config under the agent directory.
  • `src/core/invisible-continue.ts` monkey-patches `Agent.prototype` and can call `prompt([])`.
Evidence against
  • No npm lifecycle scripts are declared in `package.json`.
  • No network client, endpoint, shell execution, eval, or dynamic module loading was found.
  • Filesystem reads are limited to the configured Pi-vcc config and active session files.
  • Writes are limited to first-party Pi-vcc configuration and opt-in `/tmp/pi-vcc-debug.json`.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 34 file(s), 179 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
Published source reference
Medium
Ai Review Evidence

`package.json` declares `./index.ts` as a Pi extension entrypoint.

package.jsonView on unpkg
src/core/settings.tsView file
Published source reference
Medium
Ai Review Evidence

`src/core/settings.ts` creates or updates Pi-vcc config under the agent directory.

src/core/settings.tsView on unpkg
src/core/invisible-continue.tsView file
Published source reference
Medium
Ai Review Evidence

`src/core/invisible-continue.ts` monkey-patches `Agent.prototype` and can call `prompt([])`.

src/core/invisible-continue.tsView on unpkg

Findings

5 Medium4 Low
MediumEnvironment Vars
MediumAi Review Evidencepackage.json
MediumAi Review Evidence
MediumAi Review Evidencesrc/core/settings.ts
MediumAi Review Evidencesrc/core/invisible-continue.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License