registry  /  @nocoo/pew  /  2.25.0

@nocoo/pew@2.25.0

The contribution graph for AI-native developers

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `pew init` command persists notifier integrations in supported AI-agent configuration locations. Subsequent agent lifecycle events can invoke `pew notify`; queued usage/session data is uploaded during logged-in `pew sync`.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `pew init`, then supported AI-agent lifecycle events or `pew sync`.
Impact
Persists hooks in AI-agent configuration and can transmit locally derived usage/session records to the package service.
Mechanism
Explicit agent-hook installation and authenticated telemetry upload.
Rationale
No malicious install-time behavior, stealth payload, credential harvesting, or arbitrary remote execution was found. Flag as a warning because explicit setup persists cross-tool AI-agent hooks and supports authenticated telemetry upload.
Evidence
package.jsondist/cli.jsdist/commands/init.jsdist/commands/upload-engine.jsdist/notifier/codex-notifier.jsdist/notifier/pi-hook.js~/.codex/config.toml~/.config/pew/bin/notify.cjs~/.pi/agent/extensions/pew-sync.ts~/.claude/settings.json~/.gemini/settings.json
Network endpoints2
pew.md/api/ingestpew.md/api/ingest/sessions

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `pew init` explicitly installs notifier hooks for supported AI tools.
  • `dist/notifier/codex-notifier.js` rewrites `~/.codex/config.toml` notify and saves backups.
  • `dist/notifier/pi-hook.js` drops a Pi extension that spawns `pew notify` on session shutdown.
  • `dist/commands/upload-engine.js` POSTs queued records with a saved bearer token.
  • `dist/cli.js` enables upload by default for `pew sync` when logged in.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • Hook installation is reached through the explicit `pew init` command.
  • Uploads require a stored login token; no hidden endpoint or remote code loader was found.
  • Update shell execution is confined to the explicit `pew update` command.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 104 file(s), 430 KB of source, external domains: pew.dev.hexly.ai, pew.md

Source & flagged code

2 flagged · loading source
dist/notifier/pi-hook.jsView file
17import type { ExtensionAPI } from "@mariozechner/pi-coding-agent"; L18: import { spawn } from "node:child_process"; L19:
High
Child Process

Package source references child process execution.

dist/notifier/pi-hook.jsView on unpkg · L17
dist/commands/update.jsView file
26// Fallback to npm if package manager detection fails L27: const command = pm ? getUpdateCommand(pm, PACKAGE_NAME) : `npm install -g ${PACKAGE_NAME}@latest`; L28: try { L29: const { stdout, stderr } = await exec(command); L30: const output = (stdout + stderr).trim();
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/update.jsView on unpkg · L26

Findings

3 High1 Medium3 Low
HighChild Processdist/notifier/pi-hook.js
HighShell
HighRuntime Package Installdist/commands/update.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings