registry  /  @nocoo/pew  /  2.23.8

@nocoo/pew@2.23.8

Superseded by 2.24.1 (grok support + reasoning tokens end-to-end). Run: npm i -g @nocoo/pew@latest

The contribution graph for AI-native developers

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a CLI for parsing local AI-tool usage, installing opt-in notifier hooks, and uploading records to Pew endpoints after login.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user CLI commands such as `pew sync`, `pew login`, `pew init`, `pew update`, or hook-triggered `pew notify` after init.
Impact
Local AI usage/session metadata may be queued and uploaded to Pew when the user logs in and syncs; AI-tool config files may be modified only by init/uninstall commands.
Mechanism
User-invoked telemetry sync and notifier-hook installation
Rationale
The suspicious primitives are package-aligned and activated by explicit CLI commands or previously installed user-invoked hooks. Static inspection found no install-time execution, hidden exfiltration, remote payload loading, or unconsented AI-agent control mutation.
Evidence
package.jsondist/bin.jsdist/cli.jsdist/commands/login.jsdist/commands/update.jsdist/commands/upload-engine.jsdist/notifier/pi-hook.jsdist/notifier/codex-notifier.jsdist/notifier/openclaw-hook.jsdist/notifier/notify-handler.js
Network endpoints5
pew.mdpew.dev.hexly.ai/api/auth/code/verify/api/ingest/api/ingest/sessions

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/commands/update.js runs a package-manager update command, but only from explicit `pew update`.
  • dist/notifier/* writes AI-tool hooks/configs, but only from explicit `pew init`.
  • dist/commands/upload-engine.js uploads queued local usage/session records with bearer token to configured Pew API.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • dist/bin.js only invokes the CLI main command; importing dist/index.js only exports main.
  • Network hosts are product-aligned: https://pew.md and https://pew.dev.hexly.ai.
  • Hook payloads run `pew notify --source=...` for session sync, not arbitrary remote code.
  • No credential harvesting beyond user login token stored by ConfigManager and sent as Authorization to Pew endpoints.
  • No obfuscation, downloader, persistence outside documented notifier hooks, or destructive behavior found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 93 file(s), 376 KB of source, external domains: pew.dev.hexly.ai, pew.md

Source & flagged code

2 flagged · loading source
dist/notifier/pi-hook.jsView file
17import type { ExtensionAPI } from "@mariozechner/pi-coding-agent"; L18: import { spawn } from "node:child_process"; L19:
High
Child Process

Package source references child process execution.

dist/notifier/pi-hook.jsView on unpkg · L17
dist/commands/update.jsView file
26// Fallback to npm if package manager detection fails L27: const command = pm ? getUpdateCommand(pm, PACKAGE_NAME) : `npm install -g ${PACKAGE_NAME}@latest`; L28: try { L29: const { stdout, stderr } = await exec(command); L30: const output = (stdout + stderr).trim();
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/update.jsView on unpkg · L26

Findings

3 High1 Medium3 Low
HighChild Processdist/notifier/pi-hook.js
HighShell
HighRuntime Package Installdist/commands/update.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings