AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Runtime behavior is package-aligned Pi extension UI/status/guardrail functionality, with a local usage file and guarded tool interception.
Decision evidence
public snapshot- extensions/welcome.ts writes token/cost usage to ~/.preapexis/usage.json during Pi runtime
- extensions/guardrails.ts uses execSync only for local git status --porcelain
- scripts/git-release.mjs can run git add/commit/tag/push, but only via explicit npm run git script
- package.json has no preinstall/install/postinstall hooks and no bin entrypoint
- package.json pi manifest points to local extensions/skills/prompts/themes only
- No fetch/HTTP client or exfiltration endpoint in executable source
- guardrails.ts blocks or confirms risky shell/file operations rather than enabling them
- ask-user-tool.ts only registers an interactive user prompt tool
- theme URLs are JSON schema metadata, not runtime download logic
Source & flagged code
3 flagged · loading sourceextensions/welcome.ts writes token/cost usage to ~/.preapexis/usage.json during Pi runtime
extensions/welcome.tsView on unpkgextensions/guardrails.ts uses execSync only for local git status --porcelain
extensions/guardrails.tsView on unpkgscripts/git-release.mjs can run git add/commit/tag/push, but only via explicit npm run git script
scripts/git-release.mjsView on unpkg