AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface is present. The main residual risk is an explicit/user-invoked agent extension installer and runtime extension framework that can spawn subagents and load extension code.
Decision evidence
public snapshot- dist/extensions/pi-subagents/install.mjs is an explicit installer that clones https://github.com/nicobailon/pi-subagents.git into ~/.pi/agent/extensions/subagent.
- dist/extensions/pi-subagents/install.mjs can run git pull or rmSync on that extension directory when invoked with update/remove modes.
- dist/core/extensions/loader.js dynamically loads user/package extensions via jiti and exposes execCommand to extensions.
- dist/extensions/pi-subagents/src/runs/background/subagent-runner.ts and async-execution.ts spawn child agent processes and write run artifacts.
- package.json has no preinstall/install/postinstall lifecycle scripts; npm install does not auto-run the pi-subagents installer.
- Root bin is only dist/cli.js; dist/extensions/pi-subagents/install.mjs is nested extension tooling, not the package install hook.
- Network endpoints found are package-aligned GitHub clone/download/update or optional session sharing, not credential exfiltration.
- No source evidence of credential harvesting, stealth persistence, destructive broad filesystem actions, or import-time remote payload execution.
Source & flagged code
9 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package source references weak cryptographic algorithms.
dist/extensions/copy-turn.tsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/extensions/pi-subagents/install.mjsView on unpkgPackage source invokes a package manager install command at runtime.
dist/extensions/pi-subagents/install.mjsView on unpkg · L6Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
dist/extensions/hooks/ponytail-statusline.ps1View on unpkg