AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence against
- package.json has no preinstall/install/postinstall hook; only publish-time scripts.
- dist/index.js registers a Pi extension; commands activate runtime behavior.
- dist/bootstrap.js loads flow/review modules only through Pi commands or session events.
- dist/shared/config.js defaults reports to loopback 127.0.0.1 and validates configuration.
- dist/report-daemon.js serves local reports with bearer and per-report capability checks.
- No external fetch, credential harvesting, eval, native loading, or foreign-agent config mutation found.
Behavioral surface
SourceChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chainHighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 130 file(s), 1.09 MB of source, external domains: report.invalid, www.w3.org