AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package performs install-time Pi Agent extension setup. It modifies the user's Pi Agent agent/config surface and installs additional npm/pi packages, but the behavior is aligned with a Pi extension package and no exfiltration or hidden payload execution was found.
Decision evidence
public snapshot- package.json defines postinstall: bash install.sh
- install.sh invokes pi install and fallback npm install --no-save for extension dependencies
- install.sh writes package names into ~/.pi/agent/settings.json when pi install fails
- install.sh creates ~/.pi/agent/agents and copies package agent markdown files there
- agents include workflows that can write and execute local PoC scripts via agent tools
- No obfuscated code, credential harvesting, destructive commands, or remote payload download found
- No import-time JS entrypoint or bin command executes hidden behavior
- Network references are package-aligned npm/pi extension setup and preview.is API-key documentation
- README discloses XPI as Pi Agent security tooling and documents install behavior conceptually
- Prompts instruct asking user for credentials rather than harvesting them
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg