AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package performs install-time Pi agent extension setup and installs third-party Pi/npm extensions. This creates lifecycle risk in an AI-agent control surface, but source inspection did not show exfiltration, stealth persistence, or concrete malware behavior.
Decision evidence
public snapshot- package.json defines postinstall: bash install.sh.
- install.sh runs pi install/npm install for third-party extensions during npm postinstall.
- install.sh copies agents/*.md and prompts/*.md into ~/.pi/agent/agents and ~/.pi/agent/prompts.
- agents/exploit-dev.md grants run_command/write_to_file for local PoC execution.
- prompts/hunt.md and prompts/harness.md orchestrate auditor/exploit/patch subagents.
- No package JavaScript entrypoint, main/module/bin, or import-time code found.
- No credential harvesting, destructive commands, shell profile edits, persistence, or exfiltration found.
- Only network endpoint in package-owned source is preview.is documentation/API-key notice; install endpoints are package manager specs.
- Agent/prompts are security-workflow aligned and user-invoked after install.
- install.sh exits if pi is absent and suppresses failed dependency fallback installs.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg