AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a Pi extension that mutates Pi UI methods during extension runtime. It scaffolds only its own configuration and has an opt-in local render-trace writer. No concrete malicious chain or network exfiltration is established.
Static reason
No blocking static signals were detected.
Trigger
Pi loads the declared extension and starts a session; tracing additionally requires `PI_UI_TWEAKS_RENDER_TRACE=1`.
Impact
Changes Pi interface behavior and creates package-owned local configuration; optional trace output is local metadata.
Mechanism
first-party Pi extension runtime patching and config scaffolding
Rationale
Source inspection found package-aligned UI customization and limited first-party configuration writes, but no install hook, exfiltration, remote execution, destructive action, or foreign control-surface mutation. Downgrade to warn for the extension lifecycle/config mutation policy.
Evidence
package.jsonsrc/index.tssrc/settings.tssrc/render-trace.tssrc/model-selector-provider-badge.ts
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Benign with medium false-positive risk.
Evidence for warning
- `src/index.ts` registers a Pi extension that patches Pi UI prototypes at runtime.
- `src/settings.ts` creates and refreshes first-party Pi UI-tweaks config/schema files on session start.
- `src/render-trace.ts` can write trace metadata when `PI_UI_TWEAKS_RENDER_TRACE=1` is explicitly set.
Evidence against
- `package.json` has no npm lifecycle scripts or executable bin.
- No network, child-process, eval, shell, credential harvesting, or exfiltration APIs found.
- `src/model-selector-provider-badge.ts` dynamically imports a resolved Pi theme module only for UI badge styling.
- Project config is read only when Pi reports the project trusted.
Behavioral surface
DynamicRequireEnvironmentVarsFilesystem
Source & flagged code
1 flagged · loading sourcesrc/model-selector-provider-badge.tsView file
126const themePath = pathToFileURL(join(distDir, "modes/interactive/theme/theme.js")).href;
L127: const themeModule: unknown = (await import(themePath)) as unknown;
L128: const theme = getUnknownProperty(themeModule, "theme");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/model-selector-provider-badge.tsView on unpkg · L126Findings
2 Medium1 Low
MediumDynamic Requiresrc/model-selector-provider-badge.ts
MediumEnvironment Vars
LowFilesystem