AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package has broad AI-agent setup capabilities, but inspected network, shell, file-write, and agent-control behavior is package-aligned and user-invoked.
Decision evidence
public snapshot- User-invoked `install.sh` installs Bun/package and appends `PI_CODING_AGENT_DIR` to shell rc files.
- `scripts/cli.ts` `autodev update` runs npm/bun commands and clears Bun cache only when user runs update.
- `extensions/autodev/installer/init-module.ts` writes AutoDev project files including `AGENTS.md`, `.autodev/*`, `.github/ISSUE_TEMPLATE/*` on explicit `autodev init`.
- `extensions/autodev/docs/seeding.ts` fetches/clones user-configured documentation sources for indexing.
- `package.json` has no preinstall/postinstall lifecycle scripts; executable surface is the `autodev` CLI bin.
- Import/extension entrypoint loads local `.env` and registers pi hooks, but does not install persistence or exfiltrate secrets at import time.
- `extensions/autodev/embeddings.ts` sends document/query text to VoyageAI only when `VOYAGE_API_KEY` is configured; no credential value is sent except API authorization header.
- Child process usage is aligned with setup/update/docs/GitHub workflows and is user-invoked or injectable for tests.
- Scanner secret hit is a dummy redaction test value in `extensions/autodev/debug/__tests__/debug.test.ts`, not a live credential.
Source & flagged code
10 flagged · loading sourcePackage contains a critical-looking secret pattern.
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247GitHub personal access token in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L247Google API key in extensions/autodev/debug/__tests__/debug.test.ts
extensions/autodev/debug/__tests__/debug.test.tsView on unpkg · L246Package source references child process execution.
extensions/autodev/background/manager.tsView on unpkg · L150Package source references shell execution.
extensions/autodev/docs/seeding.tsView on unpkg · L194Package source invokes a package manager install command at runtime.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L181Source writes installer persistence such as shell profile or service configuration.
extensions/autodev/installer/uninstall-module.tsView on unpkg · L23Source combines credential-like environment material and outbound requests; review data flow before blocking.
extensions/autodev/embeddings.tsView on unpkg · L37Source downloads or fetches remote code and executes it.
extensions/autodev/installer/tools.tsView on unpkg · L1