AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package uses an npm postinstall hook to install a bundled FIVO CELL extension into the user's ~/.cell agent extension directory. The extension adds memory, vault, prompt-context, tool-mode, and provider features inside that agent platform.
Decision evidence
public snapshot- package.json postinstall copies .pi/extensions/fivo.ts into ~/.cell/agent/extensions/fivo.ts
- postinstall also deletes legacy ~/.cell/extensions/fivo.ts if present
- Installed extension injects before_agent_start system prompt context and mode instructions
- Extension can enable bash/write/edit tools via code/aim modes and persists memory/vault/settings under ~/.cell
- Extension may send memory text to https://api.openai.com/v1/embeddings when a vault API key is configured
- Writes are confined to package-aligned .cell/pi agent namespace declared by piConfig configDir .cell
- No install-time network, shell startup, VCS hook, autostart, or foreign Claude/Codex/Cursor/MCP control-surface mutation found
- Embedding network use is runtime and gated on user-provided vault key
- dist/cli.js only sets process title/env and calls main
- Dynamic extension loading in dist/core/extensions/loader.js is the platform's extension mechanism
Source & flagged code
7 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/modes/interactive/interactive-mode.jsView on unpkg