AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time lifecycle code installs a bundled extension into the user's home .cell extension directory. The extension adds memory, vault, prompt-injection, mode, and slash-command behavior inside the package's apparent first-party agent platform.
Decision evidence
public snapshot- package.json postinstall runs automatically on npm install
- postinstall creates ~/.cell/extensions and copies .pi/extensions/fivo.ts there
- Bundled fivo.ts registers extension hooks and slash commands for the agent runtime
- fivo.ts reads/writes ~/.cell memory/vault/mode/theme files and can inject local AGENTS.md/CLAUDE.md into prompts
- Lifecycle hook does not fetch remote code or contact a network endpoint
- No credential exfiltration found; vault values stay local and are displayed masked
- Mutation target is ~/.cell, matching package piConfig configDir and CLI namespace
- No Claude/Codex/Cursor/MCP config write found in inspected install path
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkg