AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time lifecycle code installs a package-supplied agent extension into the user's global ~/.cell agent extension directory. The extension can affect future CELL sessions by injecting local memory/context into prompts and managing active tools.
Decision evidence
public snapshot- package.json postinstall copies .pi/extensions/fivo.ts into ~/.cell/agent/extensions/fivo.ts without prompting.
- package.json piConfig sets configDir to .cell; dist/config.js getAgentDir resolves to ~/.cell/agent.
- .pi/extensions/fivo.ts registers an always-loaded extension that alters prompts with stored memory/context and changes active tools by mode.
- .pi/extensions/fivo.ts persists memory, vault, mode, and theme files under ~/.cell.
- No evidence of network exfiltration in the lifecycle script or fivo extension.
- The lifecycle destination is the package's own configured app namespace, not Claude/Codex/Cursor/MCP or another foreign agent surface.
- Vault writes are user-invoked slash commands and displayed values are masked.
- The extension redacts common API tokens from input before agent processing.
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkg