AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code unconditionally installs a package-supplied agent extension into the package's own global agent extension directory. The extension can alter agent prompts and persist local memory, but inspection did not find exfiltration or foreign agent control-surface mutation.
Decision evidence
public snapshot- package.json postinstall copies package file .pi/extensions/fivo.ts into ~/.cell/agent/extensions/fivo.ts on npm install
- package.json piConfig sets configDir to .cell, making the lifecycle target this package's agent namespace
- Copied extension registers before_agent_start/input/agent_end hooks and slash commands
- fivo.ts reads AGENTS.md/CLAUDE.md and ~/.cell memory/vault files, then injects stored context into systemPrompt
- Lifecycle write stays under the package-owned ~/.cell/agent/extensions namespace, not Claude/Codex/Cursor/MCP or shell/VCS persistence
- No credential exfiltration or remote endpoint in .pi/extensions/fivo.ts
- Input hook redacts token patterns instead of transmitting them
- dist/utils/version-check.js has an empty latest-version URL and FIVO CELL comment disabling that check
- Dynamic extension loading in dist/core/extensions/loader.js is core product functionality for user extensions
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkg