AI Security Review
scanned 20h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code registers a package-supplied extension in the user's Cell agent extension directory. This is first-party agent extension setup, not confirmed foreign control-surface hijack.
Decision evidence
public snapshot- package.json postinstall runs automatically on install
- postinstall creates ~/.cell/agent/extensions and copies .pi/extensions/fivo.ts to fivo.ts there
- postinstall removes legacy ~/.cell/extensions/fivo.ts if present
- fivo.ts registers Cell agent commands/providers/hooks and can set active tools
- Lifecycle writes are scoped to package-declared piConfig configDir .cell, not Claude/Codex/Cursor/MCP config
- No postinstall network access or remote payload fetch observed
- fivo.ts network use is runtime embedding API configured from user vault, not install-time exfiltration
- fivo.ts redacts common secrets before memory capture
- dist/core/extensions/loader.js dynamic loading is the package extension system
Source & flagged code
11 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils/shell.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
examples/extensions/doom-overlay/doom/build/doom.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/config.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/core/footer-data-provider.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/core/tools/bash.jsView on unpkg