AI Security Review
scanned 20h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Unconsented npm lifecycle setup installs a package-owned CELL extension into ~/.cell. This is powerful agent-extension lifecycle behavior, but source evidence keeps it inside the package-declared first-party namespace.
Decision evidence
public snapshot- package.json postinstall creates ~/.cell/agent/extensions and copies .pi/extensions/fivo.ts there during npm install
- postinstall removes legacy ~/.cell/extensions/fivo.ts if present
- fivo.ts registers CELL commands/providers/hooks and can enable read/bash/edit/write tools in CELL runtime
- package.json declares piConfig.configDir .cell and the lifecycle write stays inside that first-party namespace
- No install-time network fetch, credential exfiltration, remote payload loader, or foreign Claude/Codex/Cursor/MCP control-surface mutation was found
- fivo.ts network use is runtime embedding API configured from user vault, not install-time exfiltration
Source & flagged code
7 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/modes/interactive/interactive-mode.jsView on unpkg