AI Security Review
scanned 20h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package lifecycle installs a FIVO CELL extension into the package-owned global agent extension directory. This creates standing agent-facing capability at runtime, but inspection did not confirm foreign agent hijack or exfiltration.
Decision evidence
public snapshot- package.json postinstall copies .pi/extensions/fivo.ts into ~/.cell/agent/extensions/fivo.ts
- dist/core/extensions/loader.js auto-discovers global extensions from getAgentDir()/extensions
- fivo.ts runs on extension load, creates ~/.cell memory/settings/theme files, and changes active tools/modes
- fivo.ts can inject recalled memory and AGENTS.md/CLAUDE.md text into agent system prompt
- fivo.ts uses OpenAI embeddings endpoint when OPENAI_API_KEY is stored in its vault
- Lifecycle target is package-owned namespace from piConfig configDir .cell, not Claude/Codex/Cursor/MCP foreign control surfaces
- No install-time network call found; postinstall only copies/removes local files
- No credential exfiltration found; vault values are user-set and provider list masks values
- Shell/exec capabilities appear part of the declared coding-agent extension API and runtime CLI
- Network endpoints are package-aligned AI/share/update URLs, not hardcoded exfiltration collectors
Source & flagged code
11 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils/shell.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
examples/extensions/doom-overlay/doom/build/doom.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/config.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/core/footer-data-provider.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/core/tools/bash.jsView on unpkg