AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code plants a package-supplied extension into the package's own ~/.cell agent extension directory. This creates agent extension lifecycle risk, but the observed target is first-party/package-aligned rather than a foreign broad control surface.
Decision evidence
public snapshot- package.json postinstall copies .pi/extensions/fivo.ts into ~/.cell/agent/extensions/fivo.ts
- package.json postinstall removes ~/.cell/extensions/fivo.ts during install
- ./pi/extensions/fivo.ts registers agent hooks that inject memory/project context and transform user input
- ./pi/extensions/fivo.ts reads AGENTS.md/CLAUDE.md and stores memory/vault files under ~/.cell
- package.json piConfig declares configDir .cell, matching the lifecycle target namespace
- No evidence the lifecycle writes Claude/Codex/Cursor/MCP or other foreign agent control surfaces
- No network endpoint or exfiltration code found in .pi/extensions/fivo.ts
- dist/cli.js only sets PI_CODING_AGENT, configures dispatcher, and calls main
- dist/core/extensions/loader.js dynamic import is the package's extension loader for local/configured extensions
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkg