AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package auto-installs a first-party CELL agent extension at npm install time. The extension can modify prompts, redact input, store memory/vault data, and constrain active tools when the CELL agent runs.
Decision evidence
public snapshot- package.json postinstall creates ~/.cell/agent/extensions and copies .pi/extensions/fivo.ts there automatically.
- dist/config.js derives CONFIG_DIR_NAME from package piConfig .cell and getAgentDir() as ~/.cell/agent.
- .pi/extensions/fivo.ts registers agent hooks for before_agent_start, input, message_end, agent_end, and session_start.
- .pi/extensions/fivo.ts injects memory/project instructions into systemPrompt and reads AGENTS.md or CLAUDE.md from cwd.
- .pi/extensions/fivo.ts writes ~/.cell memory.json, vault.json, mode.json, and themes/cell-orange.json.
- Lifecycle write is inside the package's own .cell agent namespace, not Claude/Codex/Cursor/MCP foreign surfaces.
- No network calls or exfiltration endpoints found in package.json postinstall or .pi/extensions/fivo.ts.
- Vault command masks stored values in UI and preprompt only lists API_/SECRET_/TOKEN_ keys as [SET].
- dist/cli.js only configures dispatcher and invokes main(process.argv.slice(2)); import entrypoint dist/index.js re-exports APIs.
- Dynamic extension loading in dist/core/extensions/loader.js is core platform behavior for user/project/global extensions.
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkg