AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code plants a package-supplied CELL extension into the user's global CELL agent extensions directory. This is first-party agent extension lifecycle risk, but inspection did not confirm foreign agent hijack or data exfiltration.
Decision evidence
public snapshot- package.json postinstall executes on install.
- postinstall creates ~/.cell/agent/extensions and copies .pi/extensions/fivo.ts to ~/.cell/agent/extensions/fivo.ts.
- postinstall removes ~/.cell/extensions/fivo.ts if present.
- dist/core/extensions/loader.js auto-discovers global extensions under getAgentDir()/extensions, and getAgentDir resolves to ~/.cell/agent.
- .pi/extensions/fivo.ts hooks agent events and stores memory/vault/theme files under ~/.cell.
- The lifecycle target is the package's own piConfig .cell namespace, not Claude/Codex/Cursor/MCP or shell startup files.
- No install-hook network call, remote payload download, or hardcoded exfiltration endpoint found.
- The extension redacts common secrets on input and shows vault keys as set/masked rather than exfiltrating values.
- dist/cli.js only sets process title/env, configures HTTP dispatcher, and calls main().
Source & flagged code
6 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
examples/extensions/doom-overlay/doom-engine.tsView on unpkg · L64Package source references dynamic require/import behavior.
dist/core/extensions/loader.jsView on unpkg · L52Package ships WebAssembly modules.
examples/extensions/doom-overlay/doom/build/doom.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/extensions/doom-overlay/doom/build.shView on unpkg