registry  /  gentle-pi  /  0.16.0

gentle-pi@0.16.0

Turn Pi into el Gentleman: a senior-architect development harness with SDD/OpenSpec, subagents, strict TDD evidence, review guardrails, and skill discovery.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The Pi extension automatically provisions package-managed SDD agent assets when a Pi session starts. It also applies local model-routing configuration to recognized agent profiles.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Loading the package as a Pi extension and starting a session.
Impact
Can add or update managed agent, chain, support, and model-routing files under the configured Pi agent home.
Mechanism
Session-start writes to the Pi agent extension surface.
Rationale
Source inspection found no npm lifecycle execution, remote payload loading, credential collection, or destructive behavior. The automatic first-party Pi agent asset provisioning is a real lifecycle risk that warrants a warning rather than a block.
Evidence
package.jsonextensions/gentle-ai.tslib/sdd-preflight.tslib/review-transaction.ts~/.pi/agent/agents~/.pi/agent/chains~/.pi/agent/gentle-ai~/.pi/gentle-ai/models.json

Decision evidence

public snapshot
AI called this Suspicious at 85.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • extensions/gentle-ai.ts installs SDD assets on session_start.
  • lib/sdd-preflight.ts defaults asset target to ~/.pi/agent.
  • Session startup also applies saved model routing to agent files.
Evidence against
  • package.json has no preinstall, install, or postinstall hook.
  • No fetch/http client or credential-exfiltration path found in executable source.
  • Git/gh network operations are explicit review/release-gate actions using configured remotes.
  • Filesystem writes are scoped to Gentle Pi config, managed assets, or the active repository.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
Manifest
WildcardDependency
scanned 68 file(s), 951 KB of source

Source & flagged code

3 flagged · loading source
tests/review-bundle.test.tsView file
53const importer = new ReviewBundleImporter(target, { mutationLockPlatform: qualifiedReviewLockPlatform() }); L54: const imported = importer.import({ inputPath: first, operationId: "import-one", [redacted]: true }); L55: assert.equal(imported.imported, true);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

tests/review-bundle.test.tsView on unpkg · L53
extensions/skill-registry.tsView file
54function userSkillDirs(): string[] { L55: const home = homedir(); L56: return [ ... L127: L128: function parseFrontmatter(source: string): { name?: string; description?: string; body: string } { L129: const normalized = source.replace(/\r\n?/g, "\n"); ... L384: try { L385: const parsed: unknown = JSON.parse(await readFile(cachePath, "utf8")); L386: cached = isCacheFile(parsed) ? parsed.fingerprint : undefined; ... L427: argv = process.argv.slice(2), L428: env = process.env, L429: ): boolean {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

extensions/skill-registry.tsView on unpkg · L54
lib/review-transaction.tsView file
matchType = previous_version_dangerous_delta matchedPackage = gentle-pi@0.13.0 matchedIdentity = npm:Z2VudGxlLXBp:0.13.0 similarity = 0.639 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/review-transaction.tsView on unpkg

Findings

1 High3 Medium4 Low
HighPrevious Version Dangerous Deltalib/review-transaction.ts
MediumDynamic Requiretests/review-bundle.test.ts
MediumEnvironment Vars
MediumWildcard Dependency
LowScripts Present
LowWeak Cryptoextensions/skill-registry.ts
LowFilesystem
LowHigh Entropy Strings