AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Pi extension code runs when the user loads the package in Pi. On session start it installs package SDD assets into the Pi agent home and regenerates a local skill registry; no credential harvesting or direct exfiltration was found.
Decision evidence
public snapshot- `extensions/gentle-ai.ts` installs SDD assets on every Pi `session_start`.
- `extensions/skill-registry.ts` refreshes project `.atl/skill-registry.md` at session start.
- `extensions/gentle-ai.ts` invokes Git and may query configured remotes for explicit review/release validation.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- No direct HTTP, fetch, socket, eval, VM, or remote payload-loading primitive found in runtime source.
- Global asset destination is package-aligned Pi agent storage (`~/.pi/agent`), not an unrelated control surface.
- Source includes command safety and confirmation gates for destructive shell commands.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
tests/review-bundle.test.tsView on unpkg · L54Package source references weak cryptographic algorithms.
extensions/skill-registry.tsView on unpkg · L54This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
tests/review-gate.test.tsView on unpkg