registry  /  pi-aftc-toolset  /  1.2.4

pi-aftc-toolset@1.2.4

AFTC productivity toolset for pi — footer diagnostics, SQLite model usage reports, cache analysis, input shortcuts, cache-audit skill, theme, and SSH tools backed by a PyQt6 GUI.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
An agent invokes `ssh_connect`/`ssh_run`, or a user runs `/aftc-install` and confirms.
Impact
An agent with access to supplied SSH credentials can execute arbitrary commands on the selected remote host and read returned output.
Mechanism
Local Flask bridge forwards AI tool input to Paramiko SSH and executes remote shell commands.
Rationale
The source implements an explicit SSH automation feature rather than a covert malicious chain, but it exposes unrestricted remote command execution to the agent and downloads an executable without integrity verification. Warn rather than block because activation is tool/user-driven and no concrete malicious behavior is present.
Evidence
package.jsonextensions/toolset/index.tsextensions/toolset/install.tsextensions/toolset/ssh.tsinternal-python-gui/main.pyinternal-python-gui/bin/uv.exeinternal-python-gui/std/in.txtinternal-python-gui/std/out.txtinternal-python-gui/std/err.txt.pi-aftc-toolset/data/turns.db
Network endpoints2
127.0.0.85:8564/api/v1github.com/astral-sh/uv/releases/latest/download/uv-x86_64-pc-windows-msvc.exe

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `extensions/toolset/ssh.ts` registers AI-callable SSH connect/run tools that forward arbitrary commands.
  • `internal-python-gui/main.py` executes queued commands over Paramiko SSH and returns terminal output.
  • `extensions/toolset/install.ts` can download and execute `uv.exe` without checksum verification after explicit confirmation.
  • A 62 MB native executable is shipped at `internal-python-gui/bin/uv.exe`.
Evidence against
  • `package.json` has no npm lifecycle scripts.
  • Install actions are exposed through the explicit `/aftc-install` command and UI confirmation.
  • SSH HTTP traffic is restricted to local `127.0.0.85:8564`; no source exfiltration endpoint was found.
  • SQLite storage is limited to local usage metrics under `.pi-aftc-toolset/data/`.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 229 KB of source, external domains: 127.0.0.85, github.com

Source & flagged code

4 flagged · loading source
tests/full-check/full-check.mjsView file
175try { L176: new Function(fullScript)(); L177: console.log(" OK Module script executes (DOM-stubbed, empty JSON)");
Low
Eval

Package source references a known benign dynamic code generation pattern.

tests/full-check/full-check.mjsView on unpkg · L175
tests/load-test/load-test.cjsView file
6// verify per-turn recording actually inserts rows. L7: const { execSync } = require("node:child_process"); L8: const globalRoot = execSync("npm root -g", { encoding: "utf8" }).trim();
Medium
Dynamic Require

Package source references dynamic require/import behavior.

tests/load-test/load-test.cjsView on unpkg · L6
internal-python-gui/bin/uv.exeView file
path = internal-python-gui/bin/uv.exe kind = native_binary sizeBytes = 65102336 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

internal-python-gui/bin/uv.exeView on unpkg
internal-python-gui/main.pyView file
path = internal-python-gui/main.py kind = build_helper sizeBytes = 28810 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

internal-python-gui/main.pyView on unpkg

Findings

6 Medium4 Low
MediumDynamic Requiretests/load-test/load-test.cjs
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binaryinternal-python-gui/bin/uv.exe
MediumShips Build Helperinternal-python-gui/main.py
MediumStructural Risk Force Deep Review
LowEvaltests/full-check/full-check.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings