AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/account-store.ts writes ~/.pi/agent/models.json and auth.json for google-antigravity during explicit login.
- src/version-check.ts exposes performSelfUpdate() that runs npm install via execSync from authenticated dashboard API.
- src/telemetry.ts sends opt-out boot/heartbeat/flag telemetry to default plain-HTTP author endpoint.
- src/notification-poller.ts polls author telemetry server for admin notifications when telemetry is enabled.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- bin/pi-antigravity-rotator.js only registers tsx and imports src/cli.ts; default command starts the proxy.
- Self-update is user/admin-triggered at /api/self-update, not install-time or import-time.
- Telemetry code and README state no emails, tokens, project IDs, bodies, or error text are sent and PI_ROTATOR_TELEMETRY=off disables it.
- OAuth/token handling targets Google endpoints and stores refresh tokens locally for the package's proxy purpose.
- No evidence of remote payload execution, credential harvesting beyond user login flow, destructive behavior, or persistence.
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/version-check.tsView on unpkgPackage source references child process execution.
src/version-check.tsView on unpkg · L3Package source invokes a package manager install command at runtime.
src/version-check.tsView on unpkg · L175