registry  /  pi-autopilot  /  0.4.0

pi-autopilot@0.4.0

Autopilot orchestration package for Pi: /autopilot, /autopilot-onboard, /autopilot-handoff, /autopilot-close, /autopilot-abort, context budget activation, and child runner wiring.

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Pi extension/CLI for explicit Autopilot orchestration and local runtime artifact management, with no install-time execution or credential exfiltration found.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
explicit pi extension command or autopilot-agent-run CLI invocation
Impact
creates local Autopilot runtime files/worktrees and runs the user's local pi executable when invoked
Mechanism
package-aligned local orchestration, git worktree management, and Pi child process launch
Rationale
Source inspection shows dangerous primitives are user-invoked and aligned with the package's documented Pi Autopilot orchestration purpose. I found no install-time mutation, foreign AI-agent control hijack, secret harvesting, network exfiltration, or remote payload execution.
Evidence
package.jsonbin/autopilot-agent-run.mjsdist/src/cli/autopilot-agent-run.jsdist/src/core/agent-runner.jsdist/src/internal/status-extension.jsdist/src/core/parallel-runtime.jsdist/src/extension.jsREADME.md~/.pi/agent/autopilot/coordination/<repo-key>/~/.pi/agent/autopilot/worktrees/<repo-key>/active/<workstream-run>/main/.pi/autopilot/<workstream>/

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks; only bin and pi extension metadata.
    • bin/autopilot-agent-run.mjs only forwards explicit CLI invocation to dist/src/cli/autopilot-agent-run.js.
    • dist/src/core/agent-runner.js spawns local pi only from explicit runner use and forces --no-extensions plus package-owned status extension.
    • dist/src/internal/status-extension.js registers only autopilot_emit_status and writes status/receipt via supplied context path.
    • dist/src/core/parallel-runtime.js writes package-owned coordination/worktree state under ~/.pi/agent/autopilot on explicit /autopilot commands.
    • README.md documents local-only behavior with no fetch, push, PR creation, or provider calls during close/abort.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemShell
    Supply chain
    HighEntropyStrings
    ManifestNo manifest risk signals triggered.
    scanned 59 file(s), 821 KB of source

    Source & flagged code

    1 flagged · loading source
    dist/src/core/agent-runner.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = pi-autopilot@0.3.0 matchedIdentity = npm:cGktYXV0b3BpbG90:0.3.0 similarity = 0.608 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/src/core/agent-runner.jsView on unpkg

    Findings

    1 High1 Medium3 Low
    HighPrevious Version Dangerous Deltadist/src/core/agent-runner.js
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings