AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This is a first-party Pi agent extension with lifecycle hooks and commands that orchestrate local worktrees, a local coordinator, and Pi child sessions. No unconsented install-time execution, remote endpoint, credential exfiltration, or remote payload execution was established.
Decision evidence
public snapshot- package.json declares the Pi extension `./extensions/autopilot.ts`.
- extensions/autopilot.ts registers Pi session lifecycle hooks and Autopilot commands.
- src/core/coordination/client.ts can spawn a detached local coordinator.
- src/core/agent-runner.ts launches a configured Pi executable for workstream runs.
- package.json has no preinstall, install, postinstall, or prepare hook.
- No runtime HTTP client, fetch call, or external endpoint was found in source.
- Coordinator IPC uses a local Unix socket or Windows named pipe.
- src/core/coordination/server.ts restricts its Unix socket to mode 0600.
- Agent spawning uses `shell: false` and a sanitized child environment.
- Extension activation and workstream setup are initiated by named Pi commands.
Source & flagged code
2 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/autopilot-coordinator.mjsView on unpkg · L16This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/core/coordination/client.jsView on unpkg