AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `extensions/index.ts` calls `upsertAgentsBlock(ctx.cwd)` at session start when peer tools are missing.
- `src/agents-block.ts` creates or rewrites project `AGENTS.md` with Pi tool-install instructions.
- `src/install-telemetry.ts` sends version and platform User-Agent to `mocito.dev` by default unless disabled.
- `package.json` runs preinstall/postinstall scripts that fetch and install generated skills.
Evidence against
- `scripts/stage.mjs` pins the downloaded v3.19.0 tarball to `scripts/expected-sha256.txt` and aborts on mismatch.
- `scripts/commit.mjs` only moves generated content into this package's own install directory.
- No credential harvesting, shell payload execution, eval, or arbitrary endpoint construction was found.
- No binaries or opaque payload files are present in the extracted package.
Behavioral surface
SourceChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chainHighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 12 file(s), 75.5 KB of source, external domains: codeload.github.com, github.com, mocito.dev