registry  /  pi-experiences  /  0.1.19

pi-experiences@0.1.19

A Pi extension package for capturing and reviewing behavioral experience patterns separately from skills and memory.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Pi agent-experience extension with explicit user-command setup, local private-state storage, redaction, and optional configured-model calls.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs Pi /experience commands or the explicit experience-consolidate CLI; package install alone has no install hook.
Impact
Can create/update package-owned config, observation, ledger, lock, and safety files under ~/.agents/experience after user-enabled features; no exfiltration or unconsented install-time control mutation found.
Mechanism
package-aligned local agent extension and CLI
Rationale
Static inspection shows package-aligned, gated Pi extension behavior rather than malicious install-time mutation, credential theft, payload loading, or exfiltration. Scanner findings map to redaction/env/config/test fixtures and wildcard peer deps, not a concrete attack chain.
Evidence
package.jsonbin/experience-consolidate.mjsextensions/agent-experience/index.tsextensions/agent-experience/src/paths.tsextensions/agent-experience/src/storage/observations.tsextensions/agent-experience/src/storage/redaction.tsextensions/agent-experience/src/selector-model.tsscripts/test-agent-experience-phase2-storage.mjs~/.agents/experience/agent-experience.toml~/.agents/experience/observations.jsonl~/.agents/experience/ledger.sqlite~/.agents/experience/analyze.lock~/.agents/experience/law.md

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall scripts; only prepack/prepublishOnly build/check scripts.
    • bin/experience-consolidate.mjs is an explicit CLI that reads package state and requires fixture output for now runs.
    • extensions/agent-experience/index.ts registers Pi commands/hooks, but capture/selector/model use are gated by local config and setup commands.
    • extensions/agent-experience/src/paths.ts writes only package-owned ~/.agents/experience config with timer/break-in forced off.
    • extensions/agent-experience/src/storage/observations.ts stores redacted observations locally under the private state root.
    • scripts/test-agent-experience-phase2-storage.mjs contains fake test token strings used to validate redaction.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemShell
    Supply chain
    HighEntropyStrings
    Manifest
    WildcardDependency
    scanned 38 file(s), 506 KB of source

    Source & flagged code

    2 flagged · loading source
    scripts/test-agent-experience-phase2-storage.mjsView file
    104patternName = private_key_rsa severity = critical line = 104 matchedText = assert.e...se);
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    scripts/test-agent-experience-phase2-storage.mjsView on unpkg · L104
    104patternName = private_key_rsa severity = critical line = 104 matchedText = assert.e...se);
    Critical
    Secret Pattern

    RSA private key in scripts/test-agent-experience-phase2-storage.mjs

    scripts/test-agent-experience-phase2-storage.mjsView on unpkg · L104

    Findings

    2 Critical2 Medium4 Low
    CriticalCritical Secretscripts/test-agent-experience-phase2-storage.mjs
    CriticalSecret Patternscripts/test-agent-experience-phase2-storage.mjs
    MediumEnvironment Vars
    MediumWildcard Dependency
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings