AI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `install.sh` is an explicit setup helper that runs `pi install` on this package.
- `install.sh` writes `$HOME/bin/ftales` and, on macOS, `~/Applications/ftales.app`.
- Extensions register agent tools and can persist package settings at `~/.pi/agent/fairy-tales.json` after a user command.
Evidence against
- `package.json` has no npm preinstall/install/postinstall lifecycle hooks.
- No credential harvesting, encoded payload, eval/vm use, or remote-code loader found in inspected source.
- `extensions/fairy-tales-web.ts` only fetches user-supplied HTTP(S) URLs through SSRF-protected `safeFetch`.
- Child-process use is explicit-user functionality: clipboard helpers, browser opening, and git worktree/PR operations with argument arrays.
- No package-controlled exfiltration endpoint was found.
Behavioral surface
SourceChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chainHighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 209 KB of source, external domains: www.w3.org