registry  /  pi-outpost  /  0.1.1

pi-outpost@0.1.1

A web chat UI for the pi coding agent — run it with npx, no clone, no build.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No malicious package-controlled attack surface was confirmed. The user-invoked CLI starts a local configured web UI for an AI coding agent, with optional user-configured file and bash capabilities.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly runs the CLI with a configuration file.
Impact
Configured agent operations occur only after explicit user setup; no install-time execution, credential exfiltration, or covert remote payload chain was found.
Mechanism
Local Fastify/WebSocket UI over configured pi-agent tools.
Rationale
Static source inspection shows a bundled, explicitly invoked local AI-agent web UI with configuration and exposure safeguards, not malware. Scanner signals derive from bundled dependencies/assets and were not corroborated by concrete malicious behavior.
Evidence
package.jsonREADME.mddist/pi-outpost.mjsdist/web/assets/chunk-KEIR6QF5-BfrZ3jm6.js

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle install hooks; only build/prepack scripts.
    • dist/pi-outpost.mjs requires an explicit configuration file before startup.
    • CLI defaults its HTTP server to 127.0.0.1 and requires a token for non-loopback exposure.
    • WebSocket and file routes validate origin/token and confine file paths to configured browser roots.
    • Git subprocess use is fixed to git commands; no hidden shell payload was found.
    • Flagged dist/web/assets/chunk-KEIR6QF5-BfrZ3jm6.js contains zero bidi/invisible control characters.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 122 file(s), 4.00 MB of source, external domains: app.example.com, chevrotain.io, en.wikipedia.org, github.com, langium.org, react.dev, www.w3.org
    Oversized source lightweight scan
    dist/pi-outpost.mjs15.1 MB file, sampled 256 KB
    FilesystemNetworkChildProcessEnvironmentVarsShellHighEntropyStringsUrlStringsapp.example.com

    Source & flagged code

    4 flagged · loading source
    dist/web/assets/chunk-KEIR6QF5-BfrZ3jm6.jsView file
    46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Da(e){let t=typeof e==`string`?new RegExp(e):e;return Ea.some(e=>t.test(e))}o(Da,`isWhitespace`);function Oa(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(Oa,`escapeReg
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    dist/web/assets/chunk-KEIR6QF5-BfrZ3jm6.jsView on unpkg · L46
    dist/web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
    path = dist/web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    dist/web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
    dist/pi-outpost.mjsView file
    path = dist/pi-outpost.mjs kind = oversized_source_file sizeBytes = 15822194 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    dist/pi-outpost.mjsView on unpkg
    path = dist/pi-outpost.mjs kind = oversized_cli_entrypoint sizeBytes = 15822194 magicHex = [redacted]
    Medium
    Oversized Cli Entrypoint

    Package contains an oversized executable-looking CLI entrypoint.

    dist/pi-outpost.mjsView on unpkg

    Findings

    1 Critical2 High5 Medium5 Low
    CriticalTrojan Source Unicodedist/web/assets/chunk-KEIR6QF5-BfrZ3jm6.js
    HighShips High Entropy Blobdist/web/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
    HighOversized Source Filedist/pi-outpost.mjs
    MediumNetwork
    MediumEnvironment Vars
    MediumProtestware
    MediumOversized Cli Entrypointdist/pi-outpost.mjs
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings