AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Loading the Pi extension creates a package-local default configuration file and registers agent hooks. User-invoked tools perform a DuckDuckGo search or fetch a supplied public URL; no malicious payload or credential collection is established.
Decision evidence
public snapshot- `extensions/index.ts` writes `extensions/safe-search.json` when the Pi extension is loaded.
- `extensions/index.ts` registers agent hooks and web search/fetch tools.
- `extensions/search.ts` sends user search queries to DuckDuckGo.
- `extensions/fetch.ts` fetches user-supplied public HTTP(S) URLs.
- `package.json` has no preinstall/install/postinstall/prepare hooks or dependencies.
- No child-process, shell, eval, dynamic loader, credential access, or exfiltration code was found.
- `extensions/fetch.ts` blocks private, loopback, link-local, reserved IP ranges and revalidates redirects.
- The flagged Unicode characters in `extensions/sanitize.ts` are an explicit zero-width-character removal regex, not concealed control flow.
- `test.mjs` references cloud metadata only to assert SSRF blocking.
Source & flagged code
3 flagged · loading sourcePackage text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkgSource reaches cloud instance metadata or link-local credential endpoints.
test.mjsView on unpkg · L10Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
extensions/sanitize.tsView on unpkg · L4