AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. On Pi extension import, the package may migrate an existing Grok CLI credential into Pi's agent auth store without an explicit command. Runtime provider and OAuth requests send xAI credentials to the configured xAI/Grok services; no confirmed exfiltration or remote payload execution was found.
Decision evidence
public snapshot- `index.ts` invokes `autoImportGrokCliIfNeeded()` on extension startup.
- `xai-oauth.ts` reads `~/.grok/auth.json` and writes its token into `~/.pi/agent/auth.json` under `grok-build`.
- `xai-oauth.ts` creates the Pi auth directory and restricts the written file to mode `0600`.
- `package.json` has a guarded `prepare` hook that runs Husky only when its local dependency exists.
- No `preinstall`, `install`, or `postinstall` lifecycle hook is present.
- No child-process, shell, eval, VM, or dynamic-loading use appears in package TypeScript sources.
- Network calls target xAI/Grok OAuth, API, proxy, and billing endpoints; no unrelated collection endpoint is present.
- Credential use is tied to registered xAI provider requests and explicit login/usage commands.
Source & flagged code
2 flagged · loading source`xai-oauth.ts` reads `~/.grok/auth.json` and writes its token into `~/.pi/agent/auth.json` under `grok-build`.
grok/auth.jsonView on unpkg`package.json` has a guarded `prepare` hook that runs Husky only when its local dependency exists.
package.jsonView on unpkg