registry  /  pi-xai-oauth  /  1.3.5

pi-xai-oauth@1.3.5

⚠ Under review

One-command installer for xAI OAuth provider + Grok 4.5, Grok Build, and Composer models in pi

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 195 KB of source, external domains: 127.0.0.1, accounts.x.ai, api.x.ai, auth.x.ai, cli-chat-proxy.grok.com, example.test, pi.dev

Source & flagged code

3 flagged · loading source
bin/setup.jsView file
7L8: const { execSync } = require("child_process"); L9: const fs = require("fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/setup.jsView on unpkg · L7
scripts/verify-extension.jsView file
42function installFetchMock() { L43: global.fetch = async (url, init = {}) => { L44: const href = String(url); L45: if (href.startsWith("http://127.0.0.1:")) { L46: return originalFetch(url, init); ... L56: if (href === "https://auth.x.ai/oauth2/token") { L57: const params = new URLSearchParams(String(init.body || "")); L58: requests.push({ url: href, body: Object.fromEntries(params) });
Critical
Builtin Api Tampering Exfiltration

Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.

scripts/verify-extension.jsView on unpkg · L42
matchType = previous_version_dangerous_delta matchedPackage = pi-xai-oauth@1.3.2 matchedIdentity = npm:cGkteGFpLW9hdXRo:1.3.2 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/verify-extension.jsView on unpkg

Findings

1 Critical1 High3 Medium4 Low
CriticalBuiltin Api Tampering Exfiltrationscripts/verify-extension.js
HighPrevious Version Dangerous Deltascripts/verify-extension.js
MediumDynamic Requirebin/setup.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings