AI Security Review
scanned 4d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. On extension load, existing Grok CLI credentials can be copied into Pi's auth store. An optional installed `pi-web-access` extension may be dynamically loaded to provide search delegation.
Static reason
No blocking static signals were detected.
Trigger
Loading the Pi extension; web delegation additionally requires `pi-web-access` and enabled settings.
Impact
Mutates Pi agent authentication state and executes a separately installed optional extension; no concrete malicious chain was found.
Mechanism
credential migration and guarded optional extension loading
Rationale
The package is not concretely malicious, but import-time credential migration into a host-agent auth file and optional dynamic extension loading create a meaningful guarded lifecycle risk. Downgrade to warn rather than block.
Evidence
package.jsonindex.tsxai-oauth.tsxai-web-search-delegate.tsxai-vision.ts~/.grok/auth.json~/.pi/agent/auth.json~/.pi/agent/npm/node_modules/pi-web-access
Network endpoints3
auth.x.aiapi.x.ai/v1cli-chat-proxy.grok.com/v1
Decision evidence
public snapshotAI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `index.ts` auto-imports credentials during extension startup.
- `xai-oauth.ts` reads `~/.grok/auth.json` and writes `~/.pi/agent/auth.json`.
- `xai-web-search-delegate.ts` dynamically loads installed `pi-web-access` extension code.
Evidence against
- `package.json` has only a guarded development `prepare` Husky hook, not install/postinstall.
- Network requests target xAI/Grok OAuth, API, and billing endpoints.
- Credential writes are limited to Pi's `grok-build` auth entry with `0600` permissions.
- No shell execution, eval, destructive file actions, or arbitrary exfiltration found.
Behavioral surface
CryptoDynamicRequireEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcexai-web-search-delegate.tsView file
84async function importPiExtensionLoader() {
L85: const publicModule = (await import("@earendil-works/pi-coding-agent")) as Record<string, unknown>;
L86: if ("loadExtensions" in publicModule && typeof publicModule.loadExtensions === "function") {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
xai-web-search-delegate.tsView on unpkg · L84Findings
3 Medium5 Low
MediumDynamic Requirexai-web-search-delegate.ts
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings