registry  /  pi-xai  /  0.16.0

pi-xai@0.16.0

Pi extension for xAI Grok Build — Responses API, OAuth, agentic tools, multi-agent

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. On Pi extension import, the package may migrate an existing Grok CLI credential into Pi's agent auth store without an explicit command. Runtime provider and OAuth requests send xAI credentials to the configured xAI/Grok services; no confirmed exfiltration or remote payload execution was found.

Static reason
No blocking static signals were detected.
Trigger
Loading the Pi extension; subsequent xAI provider, OAuth, or usage actions.
Impact
Mutates the Pi agent authentication control surface by adding a `grok-build` credential; credentials are then usable by the registered provider.
Mechanism
Automatic first-party Pi credential migration and xAI API/OAuth integration.
Rationale
The automatic credential migration is a real first-party agent-extension lifecycle risk and warrants a warning under the stated policy. Source inspection does not establish malicious behavior or a publish-block chain.
Evidence
package.jsonindex.tsxai-oauth.tsxai-config.tsxai-provider.tsxai-stream.ts~/.grok/auth.json~/.pi/agent/auth.json
Network endpoints5
api.x.ai/v1cli-chat-proxy.grok.com/v1auth.x.aiaccounts.x.aicli-chat-proxy.grok.com/v1/billing

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `index.ts` invokes `autoImportGrokCliIfNeeded()` on extension startup.
  • `xai-oauth.ts` reads `~/.grok/auth.json` and writes its token into `~/.pi/agent/auth.json` under `grok-build`.
  • `xai-oauth.ts` creates the Pi auth directory and restricts the written file to mode `0600`.
  • `package.json` has a guarded `prepare` hook that runs Husky only when its local dependency exists.
Evidence against
  • No `preinstall`, `install`, or `postinstall` lifecycle hook is present.
  • No child-process, shell, eval, VM, or dynamic-loading use appears in package TypeScript sources.
  • Network calls target xAI/Grok OAuth, API, proxy, and billing endpoints; no unrelated collection endpoint is present.
  • Credential use is tied to registered xAI provider requests and explicit login/usage commands.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 139 KB of source, external domains: 127.0.0.1, accounts.x.ai, api.x.ai, auth.x.ai, cli-chat-proxy.grok.com, github.com, grok.com

Source & flagged code

2 flagged · loading source
grok/auth.jsonView file
Published source reference
Medium
Ai Review Evidence

`xai-oauth.ts` reads `~/.grok/auth.json` and writes its token into `~/.pi/agent/auth.json` under `grok-build`.

grok/auth.jsonView on unpkg
package.jsonView file
Published source reference
Medium
Suspicious Dependency Evidence

`package.json` has a guarded `prepare` hook that runs Husky only when its local dependency exists.

package.jsonView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidencegrok/auth.json
MediumAi Review Evidence
MediumSuspicious Dependency Evidencepackage.json
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings