AI Security Review
scanned 14m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The user-invoked `privateer` launcher installs Privateer extension shims and modifies its own Pi-agent settings. Explicit update and remote-access commands can invoke npm or connect the authenticated Privateer service.
Decision evidence
public snapshot- `bin/privateer-tui` creates `$PRIVATEER_HOME/agent/extensions` and writes managed extension shims.
- `bin/privateer-tui` mutates `$PRIVATEER_HOME/agent/settings.json` to suppress upstream Pi startup/update UI.
- `extensions/privateer-gate.ts` loads the shims into the Pi agent control surface and enables a remote relay only through `/remote-access`.
- `extensions/privateer-brand.ts` runs `npm install -g privateer-agent@latest` only from explicit `update` or `/update` commands.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- The launcher targets `$PRIVATEER_HOME/agent`, documented in `src/config/paths.ts` as Privateer-owned and separate from `~/.pi/agent`.
- Account and relay traffic is tied to device login and explicit remote-access activation; `src/auth/privateer.ts` validates HTTPS server URLs.
- No credential harvesting, silent exfiltration, arbitrary remote payload execution, eval/vm use, or destructive command execution was found.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
extensions/privateer-brand.tsView on unpkgPackage source references child process execution.
extensions/privateer-brand.tsView on unpkg · L203Package source invokes a package manager install command at runtime.
extensions/privateer-brand.tsView on unpkg · L197Package source references dynamic require/import behavior.
bin/privateer.mjsView on unpkg · L21