registry  /  privateer-agent  /  0.3.0

privateer-agent@0.3.0

Privateer — a provider-agnostic, safe-by-default terminal coding agent with TEE/Tinfoil attestation, rebuilt on the Pi toolkit. Bring your own model across 20 providers.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

Manual review required because source files were not inspected.

Static reason
No blocking static signals were detected.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
Unable to access read-only filesystem inspection tools in the required final JSON response context.

Decision evidence

public snapshot
AI called this Manual Review at 0.0% confidence as Unknown with high false-positive risk.
Evidence for warning
  • Inspection could not be performed in this environment because only final JSON output is available.
Evidence against
    Behavioral surface
    Source
    CryptoDynamicRequireEnvironmentVarsFilesystemNetworkWebSocket
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 38 file(s), 194 KB of source, external domains: dashscope-intl.aliyuncs.com, helix-server-m1ac.onrender.com, openrouter.ai

    Source & flagged code

    1 flagged · loading source
    bin/privateer.mjsView file
    21register(); // resolves the repo's tsx regardless of the invocation cwd L22: await import(resolve(repo, "src/cli/chat.ts"));
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    bin/privateer.mjsView on unpkg · L21

    Findings

    3 Medium4 Low
    MediumDynamic Requirebin/privateer.mjs
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings