Safety notes
Verified with notes
Direct 1:1 messaging between Pi sessions on the same machine.
Direct 1:1 messaging between Pi sessions on the same machine.
Static scan findings
This is a first-pass static screen, not a formal audit. It flags patterns worth reading before install.
MEDIUM · token_access
package-lock.json
"@aws-sdk/token-providers": "3.1031.0","@aws-sdk/token-providers": "3.1031.0",
MEDIUM · spawn_shell
intercom.integration.test.ts
import { spawn, type ChildProcessWithoutNullStreams } from "node:child_process";const broker = spawn("npx", ["--no-install", "tsx", path.join(repoDir, "broker", "broker.ts")], {
MEDIUM · spawn_shell
broker/spawn.ts
import { spawn } from "child_process";const child = spawn(launch.command, launch.args, getBrokerSpawnOptions());
MEDIUM · token_access
skills/pi-intercom/SKILL.md
message: "How does this repo structure token refresh retries?"
Package scripts captured
package.json
{
"test": "tsx --test broker/paths.test.ts broker/spawn.test.ts reply-tracker.test.ts intercom.integration.test.ts"
}