Safety notes
Verified with notes
Web search, extraction, and video understanding for Pi.
Web search, extraction, and video understanding for Pi.
Static scan findings
This is a first-pass static screen, not a formal audit. It flags patterns worth reading before install.
MEDIUM · token_access
perplexity.ts
perplexityApiKey?: unknown;function normalizeApiKey(value: unknown): string | null {function getApiKey(): string {
MEDIUM · token_access
code-search.ts
params: { query: string; maxTokens?: number },details: { query: string; maxTokens: number; error?: string };details: { query: "", maxTokens: params.maxTokens ?? 5000, error: "No query provided" },
MEDIUM · spawn_shell
github-extract.ts
import { execFile } from "node:child_process";
MEDIUM · token_access
curator-page.ts
sessionToken: string,const inlineData = safeInlineJSON({ queries, sessionToken, timeout, defaultProvider, summaryModels, defaultSummaryModel, availableProviders });
MEDIUM · token_access
curator-server.ts
sessionToken: string;const tokenEstimate = meta.tokenEstimate;if (typeof tokenEstimate !== "number" || !Number.isFinite(tokenEstimate) || tokenEstimate < 0) return null;
MEDIUM · token_access
summary-review.ts
tokenEstimate: number;function estimateTokens(text: string): number {tokenEstimate: estimateTokens(nonEmptySummary),
MEDIUM · token_access
gemini-search.ts
import { getApiKey, API_BASE, DEFAULT_MODEL } from "./gemini-api.js";import { hasExaApiKey, isExaAvailable, searchWithExa } from "./exa.js";" 1. Set GEMINI_API_KEY in ~/.pi/web-search.json\n" +
MEDIUM · spawn_shell
video-extract.ts
import { execFileSync } from "node:child_process";
MEDIUM · token_access
video-extract.ts
import { queryGeminiApiWithVideo, getApiKey, API_BASE } from "./gemini-api.js";const apiKey = getApiKey();if (!apiKey) return null;
MEDIUM · spawn_shell
index.ts
import { execFileSync } from "node:child_process";? await pi.exec("open", [url])? await pi.exec("cmd", ["/c", "start", "", url])
Package scripts captured
No package scripts captured.