Oathe Security Badge

Is tintinweb/pi-supervisor safe?

https://github.com/tintinweb/pi-supervisor

94
SAFE

This appears to be a legitimate pi extension for supervising AI agent conversations with no evidence of malicious behavior. The empty SKILL.md file is unusual but the TypeScript source code shows proper extension functionality.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW Empty SKILL.md file -15

The SKILL.md file contains no content, which is unusual for a skill package. However, this appears to be a standard npm package structure for a pi extension rather than a malicious attempt.

INFO Legitimate pi extension functionality -10

Analysis of the TypeScript source code shows this is a legitimate pi extension for supervising AI conversations. The code implements standard extension patterns including UI components, model clients, and state management.