This server has been archived and is no longer actively maintained.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-coreason-ai-coreason-ecosystem": {
"args": [
"-y",
"@earendil-works/pi-coding-agent"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
CoReason Tripartite Architecture Governance Plane. Stateless zero-trust federated MCP gateway.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@earendil-works/pi-coding-agent' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
Pi Agent: Pi loads project-local extensions without approval
# Pi loads project-local extensions without approval Pi before 0.79.0 loaded project-local configuration and resources from a repository's `.pi` directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript modules loaded into the Pi process. An attacker who controls a repository could place Pi-specific project resources in that repository. If a user then started Pi from that working tree, the project-loc
Pi Agent: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts
# Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary directory could prepare the expected package location before another user runs pi with a temporary extension package source. Pi could then load attacker-controlled extens
Pi Agent: Race condition in Pi auth.json writes could expose stored credentials
# Pi auth.json writes could briefly expose stored credentials to local users Pi stored API keys and OAuth credentials in `auth.json`. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only permissions. ## Info The affected credential storage code wrote `auth.json` and then corrected the file mode in a separate operation. During the interval between those operations, a local user
>= 0.28.0source →Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass
# Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass the check because browsers normalize those characters before navigation. ## Impact The realistic attack path is indirect. An attacker would need to get suitable Markdown into a session, fo
>= 0.27.5source →This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationBe the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
App framework, testing framework, and inspector for MCP Apps.
MCP Security Weekly
Get CVE alerts and security updates for io.github.CoReason-AI/coreason-ecosystem and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.