A native codebase awareness extension for the Pi coding agent that delivers analysis tools and hooks for AI agents, and also enables non‑Pi agents (via MCP, e.g., Cursor, Claude Code, Kimi‑code, Trae, Qoder, Codebuddy) to achieve full tool support like pi‑shazam.
- capability exposureinferred+16
- trust mitigatorsmixed−3
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 7m ago · see ecosystem CVEs →
- B · 27 → A · 13
No known CVEs for this server.
No tool-safety findings — heuristic detectors run on the compute-risk cadence; a finding appears when a tool trips a rule.
analyzed commit cdf18c5 · analyzer v17 · 3d ago
skills & prompt files 2
[](https://mcpobservatory.com/servers/github:gjczone/pi-shazam/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of gjczone.