github analyzed f351c9f

jshsakura/oc-piloci

piLoci is a self-hosted MCP memory server built to save tokens, I/O, and LLM calls on low-power devices like Raspberry Pi.

maintainer: jshsakura
license: MIT
first seen: 2026-06-06
last seen: 2026-06-07
releases · 30d: 75
short id

Drift inferred · capture-to-capture

No drift recorded — single capability capture; advisories appear once its surface changes.

capabilities0 tools

transport stdio · streamable-http · http · sse counts 0 tools · 0 res · 0 prompts permission surface via code analysis

no tools enumerated yet for this server.

skills & danger signalsgithub-tarball

prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed commit f351c9f · analyzer v17 · 1d ago

skills & prompt files 1

agent-rulesjshsakura-oc-piloci-f351c9f/CLAUDE.md

danger signals2

suspicious endpointapi.telegram.orgjshsakura-oc-piloci-f351c9f/src/piloci/notify/telegram.py:57url = f"https://api.telegram.org/bot{settings.telegram_bot_token}/sendMessage"
suspicious endpointapi.telegram.orgjshsakura-oc-piloci-f351c9f/src/piloci/notify/telegram_bot.py:64url = f"https://api.telegram.org/bot{settings.telegram_bot_token}/{method}"

code evidencevv0.3.120 · github-tarball

evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 17

fs jshsakura-oc-piloci-f351c9f/run.py :17 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/scripts/init-db.py :5 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/api/static.py :3 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/cli.py :397 opened = webbrowser.open(verification_uri_complete)
fs jshsakura-oc-piloci-f351c9f/src/piloci/cli_files.py :22 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/cli_ingest.py :18 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/config.py :4 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/curator/scheduler.py :29 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/curator/team_export.py :34 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/curator/team_vault.py :18 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/curator/vault.py :5 import shutil
fs jshsakura-oc-piloci-f351c9f/src/piloci/installer.py :23 import shutil
fs jshsakura-oc-piloci-f351c9f/src/piloci/notify/health.py :29 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/storage/team_files.py :16 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/tools/install_script.py :76 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/tools/memory_tools.py :12 from pathlib import Path
fs jshsakura-oc-piloci-f351c9f/src/piloci/version.py :3 from pathlib import Path

shell / exec 1

shell jshsakura-oc-piloci-f351c9f/run.py :15 import subprocess

network 15

net jshsakura-oc-piloci-f351c9f/clients/python/src/piloci_client/_async_client.py :7 import httpx
net jshsakura-oc-piloci-f351c9f/clients/python/src/piloci_client/_client.py :7 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/api/routes.py :6 import socket
net jshsakura-oc-piloci-f351c9f/src/piloci/auth/oauth.py :14 from urllib.parse import urlencode
net jshsakura-oc-piloci-f351c9f/src/piloci/cli.py :355 import urllib.error
net jshsakura-oc-piloci-f351c9f/src/piloci/cli_files.py :24 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/cli_ingest.py :21 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/curator/gemma.py :17 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/installer.py :24 import urllib.error
net jshsakura-oc-piloci-f351c9f/src/piloci/llm.py :22 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/notify/telegram.py :8 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/notify/telegram_bot.py :30 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/profiling_baseline.py :9 import httpx
net jshsakura-oc-piloci-f351c9f/src/piloci/tools/install_script.py :305 import urllib.error
net jshsakura-oc-piloci-f351c9f/src/piloci/tools/memory_tools.py :249 import urllib.error

secrets 4

secrets jshsakura-oc-piloci-f351c9f/src/piloci/cli.py :288 password = args.password or os.environ.get("ADMIN_PASSWORD", "")
secrets jshsakura-oc-piloci-f351c9f/src/piloci/cli_ingest.py :29 "token": os.environ.get("PILOCI_TOKEN"),
secrets jshsakura-oc-piloci-f351c9f/src/piloci/profiling_baseline.py :91 "token": os.environ.get("PILOCI_PROFILE_BASELINE_TOKEN") or os.environ.get("PILOCI_TOKEN"),
secrets jshsakura-oc-piloci-f351c9f/src/piloci/tools/install_script.py :165 "token": os.environ["PILOCI_TOKEN"],

database 31

db jshsakura-oc-piloci-f351c9f/src/piloci/api/audit.py :11 from sqlalchemy.ext.asyncio import AsyncSession
db jshsakura-oc-piloci-f351c9f/src/piloci/api/data_portability.py :25 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/api/distillation_routes.py :21 from sqlalchemy import func, select
db jshsakura-oc-piloci-f351c9f/src/piloci/api/routes.py :14 from sqlalchemy import delete
db jshsakura-oc-piloci-f351c9f/src/piloci/api/team_routes.py :74 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/api/v1.py :76 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/auth/device_pairing.py :27 from redis.asyncio import Redis
db jshsakura-oc-piloci-f351c9f/src/piloci/auth/install_pairing.py :26 from redis.asyncio import Redis
db jshsakura-oc-piloci-f351c9f/src/piloci/auth/local.py :14 from sqlalchemy.ext.asyncio import AsyncSession
db jshsakura-oc-piloci-f351c9f/src/piloci/auth/middleware.py :7 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/auth/oauth.py :19 from sqlalchemy.ext.asyncio import AsyncSession
db jshsakura-oc-piloci-f351c9f/src/piloci/auth/session.py :8 from redis.asyncio import Redis
db jshsakura-oc-piloci-f351c9f/src/piloci/cli.py :272 from sqlalchemy import func, select
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/backlog.py :20 from sqlalchemy import func, select, update
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/budget.py :20 from sqlalchemy import func, select
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/distillation_worker.py :24 from sqlalchemy import select, update
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/llm_providers.py :13 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/profile.py :15 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/team_index.py :130 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/team_wiki_worker.py :526 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/vault.py :246 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/curator/weekly_digest_worker.py :30 from sqlalchemy import func, select
db jshsakura-oc-piloci-f351c9f/src/piloci/db/models.py :5 from sqlalchemy import (
db jshsakura-oc-piloci-f351c9f/src/piloci/db/session.py :6 from sqlalchemy import event
db jshsakura-oc-piloci-f351c9f/src/piloci/main.py :85 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/notify/health.py :31 from sqlalchemy import func, select
db jshsakura-oc-piloci-f351c9f/src/piloci/notify/telegram_bot.py :31 from sqlalchemy import func, select
db jshsakura-oc-piloci-f351c9f/src/piloci/ops/backfill.py :32 from sqlalchemy import select, update
db jshsakura-oc-piloci-f351c9f/src/piloci/ops/maintenance.py :7 from sqlalchemy import delete, func, select
db jshsakura-oc-piloci-f351c9f/src/piloci/tools/memory_tools.py :521 from sqlalchemy import select
db jshsakura-oc-piloci-f351c9f/src/piloci/tools/project_tools.py :14 from sqlalchemy.ext.asyncio import AsyncSession