pi-coding-agent inside an aicodebox container. One image, five ways in: interactive shell, one-shot API, OpenAI-compatible endpoint, MCP server, Telegram bot, and a cron scheduler that fires pi on whatever schedule you want. You talk to pibox. pibox talks to pi. pi talks to whatever LLM you point it at. Nobody cares about the middle.
- capability exposureinferred+16
- trust mitigatorsmixed−3
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 14m ago · see ecosystem CVEs →
- A · 0 → A · 13
No known CVEs for this server.
No tool-safety findings — heuristic detectors run on the compute-risk cadence; a finding appears when a tool trips a rule.
[](https://mcpobservatory.com/servers/github:psyb0t/docker-pibox/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of psyb0t.