AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a CLI/server tool with opt-out telemetry, local config writes, explicit skill installation, and provider/API integrations aligned with its AEO platform purpose.
Decision evidence
public snapshot- dist/chunk-XRKGLZF6.js builds a deterministic anonymous ID from hostname and MAC when no config ID exists, then posts telemetry to canonry.ai.
- dist/cli.js sends cli.command telemetry on normal CLI runs when telemetry is enabled.
- dist/chunk-XRKGLZF6.js can install bundled skills into .claude/skills and symlink .codex/skills, but only via explicit skills install/init flow.
- package.json has no install/preinstall/postinstall lifecycle scripts.
- bin/canonry.mjs and bin/canonry-mcp.mjs only import CLI/MCP entrypoints; no install-time execution.
- Telemetry is disclosed in first-run notice and can be disabled by config, CANONRY_TELEMETRY_DISABLED, DO_NOT_TRACK, or CI.
- Child process usage is package-aligned: opening OAuth URL, daemonizing local server, or user-invoked DuckDB plugin install.
- Credential references are for local Canonry config, OAuth integrations, and database migrations; no source shows credential harvesting/exfiltration.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/chunk-UCKUZCIM.jsView on unpkg · L25763A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10330Source collects local host identity data and sends it to an external endpoint.
dist/chunk-XRKGLZF6.jsView on unpkg · L187This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-IDSJTITA.jsView on unpkg