AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a CLI/server for Canonry that performs user-invoked setup, telemetry, provider API calls, skill installation, MCP config installation, and optional plugin installation.
Decision evidence
public snapshot- dist/chunk-NDXV6EYD.js posts opt-out telemetry to https://canonry.ai/api/telemetry with anonymousId, version, node/os/arch.
- dist/cli.js init can write bundled skills to .claude/skills and .codex/skills, and MCP config to .mcp.json when run in a project.
- dist/chunk-QLWRJEII.js can spawn npm/pnpm to install @duckdb/node-api for CommonCrawl plugin when that feature is invoked.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- bin/canonry.mjs and bin/canonry-mcp.mjs only import CLI/MCP entrypoints; no install-time execution.
- Telemetry has visible notice and disables for CANONRY_TELEMETRY_DISABLED, DO_NOT_TRACK, CI, or config telemetry:false.
- AI-agent skill and MCP writes are tied to explicit canonry init/skills/mcp commands, not package install/import.
- Credential/API-key handling is for configured providers and integrations; source redacts secrets in error/detail paths reviewed.
- Network endpoints are package-aligned: Canonry telemetry/update checks, npm registry, AI/Google/Bing/OpenAI/Vercel/WordPress integrations.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
dist/chunk-QLWRJEII.jsView on unpkgPackage source references child process execution.
dist/chunk-QLWRJEII.jsView on unpkg · L25817A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10348Source collects local host identity data and sends it to an external endpoint.
dist/chunk-NDXV6EYD.jsView on unpkg · L187