AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package has opt-out product telemetry and user-invoked local config/agent-skill installation for its Canonry CLI/MCP workflow.
Decision evidence
public snapshot- dist/chunk-YEOLQT5S.js derives an anonymous telemetry ID from hostname and first non-internal MAC, then posts CLI events to https://canonry.ai/api/telemetry.
- dist/cli.js can write MCP/agent skill config under .mcp.json, .claude/skills, .codex/skills, or Claude/Cursor config, but only through user-invoked init/skills/mcp commands.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- bin/canonry.mjs and bin/canonry-mcp.mjs only import CLI/MCP main functions.
- dist/cli.js only runs main when invoked as the entrypoint; import exposes runCli/main without immediate command execution.
- Telemetry is package-aligned, disclosed in CLI first-run notice, disabled by CANONRY_TELEMETRY_DISABLED, DO_NOT_TRACK, CI, or config telemetry=false.
- README.md documents cnry init installing agent skills and requiring sign-off before site-changing agent actions.
- child_process usage is user-facing browser opening and daemon start, not hidden payload execution.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10348Source collects local host identity data and sends it to an external endpoint.
dist/chunk-YEOLQT5S.jsView on unpkg · L187This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-3HKBUYIY.jsView on unpkg