AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked CLI/server for AEO monitoring with telemetry, provider API calls, local config/database writes, and optional agent skill/MCP setup.
Decision evidence
public snapshot- dist/chunk-KS2M7B5E.js posts anonymous telemetry to https://canonry.ai/api/telemetry using an ID derived from hostname/MAC when no config ID exists.
- dist/cli.js init may install bundled skills into .claude/skills and symlink .codex/skills; it may also register an MCP server in .mcp.json.
- dist/chunk-UOMNYP5T.js has user-invoked child_process spawn for optional DuckDB plugin install under ~/.canonry/plugins.
- package.json has no install/preinstall/postinstall lifecycle scripts.
- bin/canonry.mjs and bin/canonry-mcp.mjs only import CLI/MCP entrypoints when the user runs the binaries.
- Telemetry has opt-outs via CANONRY_TELEMETRY_DISABLED, DO_NOT_TRACK, CI, or config telemetry:false and is disclosed in CLI first-run text.
- Agent skill and MCP writes are tied to explicit init/skills/mcp commands and are documented in README/CLI strings.
- Network endpoints are package-aligned: Canonry telemetry/update checks, npm registry, provider APIs, Google/Bing/CommonCrawl/Vercel/WordPress integrations.
- No evidence of credential harvesting or exfiltration beyond user-configured provider/integration API calls.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-UOMNYP5T.jsView on unpkgPackage source references child process execution.
dist/chunk-UOMNYP5T.jsView on unpkg · L25881A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10651Source collects local host identity data and sends it to an external endpoint.
dist/chunk-KS2M7B5E.jsView on unpkg · L187