registry  /  @claudiolabs/claudin  /  0.6.12

@claudiolabs/claudin@0.6.12

Claudin — Claude Code opened to any LLM (OpenAI, Gemini, DeepSeek, Ollama, and 200+ models)

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The only install-time behavior is local CLI warmup for V8 compile cache, with no observed network or credential access in the inspected postinstall path.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install lifecycle postinstall; user running claudin CLI
Impact
Install may execute local --version/--help and write compile cache; no confirmed exfiltration or destructive behavior.
Mechanism
local V8 cache warmup and user-invoked LLM CLI
Rationale
Scanner findings map to a bundled LLM CLI with a VSCode extension, provider SDKs, and a documented postinstall warmup; source inspection did not confirm unconsented network, credential theft, persistence, or destructive behavior. Install-time execution is present but bounded and package-aligned, so this should not be blocked as malicious.
Evidence
package.jsonscripts/postinstall-warmup.mjsbin/claudindist/cli.mjs~/.claudin/v8cache

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall running scripts/postinstall-warmup.mjs.
  • scripts/postinstall-warmup.mjs spawns bin/claudin --version and --help at install time.
  • bin/claudin creates ~/.claudin/v8cache and re-execs with heap flags unless disabled.
Evidence against
  • postinstall-warmup.mjs is documented as V8 cache warmup, ignores stdio, has 15s timeout, and disables heap bump/cache GC.
  • No network calls in postinstall-warmup.mjs; it only checks dist/cli.mjs and bin/claudin then runs local CLI help/version.
  • package purpose is an LLM CLI; runtime network/API/env/child_process capabilities are package-aligned and user-invoked.
  • bin/claudin imports dist/cli.mjs only after launcher setup; no credential harvesting or exfiltration found in inspected install path.
  • VSIX and large bundled chunks are expected distributable artifacts for a CLI/VSCode extension package.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 449 file(s), 8.04 MB of source, external domains: 1.1.1.1, 127.0.0.1, 169.254.169.254, 169.254.170.2, a.co, anthropic.com, api.anthropic.com, api.cloudflare.com, api.deepseek.com, api.firecrawl.dev, api.githubcopilot.com, api.groq.com, api.kimi.com, api.minimax.io, api.mistral.ai, api.moonshot.ai, api.openai.com, api.together.xyz, api.x.ai, api.z.ai, app.corridor.dev, auth.openai.com, beacon.claude-ai.staging.ant.dev, bedrock-runtime.us-east-1.amazonaws.com, chatgpt.com, clau.de, claude-staging.fedstart.com, claude.ai, claude.com, claude.fedstart.com, code.claude.com, coding-intl.dashscope.aliyuncs.com, coding.dashscope.aliyuncs.com, docs.anthropic.com, docs.aws.amazon.com, docs.claude.com, docs.expo.dev, duckduckgo.com, example.com, external-content.duckduckgo.com, fonts.googleapis.com, gateway.ai.cloudflare.com, generativelanguage.googleapis.com, git-scm.com, github.com, hooks.example.com, integrate.api.nvidia.com, json-schema.org, json.schemastore.org, links.duckduckgo.com
Oversized source lightweight scan
dist/chunks/cli-0.6.12-g971w5pv.mjs3.45 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringsexample.comraw.githubusercontent.com

Source & flagged code

11 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall-warmup.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/chunks/cli-0.6.12-5abky5z4.mjsView file
1patternName = generic_password severity = medium line = 1 matchedText = import{q...tml>
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/chunks/cli-0.6.12-5abky5z4.mjsView on unpkg · L1
dist/chunks/cli-0.6.12-byvhqye2.mjsView file
1import{Aia as pg,Nia as U4}from"./cli-0.6.12-967g034j.mjs";import{Upa as ir,Vpa as N,Wpa as fg}from"./cli-0.6.12-6bdrnprg.mjs";import{execFile as l4}from"child_process";import{prom... L2: `).filter((o)=>o.startsWith("worktree ")).map((o)=>o.slice(9).normalize("NFC"))}catch{return[]}}var I4;var Cg=N(()=>{I4=c4(l4)});function hg(r){let i=0;for(let o=0;o<r.length;o++)i...
High
Child Process

Package source references child process execution.

dist/chunks/cli-0.6.12-byvhqye2.mjsView on unpkg · L1
dist/chunks/cli-0.6.12-pf3jff0s.mjsView file
1import{L0 as o,O0 as OJ}from"./cli-0.6.12-fwnpcanc.mjs";import{Gba as HJ,Rca as D,f$ as G,h$ as BJ,nea as q,tca as v,vea as E,wba as i,x8 as K,y8 as I}from"./cli-0.6.12-ecm9vh62.mj... L2: exec "${J}/node_modules/.bin/claudin" "$@"`,493))await JJ(Q,493);return!0}catch(J){return q(J),!1}}async function EJ(J,Q){try{if(!await $J())return"install_failed";let Z=await K("n... L3: `)}catch(Q){if(p(Q))return null;throw Q}}async function n(J,Q){let Y=await qJ(J,"w");try{await Y.writeFile(Q.join(`
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/chunks/cli-0.6.12-pf3jff0s.mjsView on unpkg · L1
dist/chunks/index-0.6.12-pd2j0wnb.mjsView file
20contains invisible/control Unicode U+200B (zero width space) \v\f\r\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F !"#$٪&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_\`abcdefghijklmnopqrstuvwxyz{|}~°·∙√▒─│┼┤┬├┴┐┌└┘β∞φ±½¼≈«»ﻷﻸ��ﻻﻼ� ­ﺂ£¤ﺄ��ﺎﺏﺕﺙ،ﺝﺡﺥ٠١٢٣٤٥٦٧٨٩ﻑ؛ﺱﺵﺹ؟
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/chunks/index-0.6.12-pd2j0wnb.mjsView on unpkg · L20
dist/chunks/bridgeMain-0.6.12-02c465aw.mjsView file
1Cross-file remote execution chain: dist/chunks/bridgeMain-0.6.12-02c465aw.mjs spawns dist/chunks/cli-0.6.12-byvhqye2.mjs; helper contains network access plus dynamic code execution. L1: import{ab as yJ,bb as xz,cb as rz,db as cz,eb as iz,fb as bJ}from"./cli-0.6.12-c8b2fkt8.mjs";import{hb as Tz}from"./cli-0.6.12-127pt3vk.mjs";import{pb as TJ,qb as xJ,rb as MJ,sb as... L2: `).filter((K)=>K.length>0)}function GJ(z){let J=z.write??(($)=>process.stdout.write($)),K=z.verbose,Y=0,O="idle",Z="Ready",R="",B="",U="",F="",L="",A=null,N=[],M=!1,E=null,P=0,x=0,... L3: `)){if(Gz.length===0){w++;continue}let Nz=sz(Gz);w+=Math.max(1,Math.ceil(Nz/j))}if($.endsWith(` ... L31: `),$)m(`${G.red($)} L32: `)},updateSessionStatus($,j,w,Gz){if(w.type==="tool_start")E=w.summary,P=Date.now();p()},clearStatus(){t(),a()},toggleQr(){M=!M,p()},updateSessionCount($,j,w){if(x===$&&_===j&&k===... L33: `);if(N.length>=eJ)N.shift();N.push(f)});if(F.stdout)HJ({input:F.stdout}).on("line",(f)=>{if(Z)Z.write(f+` L34: `);if(z.onDebug(`[bridge:ws] sessionId=${J.sessionId} <<< ${mz(f)}`),z.verbose)process.stderr.write(f+` L35: `);let k=$K(f,J.sessionId,z.onDebug);for(let b of k){if(L.length>=sJ)L.shift();L.push(b),A=b,z.on…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/chunks/bridgeMain-0.6.12-02c465aw.mjsView on unpkg · L1
dist/claudin-vscode.vsixView file
path = dist/claudin-vscode.vsix kind = high_entropy_blob sizeBytes = 91168 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/claudin-vscode.vsixView on unpkg
path = dist/claudin-vscode.vsix kind = compressed_blob sizeBytes = 91168 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

dist/claudin-vscode.vsixView on unpkg
path = dist/claudin-vscode.vsix kind = nested_archive_needs_inspection sizeBytes = 91168 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

dist/claudin-vscode.vsixView on unpkg
dist/chunks/cli-0.6.12-g971w5pv.mjsView file
path = dist/chunks/cli-0.6.12-g971w5pv.mjs kind = oversized_source_file sizeBytes = 3619141 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/chunks/cli-0.6.12-g971w5pv.mjsView on unpkg
dist/chunks/openaiShim-0.6.12-0wwtx5pq.mjsView file
11patternName = generic_password severity = medium line = 11 matchedText = [Content...in(`
Medium
Secret Pattern

Hardcoded password in dist/chunks/openaiShim-0.6.12-0wwtx5pq.mjs

dist/chunks/openaiShim-0.6.12-0wwtx5pq.mjsView on unpkg · L11

Findings

1 Critical7 High8 Medium6 Low
CriticalTrojan Source Unicodedist/chunks/index-0.6.12-pd2j0wnb.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/chunks/cli-0.6.12-byvhqye2.mjs
HighShell
HighCross File Remote Execution Contextdist/chunks/bridgeMain-0.6.12-02c465aw.mjs
HighObfuscated
HighShips High Entropy Blobdist/claudin-vscode.vsix
HighOversized Source Filedist/chunks/cli-0.6.12-g971w5pv.mjs
MediumSecret Patterndist/chunks/cli-0.6.12-5abky5z4.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunks/cli-0.6.12-pf3jff0s.mjs
MediumProtestware
MediumShips Compressed Blobdist/claudin-vscode.vsix
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/chunks/openaiShim-0.6.12-0wwtx5pq.mjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNested Archive Needs Inspectiondist/claudin-vscode.vsix