registry  /  @claudiolabs/claudin  /  0.6.14

@claudiolabs/claudin@0.6.14

Claudin — Claude Code opened to any LLM (OpenAI, Gemini, DeepSeek, Ollama, and 200+ models)

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The install hook prewarms V8 cache by invoking safe fast-path CLI flags; runtime network and credential storage are user-invoked AI provider features.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; user runs claudin for runtime features
Impact
No confirmed unauthorized data access, exfiltration, persistence, or destructive behavior
Mechanism
postinstall cache warmup and user-invoked AI CLI
Rationale
Static inspection found risky primitives, but they are package-aligned and either install-time cache warmup or user-invoked CLI/provider functionality. I did not find concrete malicious install/import-time behavior or unconsented AI-agent control-surface mutation.
Evidence
package.jsonscripts/postinstall-warmup.mjsscripts/v8cache-gc.mjsbin/claudindist/cli.mjsdist/chunks/cli-0.6.14-x5c5tsdg.mjsdist/chunks/cli-0.6.14-hwwpzjf6.mjsdist/chunks/index-0.6.14-grrxerr7.mjsdist/claudin-vscode.vsix~/.claudin/v8cache

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall hook: node scripts/postinstall-warmup.mjs
  • bin/claudin can write ~/.claudin/v8cache and re-exec with heap/allocator env changes
  • dist is bundled/minified and ships dist/claudin-vscode.vsix archive
Evidence against
  • scripts/postinstall-warmup.mjs only spawnSyncs bin/claudin --version and --help with stdio ignored and 15s timeouts
  • dist/cli.mjs handles --version directly and --help by reading dist/help*.txt before startup update/auth/provider network paths
  • scripts/v8cache-gc.mjs only deletes stale files under the provided v8cache directory
  • Network/OAuth code inspected is aligned with AI CLI features: Anthropic, GitHub Copilot, Codex, xAI, DuckDuckGo, provider APIs
  • No install-time credential harvesting, external exfiltration endpoint, persistence, destructive project writes, or AI-agent control-surface mutation confirmed
  • Trojan-source hint in index chunk appears from bundled entity/encoding tables containing invisible character references, not hidden control flow
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 449 file(s), 8.04 MB of source, external domains: 1.1.1.1, 127.0.0.1, 169.254.169.254, 169.254.170.2, a.co, anthropic.com, api.anthropic.com, api.cloudflare.com, api.deepseek.com, api.firecrawl.dev, api.githubcopilot.com, api.groq.com, api.kimi.com, api.minimax.io, api.mistral.ai, api.moonshot.ai, api.openai.com, api.together.xyz, api.x.ai, api.z.ai, app.corridor.dev, auth.openai.com, beacon.claude-ai.staging.ant.dev, bedrock-runtime.us-east-1.amazonaws.com, chatgpt.com, clau.de, claude-staging.fedstart.com, claude.ai, claude.com, claude.fedstart.com, code.claude.com, coding-intl.dashscope.aliyuncs.com, coding.dashscope.aliyuncs.com, docs.anthropic.com, docs.aws.amazon.com, docs.claude.com, docs.expo.dev, duckduckgo.com, example.com, external-content.duckduckgo.com, fonts.googleapis.com, gateway.ai.cloudflare.com, generativelanguage.googleapis.com, git-scm.com, github.com, hooks.example.com, integrate.api.nvidia.com, json-schema.org, json.schemastore.org, links.duckduckgo.com
Oversized source lightweight scan
dist/chunks/cli-0.6.14-sfan5yg2.mjs3.45 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsHighEntropyStringsUrlStringsexample.comraw.githubusercontent.com

Source & flagged code

17 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall-warmup.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/chunks/cli-0.6.14-x5c5tsdg.mjsView file
1patternName = generic_password severity = medium line = 1 matchedText = import{q...tml>
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/chunks/cli-0.6.14-x5c5tsdg.mjsView on unpkg · L1
dist/chunks/cli-0.6.14-0h1s6fwr.mjsView file
1import{Tpa as tZ}from"./cli-0.6.14-mjqpmr9h.mjs";var u0=tZ((g0,LZ)=>{function JZ(Z){if(Z instanceof Map)Z.clear=Z.delete=Z.set=function(){throw Error("map is read-only")};else if(Z... L2: https://github.com/highlightjs/highlight.js/issues/2277`),f=q,C=V;let L={code:C,language:f};c("before:highlight",L);let O=L.result?L.result:S(L.language,L.code,K,H);return O.code=L...
High
Child Process

Package source references child process execution.

dist/chunks/cli-0.6.14-0h1s6fwr.mjsView on unpkg · L1
dist/chunks/hookChains-0.6.14-pqje8ftz.mjsView file
1import{Ix as kj,gE as jj,iA as M,jA as Cj,mE as Kj,sx as t}from"./cli-0.6.14-sfan5yg2.mjs";import"./cli-0.6.14-n33bnafx.mjs";import"./cli-0.6.14-0kk6g260.mjs";import"./cli-0.6.14-p... L2: `)}function ej(j,q,G){let A=_(G.payload),F=U(A),J={EVENT_NAME:G.eventName,OUTCOME:G.outcome,RULE_ID:q.id,PAYLOAD_JSON:F,ERROR:Y(A,["error","reason"])??"",TASK_SUBJECT:Y(A,["task_su... L3: `);return{summary:O,body:P}}async function tj(j){let{action:q,rule:G,event:A,runtime:F}=j;if(F.signal?.aborted)return{status:"skipped",reason:"aborted"};if(!F.onSpawnFallbackAgent)...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunks/hookChains-0.6.14-pqje8ftz.mjsView on unpkg · L1
dist/chunks/cli-0.6.14-zs6qf39k.mjsView file
1Cross-file remote execution chain: dist/chunks/cli-0.6.14-zs6qf39k.mjs spawns dist/chunks/cli-0.6.14-g818hb3n.mjs; helper contains network access plus dynamic code execution. L1: import{Xea as o6,afa as aW}from"./cli-0.6.14-xkdca0es.mjs";import{ifa as Vq,kfa as c6,lfa as hI}from"./cli-0.6.14-0kj0zvsp.mjs";import{Hfa as Q3,vfa as S1}from"./cli-0.6.14-2kj6t82... L2: `;try{$.appendFileSync(Q,Y)}catch{try{$.mkdirSync(eL(Q)),$.appendFileSync(Q,Y)}catch{}}}function Z_(){return process.env.CLAUDE_CODE_DIAGNOSTICS_FILE}async function gP(Z,q,J){let Q... L3: `)){let Q=J.match(/^(ID|VERSION_ID)=(.*)$/);if(Q&&Q[1]&&Q[2]){let X=Q[2].replace(/^"|"$/g,"");if(Q[1]==="ID")Z.linuxDistroId=X;else Z.linuxDistroVersion=X}}}catch{}return Z})});imp... L4: `).filter(Boolean),Q=r().toLowerCase();for(let X of J){let $=R6.resolve(X).toLowerCase();if(R6.dirname($).toLowerCase()===Q||$.startsWith(Q+R6.sep)){x(`Skipping potentially malicio... ... L17: `)}catch(Y){if(W0(Y)==="ENOENT")await XR(X,`${J} L18: `,"utf-8");else throw Y}}catch(J){f(J)}}var k$=B(()=>{q1();C1();b4();R2();p0()});function F2(Z,q=!1){let J=Z.length,Q=0,X="",$=0,Y=16,H=0,K=0,W=0,U=0,V=0;function L(M,O){let T=0,j=... L19: `;break;case 114:M+=…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/chunks/cli-0.6.14-zs6qf39k.mjsView on unpkg · L1
1import{Xea as o6,afa as aW}from"./cli-0.6.14-xkdca0es.mjs";import{ifa as Vq,kfa as c6,lfa as hI}from"./cli-0.6.14-0kj0zvsp.mjs";import{Hfa as Q3,vfa as S1}from"./cli-0.6.14-2kj6t82... L2: `;try{$.appendFileSync(Q,Y)}catch{try{$.mkdirSync(eL(Q)),$.appendFileSync(Q,Y)}catch{}}}function Z_(){return process.env.CLAUDE_CODE_DIAGNOSTICS_FILE}async function gP(Z,q,J){let Q... L3: `)){let Q=J.match(/^(ID|VERSION_ID)=(.*)$/);if(Q&&Q[1]&&Q[2]){let X=Q[2].replace(/^"|"$/g,"");if(Q[1]==="ID")Z.linuxDistroId=X;else Z.linuxDistroVersion=X}}}catch{}return Z})});imp... L4: `).filter(Boolean),Q=r().toLowerCase();for(let X of J){let $=R6.resolve(X).toLowerCase();if(R6.dirname($).toLowerCase()===Q||$.startsWith(Q+R6.sep)){x(`Skipping potentially malicio... ... L17: `)}catch(Y){if(W0(Y)==="ENOENT")await XR(X,`${J} L18: `,"utf-8");else throw Y}}catch(J){f(J)}}var k$=B(()=>{q1();C1();b4();R2();p0()});function F2(Z,q=!1){let J=Z.length,Q=0,X="",$=0,Y=16,H=0,K=0,W=0,U=0,V=0;function L(M,O){let T=0,j=... L19: `;break;case 114:M+="\r";break;case 116:M+="\t";break;case 117:let A=L(4,!0);if(A>=0)M+=String.fromCharCode(A);else V=4;break;default:V=5}O=Q;continue}if(T>=0&&T<=31)if(M2(T)){M+=Z... ... L34: `,Q
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/chunks/cli-0.6.14-zs6qf39k.mjsView on unpkg · L1
dist/chunks/cli-0.6.14-hwwpzjf6.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @claudiolabs/claudin@0.6.12 matchedIdentity = npm:QGNsYXVkaW9sYWJzL2NsYXVkaW4:0.6.12 similarity = 0.858 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunks/cli-0.6.14-hwwpzjf6.mjsView on unpkg
1import{W6 as k2,Y6 as x8}from"./cli-0.6.14-p380n7ja.mjs";import{$6 as mZ,_6 as h}from"./cli-0.6.14-0ycrhwsw.mjs";import{k7 as d5,m7 as w8}from"./cli-0.6.14-645ardy7.mjs";import{$7 ... L2: `;await H0("security",["-i"],{input:q,reject:!1}),x("tengu_api_key_saved_to_keychain",{}),$=!0}catch(Q){N(Q),x("tengu_api_key_keychain_error",{error:p(Q)}),x("tengu_api_key_saved_t...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/chunks/cli-0.6.14-hwwpzjf6.mjsView on unpkg · L1
1import{W6 as k2,Y6 as x8}from"./cli-0.6.14-p380n7ja.mjs";import{$6 as mZ,_6 as h}from"./cli-0.6.14-0ycrhwsw.mjs";import{k7 as d5,m7 as w8}from"./cli-0.6.14-645ardy7.mjs";import{$7 ... L2: `;await H0("security",["-i"],{input:q,reject:!1}),x("tengu_api_key_saved_to_keychain",{}),$=!0}catch(Q){N(Q),x("tengu_api_key_keychain_error",{error:p(Q)}),x("tengu_api_key_saved_t...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/chunks/cli-0.6.14-hwwpzjf6.mjsView on unpkg · L1
dist/chunks/index-0.6.14-8zzk0q1e.mjsView file
1import{Hpa as ve,Ipa as L}from"./cli-0.6.14-frt92hs0.mjs";import{Jpa as _e}from"./cli-0.6.14-11n72npf.mjs";import{Mpa as Ke,Ppa as he,Qpa as Se}from"./cli-0.6.14-ebpc2q9b.mjs";impo... L2: - loopback CIDR 127.0.0.0/8 or [::1/128] L3: - ECS container host 169.254.170.2 L4: - EKS container host 169.254.170.23 or [fd00:ec2::23]`,{logger:j})};ye.checkUrl=Ae});var Ce=H((B)=>{Object.defineProperty(B,"__esModule",{value:!0});B.resolveHttpHandlerRuntimeConf... L5: Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI.`,{logger:f.logger});let n=new URL(j);(0,ut.checkUrl)(n,f.logger);let r=nt.NodeHttpHandler.create({...
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/chunks/index-0.6.14-8zzk0q1e.mjsView on unpkg · L1
dist/chunks/index-0.6.14-grrxerr7.mjsView file
20contains invisible/control Unicode U+200B (zero width space) \v\f\r\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F !"#$٪&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_\`abcdefghijklmnopqrstuvwxyz{|}~°·∙√▒─│┼┤┬├┴┐┌└┘β∞φ±½¼≈«»ﻷﻸ��ﻻﻼ� ­ﺂ£¤ﺄ��ﺎﺏﺕﺙ،ﺝﺡﺥ٠١٢٣٤٥٦٧٨٩ﻑ؛ﺱﺵﺹ؟
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/chunks/index-0.6.14-grrxerr7.mjsView on unpkg · L20
dist/chunks/defaultActionDeps-0.6.14-576scmq8.mjsView file
1import"./cli-0.6.14-1whzwvvw.mjs";import{n as a,p as DG,q as IG,r as _B,s as aB}from"./cli-0.6.14-z0d41c6a.mjs";import"./cli-0.6.14-4x6ppgsd.mjs";import"./cli-0.6.14-zaf65t8e.mjs";... L2: `)),process.exit(1);if(PI()==="windows")process.stderr.write(Q.red(`Error: --tmux is not supported on Windows ... L26: 1. **Code review** — Invoke the \`${Qg}\` tool with \`skill: "code-review"\` and \`args: "medium"\` to get a correctness-bug report on your changes, then fix every reported bug bef... L27: 2. **Run unit tests** — Run the project's test suite (check for package.json scripts, Makefile targets, or common commands like \`npm test\`, \`bun test\`, \`pytest\`, \`go test\`)... L28: 3. **Test end-to-end** — Follow the e2e test recipe from the coordinator's prompt (below). If the recipe says to skip e2e for this unit, skip it. ... L352: `;let Z=I.target?`Review target: \`${I.target}\` L353: `:"";return`${B}${Z}${pb[g]}${I.comment?Eb:""}${I.fix?_b:""}`}function Ug(){$({name:"code-review",description:"Review the current diff for correctness bugs and reuse/simplification... L354: `).slice(-kG).join(` ... L459: Do not add anything to \`permissions.deny\` or \`permissions.ask\`. Do not touc
High
Base64 Obscured Url

Source decodes a Base64-obscured HTTP endpoint at runtime.

dist/chunks/defaultActionDeps-0.6.14-576scmq8.mjsView on unpkg · L1
dist/claudin-vscode.vsixView file
path = dist/claudin-vscode.vsix kind = high_entropy_blob sizeBytes = 91168 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/claudin-vscode.vsixView on unpkg
path = dist/claudin-vscode.vsix kind = compressed_blob sizeBytes = 91168 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

dist/claudin-vscode.vsixView on unpkg
path = dist/claudin-vscode.vsix kind = nested_archive_needs_inspection sizeBytes = 91168 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

dist/claudin-vscode.vsixView on unpkg
dist/chunks/cli-0.6.14-sfan5yg2.mjsView file
path = dist/chunks/cli-0.6.14-sfan5yg2.mjs kind = oversized_source_file sizeBytes = 3619382 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/chunks/cli-0.6.14-sfan5yg2.mjsView on unpkg
dist/chunks/openaiShim-0.6.14-da1kj5v4.mjsView file
11patternName = generic_password severity = medium line = 11 matchedText = [Content...in(`
Medium
Secret Pattern

Hardcoded password in dist/chunks/openaiShim-0.6.14-da1kj5v4.mjs

dist/chunks/openaiShim-0.6.14-da1kj5v4.mjsView on unpkg · L11

Findings

2 Critical11 High8 Medium7 Low
CriticalTrojan Source Unicodedist/chunks/index-0.6.14-grrxerr7.mjs
CriticalPrevious Version Dangerous Deltadist/chunks/cli-0.6.14-hwwpzjf6.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/chunks/cli-0.6.14-0h1s6fwr.mjs
HighShell
HighSame File Env Network Executiondist/chunks/cli-0.6.14-hwwpzjf6.mjs
HighCommand Output Exfiltrationdist/chunks/cli-0.6.14-hwwpzjf6.mjs
HighCloud Metadata Accessdist/chunks/index-0.6.14-8zzk0q1e.mjs
HighCross File Remote Execution Contextdist/chunks/cli-0.6.14-zs6qf39k.mjs
HighBase64 Obscured Urldist/chunks/defaultActionDeps-0.6.14-576scmq8.mjs
HighObfuscated
HighShips High Entropy Blobdist/claudin-vscode.vsix
HighOversized Source Filedist/chunks/cli-0.6.14-sfan5yg2.mjs
MediumSecret Patterndist/chunks/cli-0.6.14-x5c5tsdg.mjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunks/cli-0.6.14-zs6qf39k.mjs
MediumProtestware
MediumShips Compressed Blobdist/claudin-vscode.vsix
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/chunks/openaiShim-0.6.14-da1kj5v4.mjs
LowScripts Present
LowWeak Cryptodist/chunks/hookChains-0.6.14-pqje8ftz.mjs
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNested Archive Needs Inspectiondist/claudin-vscode.vsix