Loading npm security reports…
inference.sh CLI — run AI apps, manage skills, connect MCP servers
Static analysis flagged 8 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Package defines install-time lifecycle scripts.
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
run.jsView on unpkg · L2Package defines install-time lifecycle scripts.
package.jsonView on unpkg · L17Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L17Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
run.jsView on unpkg · L2