Reusable KeypoolLive chatbot React component (<Chatbot />) built on @sctg/cline-agents, @sctg/cline-llms and @sctg/cline-shared
No confirmed malicious attack surface was found. Network and storage behavior is part of the browser chatbot, vault, GitHub import/auth, usage tracking, AI provider, and Pyodide features and is activated by embedding or user actions.
Package source references child process execution.
dist-lib/pyodide/pyodide.mjsView on unpkg · L2Package source references dynamic require/import behavior.
dist-lib/pyodide/pyodide.mjsView on unpkg · L2Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist-lib/pyodide/pyodide.asm.mjsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist-lib/pyodide/pyodide.asm.mjsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist-lib/pyodide/pyodide.asm.mjsView on unpkg · L1Source reaches cloud instance metadata or link-local credential endpoints.
dist-lib/assets/dist-es-0JACG7BN.jsView on unpkg · L56Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist-lib/assets/vertex-BDiGCkcL.jsView on unpkg · L4Package ships high-entropy non-source blobs.
dist-lib/pyodide/python_stdlib.zipView on unpkgPackage ships compressed or archive-like blobs.
dist-lib/pyodide/python_stdlib.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist-lib/pyodide/python_stdlib.zipView on unpkgPackage contains source files above the static scanner size ceiling.
dist-lib/index.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist-lib/assets/pyodide-CtZbGtxv.jsView on unpkgPackage source references child process execution.
dist-lib/pyodide/pyodide.mjsView on unpkg · L2Package source references dynamic require/import behavior.
dist-lib/pyodide/pyodide.mjsView on unpkg · L2Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist-lib/pyodide/pyodide.asm.mjsView on unpkg · L1Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist-lib/pyodide/pyodide.asm.mjsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist-lib/pyodide/pyodide.asm.mjsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist-lib/assets/vertex-BDiGCkcL.jsView on unpkg · L4Package ships high-entropy non-source blobs.
dist-lib/pyodide/python_stdlib.zipView on unpkgPackage ships compressed or archive-like blobs.
dist-lib/pyodide/python_stdlib.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist-lib/pyodide/python_stdlib.zipView on unpkgPackage contains source files above the static scanner size ceiling.
dist-lib/index.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist-lib/assets/pyodide-CtZbGtxv.jsView on unpkgSource reaches cloud instance metadata or link-local credential endpoints.
dist-lib/assets/dist-es-0JACG7BN.jsView on unpkg · L56