registry  /  @splyntra/sdk  /  1.1.0

@splyntra/sdk@1.1.0

Splyntra TypeScript SDK - Agent observability & security, built on OpenTelemetry

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an observability SDK that can send OpenTelemetry spans to a user-configured collector during runtime, with redaction enabled by default.

Static reason
One or more suspicious static signals were detected.
Trigger
User imports the package and constructs Splyntra or explicitly calls instrumentation helpers.
Impact
Runtime telemetry export may include application trace metadata, but behavior is package-aligned and documented with client-side redaction.
Mechanism
User-invoked OpenTelemetry tracing and optional SDK monkey-patching
Rationale
Static inspection found package-aligned observability code, no install-time execution, no filesystem mutation, no shell execution, no persistence, and no AI-agent control-surface writes. The scanner secret finding is explained by redaction test fixtures using clearly fake example tokens.
Evidence
package.jsondist/index.jsdist/exporters/index.jsdist/redaction.jsdist/instrumentors/openai.jsdist/instrumentors/langgraph.jsdist/redaction.test.jsREADME.md
Network endpoints1
localhost:4318/v1/traces

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has only prepublishOnly build hook, no install/postinstall/prepare runtime lifecycle hook.
    • dist/index.js initializes OpenTelemetry tracing only when Splyntra is constructed by user code.
    • dist/exporters/index.js exports traces to caller-configured OTLP endpoint, default http://localhost:4318/v1/traces.
    • dist/redaction.js redacts credential-like span attributes before export by default.
    • dist/instrumentors/openai.js and dist/instrumentors/langgraph.js only monkey-patch target SDK methods after explicit instrumentation and record metadata/usage.
    • dist/redaction.test.js contains dummy AWS/JWT/API key strings used as redaction test fixtures, not real secrets or exfil payloads.
    Behavioral surface
    SourceNo risky source behavior triggered.
    Supply chain
    HighEntropyStrings
    ManifestNo manifest risk signals triggered.
    scanned 7 file(s), 24.9 KB of source

    Source & flagged code

    3 flagged · loading source
    dist/redaction.test.jsView file
    8patternName = aws_access_key severity = critical line = 8 matchedText = const ou...d");
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/redaction.test.jsView on unpkg · L8
    8patternName = aws_access_key severity = critical line = 8 matchedText = const ou...d");
    Critical
    Secret Pattern

    AWS access key ID in dist/redaction.test.js

    dist/redaction.test.jsView on unpkg · L8
    27patternName = aws_access_key severity = critical line = 27 matchedText = const sp...} };
    Critical
    Secret Pattern

    AWS access key ID in dist/redaction.test.js

    dist/redaction.test.jsView on unpkg · L27

    Findings

    3 Critical3 Low
    CriticalCritical Secretdist/redaction.test.js
    CriticalSecret Patterndist/redaction.test.js
    CriticalSecret Patterndist/redaction.test.js
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowHigh Entropy Strings