No confirmed malicious attack surface. Runtime networking and process launches occur only through explicit `zap` subcommands to provide the advertised model-routing service.
Static reason
No blocking static signals were detected.
Trigger
User runs `zap login`, API commands, `zap claude`, or `zap codex`.
Impact
Stores a user-authorized Zap token in `~/.zap/config.json` and supplies it to the configured Zap endpoint or launched CLI process; no unconsented persistence or foreign agent-config mutation was found.
Mechanism
OAuth session storage, Zap API requests, and explicit child-process routing to installed Claude/Codex CLIs.
Rationale
The package is an explicit CLI wrapper for Zap-hosted model APIs and launches Claude/Codex only when invoked by the user. Source inspection found scoped session storage and expected API routing, but no install-time execution, credential harvesting, stealth persistence, or foreign AI-agent control-surface writes.
Evidence
package.jsondist/config.jsdist/api.jsdist/commands/login.jsdist/commands/claude.jsdist/commands/codex.jsdist/commands/logout.js~/.zap/config.json