AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package contains user-invoked SDK capabilities for LLM calls, sandbox file operations, shell execution, web fetch/search, telemetry, and update checks, all aligned with the package purpose.
Decision evidence
public snapshot- dist/telemetry.js defines opt-out telemetry to https://anyclaude-telemetry.puter.work with a generated install id when track() is called.
- dist/update.js can fetch https://registry.npmjs.org/<pkg>/latest when checkForUpdate()/notifyIfOutdated() is called.
- dist/tools/bash.js, write_file.js, delete_file.js expose agent tools that can execute commands or modify workspace files when host supplies ctx.
- package.json has no preinstall/install/postinstall hook; only prepublishOnly build script is publisher-side.
- dist/index.js is a barrel of exports; no top-level execution beyond imports/exports observed.
- dist/skills/parse.js scanner hit is a UTF-8 BOM allowance in a frontmatter regex, not bidi Trojan Source logic.
- dist/fs/linuxTree.js only seeds a provided virtual fs with sandbox paths and empty .bashrc when seedLinuxTree(fs) is explicitly called.
- Network clients in dist/llm/*.js and dist/tools/web_*.js use user/configured endpoints for SDK functionality, not hidden exfiltration.
- No native binaries, executable payloads, broad AI-agent config mutation, or install-time persistence found.
Source & flagged code
3 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
dist/fs/linuxTree.jsView on unpkg · L27Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/skills/parse.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/skills/parse.jsView on unpkg