AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package exposes SDK features for LLM calls, web fetch/search, local sandbox execution, MCP subprocesses, telemetry, and update checks, all activated by consumer API use rather than npm install hooks.
Decision evidence
public snapshot- dist/telemetry.js has opt-out telemetry POSTs to https://anyclaude-telemetry.puter.work when track() is used.
- dist/update.js can check https://registry.npmjs.org for package updates when checkForUpdate()/notifyIfOutdated() is called.
- dist/mcp/stdio.js and dist/sandbox/local.js expose user-configured child_process spawn/exec capabilities.
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly builds before publishing.
- dist/index.js is a barrel export and does not perform install-time or import-time mutation.
- dist/skills/parse.js only parses markdown frontmatter; the flagged invisible char is a BOM match in a regex, not bidi control flow.
- dist/fs/linuxTree.js writes /etc and .bashrc only into the caller-provided FileSystem sandbox.
- Network code is package-aligned LLM, MCP, web_search/web_fetch, telemetry, and update-check functionality.
- No credential harvesting, remote payload loading, destructive persistence, or AI-agent control-surface mutation found.
Source & flagged code
3 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
dist/fs/linuxTree.jsView on unpkg · L27Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/skills/parse.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/skills/parse.jsView on unpkg