AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package provides an AI agent SDK with user-invoked LLM, web, shell, filesystem, MCP, telemetry, and update-check features that align with its stated purpose.
Decision evidence
public snapshot- dist/query.js calls opt-out telemetry and update checks when query() is invoked.
- dist/telemetry.js posts coarse SDK usage to https://anyclaude-telemetry.puter.work by default.
- dist/tools/bash.js, dist/sandbox/local.js, and dist/mcp/stdio.js expose user-invoked shell/MCP process execution capabilities.
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly build script.
- dist/index.js is a barrel export and does not execute package logic on import.
- dist/telemetry.js allowlists coarse fields and explicitly drops prompts, paths, keys, endpoints, and source content.
- dist/update.js only fetches package metadata from https://registry.npmjs.org and never installs.
- dist/fs/linuxTree.js seeds a provided filesystem abstraction with sandbox-like Linux paths, not host persistence.
- dist/skills/parse.js contains a BOM-tolerant regex, not hidden control-flow or executable payload.
Source & flagged code
3 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
dist/fs/linuxTree.jsView on unpkg · L27Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/skills/parse.jsView on unpkg · L3A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/skills/parse.jsView on unpkg