registry  /  cardan  /  0.13.0

cardan@0.13.0

Zero-dependency TypeScript AI and LLM SDK for OpenAI, Anthropic, Gemini, xAI, Groq, and Modal

AI Security Review

scanned 3h ago · by lpm-firewall-ai

An explicit CLI command can scan readable local user homes for Claude and Grok credential files, including `/root` on Linux, and print extracted tokens. No source path sends the discovered tokens to a third party or mutates local files.

Static reason
No blocking static signals were detected.
Trigger
User runs `cardan detect --all-users` or calls `detectAllUsers()`.
Impact
A user who runs the command can expose tokens from other readable accounts in terminal output or copied environment text.
Mechanism
Multi-user local credential discovery and console disclosure.
Rationale
No concrete malicious delivery or exfiltration chain is present, but the explicit multi-user credential-harvesting feature creates meaningful misuse risk. Flag as warn rather than block because activation is user-invoked and source shows local console output only.
Evidence
package.jsondist/cli.jsdist/detect-DG4zv_gV.jsdist/index.jsREADME.md

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js` exposes explicit `detect --all-users`.
  • `dist/detect-DG4zv_gV.js` enumerates other readable home directories.
  • Detector reads Claude/Grok credential files and extracts access/refresh tokens.
  • CLI renders detected access tokens as `.env` assignments.
Evidence against
  • `package.json` has no install/preinstall/postinstall hook.
  • Credential scanning runs only through exported detection APIs or the `cardan detect` command.
  • No write, shell, eval, native loading, or persistence primitives found.
  • Detector has no network call; SDK requests target configured AI-provider APIs.
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 173 KB of source, external domains: accounts.x.ai, api.anthropic.com, api.groq.com, api.openai.com, api.us-west-2.modal.direct, api.x.ai, auth.x.ai, cli-chat-proxy.grok.com, generativelanguage.googleapis.com, platform.claude.com

Source & flagged code

2 flagged · loading source
dist/cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli.js` exposes explicit `detect --all-users`.

dist/cli.jsView on unpkg
dist/detect-DG4zv_gV.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/detect-DG4zv_gV.js` enumerates other readable home directories.

dist/detect-DG4zv_gV.jsView on unpkg

Findings

5 Medium5 Low
MediumNetwork
MediumAi Review Evidencedist/cli.js
MediumAi Review Evidencedist/detect-DG4zv_gV.js
MediumAi Review Evidence
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings