Is @tencent-ai/agent-sdk safe to install?

@tencent-ai/agent-sdk was flagged as CRITICAL RISK (risk score 13663.5) with 944 findings detected across 566 files. Review the findings before installing.

What security issues were found in @tencent-ai/agent-sdk?

Sigil detected 944 findings in @tencent-ai/agent-sdk, including patterns related to network_exfil, install_hooks, code_patterns, obfuscation, provenance. See the full scan report for details.

@tencent-ai/agent-sdk Security Scan — CRITICAL RISK | Sigil

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/cli/dist/codebuddy-headless.js:1

!function(D,ei){if("object"==typeof exports&&"object"==typeof module)module.exports=ei();else if("function"==typeof define&&define.amd)define([],ei);else{var ea=ei();for(var el in ea)("object"==typeof exports?exports:D)[el]=ea[el]}}(global,()=>(()=>{var __webpack_modules__={80707(D,ei,ea){"use strict";var el=this&&this.__createBinding||(Object.create?function(D,ei,ea,el){void 0===el&&(el=ea);var ec=Object.getOwnPropertyDescriptor(ei,ea);(!ec||("get"in ec?!ei.__esModule:ec.writable||ec.configurab

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/cli/dist/codebuddy-headless.js:1

!function(D,ei){if("object"==typeof exports&&"object"==typeof module)module.exports=ei();else if("function"==typeof define&&define.amd)define([],ei);else{var ea=ei();for(var el in ea)("object"==typeof exports?exports:D)[el]=ea[el]}}(global,()=>(()=>{var __webpack_modules__={80707(D,ei,ea){"use strict";var el=this&&this.__createBinding||(Object.create?function(D,ei,ea,el){void 0===el&&(el=ea);var ec=Object.getOwnPropertyDescriptor(ei,ea);(!ec||("get"in ec?!ei.__esModule:ec.writable||ec.configurab

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/cli/dist/codebuddy-headless.js:32


`,el=D.write(ea);if(D.flush?.(),!el){if(D.destroyed||D.writableEnded)return;try{await (0,tm.once)(D,"drain")}catch{}}}clearInFlightPrompt(D,ei){D.inFlightPrompts.delete(ei)&&this.clearPromptTimeout(ei)}scheduleStreamClose(D,ei,ea,el){this.logger.info?.(`[ACP StreamManager] scheduleStreamClose: Scheduling delayed close for stream ${ea} (${ek.STREAM_CLOSE_DELAY_MS}ms)`);let ec=setTimeout(()=>{this.streamCloseTimers.delete(ea),this.logger.info?.(`[ACP StreamManager] scheduleStreamClose: Delayed cl

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/cli/dist/codebuddy-headless.js:604

`,{mode:e$.ConsoleOutputMode.NATIVE})});try{await ei.start(),await new Promise(D=>{process.on("SIGINT",async()=>{this.consoleManager.log("\nShutting down...\n",{mode:e$.ConsoleOutputMode.NATIVE}),await ei.stop(),D(),process.exit(0)}),process.on("SIGTERM",async()=>{await ei.stop(),D(),process.exit(0)})})}catch(D){this.consoleManager.log(`Failed to start remote control: ${D.message}
`,{mode:e$.ConsoleOutputMode.NATIVE}),process.exit(1)}}};remote_control_mode_strategy_decorate([(0,eN.Autowired)(e$.

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/cli/dist/codebuddy-headless.js:744

            esac
        `}async setup(D,ei){let ea=this.rcsToUpdate(D),el=this.envScript(D,ei);for(let ei of ea)await appendIfNotExists(D,ei,el)}};eG=shell_setup_decorate([(0,ey.Component)(ex)],eG);let eZ=class{get name(){return"bash"}async exists(D){return(await this.rcsToUpdate(D)).length>0}rcfiles(D){return[".bash_profile",".bash_login",".bashrc"].map(ei=>(0,eP.join)(D.homedir(),ei))}async rcsToUpdate(D){let{access:ei}=D.fs.promises;return filterAsync(this.rcfiles(D),D=>ei(D).then(()=>!0).ca

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/cli/dist/codebuddy-headless.js:1338

You may need to restart Warp for changes to take effect`)+`
See ${D}`}catch(D){throw Error(`Failed to install Warp Shift+Enter key binding: ${D}`)}}static async setup(D){switch(D){case eF.TerminalType.ITERM:case eF.TerminalType.ITERM_LEGACY:return await this.setupITerm2();case eF.TerminalType.APPLE_TERMINAL:return await this.setupAppleTerminal();case eF.TerminalType.VSCODE:return await this.setupVSCode("VSCode");case eF.TerminalType.CODEBUDDY:return await this.setupVSCode("CodeBuddy");case eF.Te

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

package/cli/dist/web-ui/assets/index-BoMlEqUE.js:429


WARNING: This link could potentially be dangerous`)){const h=window.open();if(h){try{h.opener=null}catch{}h.location.href=d}else console.warn("Opening link blocked as opener could not be cleared")}}s.OscLinkProvider=v=l([f(0,_.IBufferService),f(1,_.IOptionsService),f(2,_.IOscLinkService)],v)},6193:(m,s)=>{Object.defineProperty(s,"__esModule",{value:!0}),s.RenderDebouncer=void 0,s.RenderDebouncer=class{constructor(o,l){this._renderCallback=o,this._coreBrowserService=l,this._refreshCallbacks=[]}d

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/cli/dist/web-ui/docs/cn/cli/installation.md:101

```bash [macOS / Linux]
curl -fsSL https://copilot.tencent.com/cli/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/cli/dist/web-ui/docs/cn/cli/quickstart.md:38

# macOS/Linux
curl -fsSL https://copilot.tencent.com/cli/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/cli/dist/web-ui/docs/en/cli/installation.md:112

```bash [macOS / Linux]
curl -fsSL https://copilot.tencent.com/cli/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/cli/dist/web-ui/docs/en/cli/quickstart.md:38

# macOS/Linux
curl -fsSL https://copilot.tencent.com/cli/install.sh | bash
```

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

@tencent-ai/agent-sdk

Summary

Provenance

Findings by Phase

Install Hooks

Code Patterns

Obfuscation

Network / Exfiltration

Provenance

Badge

Scan your own packages

Get threat intelligence and product updates

Other npm scans