SkillTotal

Is openai safe?

No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Node.js shell/command execution
  • Sensitive path / secret-location reference
  • Node.js filesystem read

openai is an AI npm_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 4 risky constructs are reported for review. It can: filesystem read, network egress and shell execution — capabilities are what the code can do, not a verdict on intent. Risk score 20/100 (low).

openai 6.45.0

npm_package · npm:openai
LOW
20
/ 100 risk score
Snapshot · scanned Jul 5, 2026 · openai@6.45.0 · engine 0.30.0 / ruleset 28

Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of openai's authors. Report a false positive.

Capabilities — what this component can do (not a risk score):
filesystem readnetwork egressshell execution

Findings (4)

HIGHSensitive path / secret-location referenceST-SENS-PATH

The component references credential locations like ~/.ssh or .aws/credentials.

const AZURE_IMDS_BASE_URL = 'http://169.254.169.254/metadata/identity/oauth2/token';
const AZURE_IMDS_BASE_URL = 'http://169.254.169.254/metadata/identity/oauth2/token';
const AZURE_IMDS_BASE_URL = 'http://169.254.169.254/metadata/identity/oauth2/token';

Why it matters: Touching secret locations is a common first step before stealing them — confirm why it's needed.

Fix: Verify why the component references credential locations; reading these is a common precursor to secret exfiltration.

HIGHNode.js shell/command executionST-SHELL-NODE

The component can run operating-system commands or spawn processes.

const node_child_process_1 = require("node:child_process");
import { spawn } from 'node:child_process';
const ffplay = spawn('ffplay', ['-autoexit', '-nodisp', '-i', 'pipe:0']);
const ffmpeg = spawn('ffmpeg', [
const match = pattern.exec(navigator.userAgent);
const match = pattern.exec(navigator.userAgent);
while ((match = invalidSegmentPattern.exec(pathOnly)) !== null) {
while ((match = invalidSegmentPattern.exec(pathOnly)) !== null) {
const canonicalRegion = /^bedrock-mantle\.([a-z0-9-]+)\.api\.aws$/i.exec(parsedURL.hostname)?.[1];
const canonicalRegion = /^bedrock-mantle\.([a-z0-9-]+)\.api\.aws$/i.exec(parsedURL.hostname)?.[1];
import { spawn } from 'node:child_process';
const ffplay = spawn('ffplay', ['-autoexit', '-nodisp', '-i', 'pipe:0']);
const ffmpeg = spawn(
const match = pattern.exec(navigator.userAgent);
while ((match = invalidSegmentPattern.exec(pathOnly)) !== null) {
const canonicalRegion = /^bedrock-mantle\.([a-z0-9-]+)\.api\.aws$/i.exec(parsedURL.hostname)?.[1];

Why it matters: Powerful and often legitimate — confirm the commands aren't built from untrusted input.

Fix: Confirm the command and its arguments are fully controlled and not derived from untrusted input; prefer execFile with an argument array.

MEDIUMNode.js filesystem readST-FS-NODE-READ

The component reads files from disk.

* the result of fs.createReadStream().
*     file: fs.createReadStream('speech.mp3'),
*   file: fs.createReadStream('speech.mp3'),
*   image: fs.createReadStream('otter.png'),
*   image: fs.createReadStream('path/to/file'),
*   image: fs.createReadStream('otter.png'),
*   image: fs.createReadStream('otter.png'),
* the result of fs.createReadStream().
*     file: fs.createReadStream('speech.mp3'),
*   file: fs.createReadStream('speech.mp3'),
*   image: fs.createReadStream('otter.png'),
*   image: fs.createReadStream('path/to/file'),

Why it matters: Usually legitimate, but worth confirming it can't be steered into reading sensitive files.

Fix: Confirm which files are read and that paths cannot be influenced by untrusted input to reach sensitive locations.

MEDIUMNode.js network egressST-NET-NODE

The component makes outbound network requests.

const response = await this.fetch(this.tokenExchangeUrl, {
const response = await this.fetch(this.tokenExchangeUrl, {
// Expo fetch
            ('message' in err && String(err.message).includes('FetchRequestCanceledException'))));
// Expo fetch
            ('message' in err && String(err.message).includes('FetchRequestCanceledException'))));
: (await fetch('data:,')).constructor);
: (await fetch('data:,')).constructor);
const response = await this.fetch(this.tokenExchangeUrl, {
// Expo fetch
      ('message' in err && String((err as any).message).includes('FetchRequestCanceledException')))
: (await fetch('data:,')).constructor) as typeof Response;

Why it matters: Usually legitimate, but confirm the destinations are expected and no sensitive data leaves.

Fix: Confirm the destination hosts are expected and that no sensitive data is sent off-host.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →