SkillTotal

Is anthropic safe?

No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Python filesystem read
  • Python network egress
  • Python filesystem write/delete

anthropic is an AI python_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 4 risky constructs are reported for review. It can: filesystem read, filesystem write, mcp tools detected and network egress — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).

anthropic 0.116.0

python_package · pypi:anthropic
LOW
0
/ 100 risk score
Snapshot · scanned Jul 7, 2026 · anthropic@0.116.0 · engine 0.34.2 / ruleset 34

Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of anthropic's authors. Report a false positive.

Capabilities — what this component can do (not a risk score):
filesystem readfilesystem writemcp tools detectednetwork egress

Findings (4)

MEDIUMPython filesystem readST-FS-PY-READ

The component reads files from disk.

return (path.name, path.read_bytes())
return pathlib.Path(file).read_bytes()
return (path.name, await path.read_bytes())
return await anyio.Path(file).read_bytes()
binary = await anyio.Path(data).read_bytes()
contents = Path(path).read_bytes()
files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))
files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))
name = (_config_dir() / "active_config").read_text(encoding="utf-8").strip()
raw = self._config_path.read_text(encoding="utf-8")
raw = path.read_text(encoding="utf-8")
content = self._path.read_text(encoding="utf-8").strip()
return full_path.read_text(encoding="utf-8")
return await full_path.read_text(encoding="utf-8")

Why it matters: Usually legitimate, but worth confirming it can't be steered into reading sensitive files.

Fix: Confirm which files are read and that paths cannot be influenced by untrusted input to reach sensitive locations.

MEDIUMPython filesystem write/deleteST-FS-PY-WRITE

The component writes or deletes files on disk.

Why it matters: Usually legitimate, but worth confirming the paths can't be controlled by untrusted input.

Fix: Confirm which files are written/deleted and that paths cannot be influenced by untrusted input.

MEDIUMPython network egressST-NET-PY

The component makes outbound network requests.

from httpx import URL, Proxy, HTTPTransport, AsyncHTTPTransport
from httpx._config import (
        DEFAULT_TIMEOUT_CONFIG,  # pyright: ignore[reportPrivateImportUsage]
    )
from httpx._config import DEFAULT_TIMEOUT_CONFIG as HTTPX_DEFAULT_TIMEOUT
return httpx.QueryParams(cast(Any, self._options.params)).merge(url.params)
self._base_url = self._enforce_trailing_slash(URL(base_url))
headers = httpx.Headers(headers_dict)
self._base_url = self._enforce_trailing_slash(url if isinstance(url, URL) else URL(url))
proxy_map = {key: None if url is None else Proxy(url=url) for key, url in get_environment_proxies().items()}
key: None if proxy is None else HTTPTransport(proxy=proxy, **transport_kwargs)
default_transport = HTTPTransport(**transport_kwargs)
proxy_map = {key: None if url is None else Proxy(url=url) for key, url in get_environment_proxies().items()}
key: None if proxy is None else AsyncHTTPTransport(proxy=proxy, **transport_kwargs)
default_transport = AsyncHTTPTransport(**transport_kwargs)
DEFAULT_TIMEOUT = httpx.Timeout(timeout=10 * 60, connect=5.0)
DEFAULT_CONNECTION_LIMITS = httpx.Limits(max_connections=1000, max_keepalive_connections=100)
from urllib.parse import parse_qs, urlencode
return parse_qs(query)
return urlencode(
            self.stringify_items(
                params,
                array_format=array_format,
                nested_format=nested_format,
            )
        )

Why it matters: Usually legitimate, but confirm the destinations are expected and no sensitive data leaves.

Fix: Confirm the destination hosts are expected and that no sensitive data is sent off-host.

LOWMCP tool surface detectedST-MCP-DETECTED

An MCP tool surface (manifest or tool definitions) was found.

raise RuntimeError("Cannot call a synchronous function asynchronously. Use `@tool` instead.")

Why it matters: Just context — review which tools it offers and their permissions.

Fix: Review the declared MCP tools and their permissions.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →