SkillTotal

Is json-repair safe?

No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Python filesystem read
  • Python filesystem write/delete

json_repair is an AI python_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 2 risky constructs are reported for review. It can: filesystem read and filesystem write — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).

json_repair 0.61.2

python_package · pypi:json-repair
LOW
0
/ 100 risk score
Snapshot · scanned Jul 7, 2026 · json_repair@0.61.2 · engine 0.34.2 / ruleset 34

Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of json-repair's authors. Report a false positive.

Capabilities — what this component can do (not a risk score):
filesystem readfilesystem write

Findings (2)

MEDIUMPython filesystem readST-FS-PY-READ

The component reads files from disk.

with Path(filename).open() as fd:
with Path(args.schema).open() as fd:

Why it matters: Usually legitimate, but worth confirming it can't be steered into reading sensitive files.

Fix: Confirm which files are read and that paths cannot be influenced by untrusted input to reach sensitive locations.

MEDIUMPython filesystem write/deleteST-FS-PY-WRITE

The component writes or deletes files on disk.

with Path(args.output or args.filename).open(mode="w") as fd:

Why it matters: Usually legitimate, but worth confirming the paths can't be controlled by untrusted input.

Fix: Confirm which files are written/deleted and that paths cannot be influenced by untrusted input.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →