First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
4
Score
75/100
Findings (4)
Instruction override combined with dangerous operations
stdio, HTTP, SSE transport
Tool Definition:
tool
(
name
:
string
,
description
:
string
,
zodSchema
,
handler
)
Handler Return:
{
content
:
[
{
type
:
"text"
,
text
:
"..."
}
]
,
isError
?
:
boolean
}...Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.
Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.
Detects global installation of packages which affects the host system
npm install -g @Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.
Detects global installation of packages which affects the host system
npm install -g @Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.mdReplace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.