brin
brin

code-puppy

PyPI

Is code-puppy safe to use?

The latest brin safety scan flagged code-puppy v0.0.410 with risk indicators that warrant review. No known CVE vulnerabilities and 4 detected threat patterns, including patterns consistent with insecure deserialization and insecure deserialization. Trust score: 70/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

code-puppy Has Confirmed Threats

Confirmed threat patterns detected in this package

critical
CVEs

0

Threats

4

Install Scripts

0

code-puppy Confirmed Threats (4)

Insecure Deserialization
confidence: 90%confirmed

Location: code_puppy/session_storage.py:20

return pickle.loads(data)  # noqa: S301
Insecure Deserialization
confidence: 90%confirmed

Location: code_puppy/api/routers/sessions.py:90

return pickle.load(f)
Insecure Deserialization
confidence: 90%confirmed

Location: code_puppy/tools/agent_tools.py:203

return pickle.load(f)

brin Recommendations

  • This package is assessed as high-risk. Manual review is strongly recommended before use.
  • 4 verified threat patterns detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

code-puppy Capabilities & Permissions

What code-puppy can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

127.0.0.1accounts.google.comaihubmix.comaistudio.google.comalacritty.orgapi.anthropic.comapi.cohere.comapi.deepinfra.comapi.groq.comapi.minimax.io+53 more
Protocols: http, https, tcp, websocket

Filesystem Access

Reads and writes to the filesystem.

.env (w).env (rw).env (rw).env (rw).env (rw).env (rw)pyproject.toml (rw)pyproject.toml (rw)+28 more

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

ALACRITTY_SOCKETBROWSER_HEADLESSCHATGPT_OAUTH_CONFIG[CHROMIUM_HEADLESSCICODE_PUPPY_NO_COLORCODE_PUPPY_NO_TUICODE_PUPPY_SKIP_TUTORIALCOLORTERM+17 more

Native Modules

Contains native code that runs outside the JavaScript sandbox.

ctypes

AGENTS.md for code-puppy

Good instructions lead to good results. brin adds code-puppy documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

code-puppy Documentation & Source Code

For the full code-puppy README, API documentation, and source code, visit the official package registry.

View on PyPI

Frequently asked questions about code-puppy safety

Weekly Downloads

4.8K

Version

0.0.410

Last Scanned

5 days ago

Trust Score

70/100·Legitimacy signals, not safety

Confirmed Threats (4)

insecure deserializationconfirmed

Location: code_puppy/session_storage.py:20

Confidence: 90%

return pickle.loads(data)  # noqa: S301
insecure deserializationconfirmed

Location: code_puppy/api/routers/sessions.py:90

Confidence: 90%

return pickle.load(f)
insecure deserializationconfirmed

Location: code_puppy/tools/agent_tools.py:203

Confidence: 90%

return pickle.load(f)
hardcoded secretsconfirmed

Location: code_puppy/plugins/antigravity_oauth/constants.py:9

Confidence: 95%

ANTIGRAVITY_CLIENT_SECRET = "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"

Confirmed threats have been validated by human review and represent real risks.

Capabilities

Network

Connects to: 127.0.0.1, accounts.google.com, aihubmix.com...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: , ALACRITTY_SOCKET, BROWSER_HEADLESS...

Native

Contains native modules