Does esptool have any known vulnerabilities?

esptool v5.2.0 has 1 known CVE vulnerability. Review the safety scan for severity details and remediation guidance.

What capabilities does esptool have?

esptool has the following detected capabilities: network access, filesystem access, environment variable access, native modules. Review these before using with AI coding agents.

Can I use esptool safely with AI coding agents?

esptool has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

esptool

Q: Is esptool safe to use?

esptool v5.2.0 has been flagged for review in the latest brin safety scan. Trust score: 90/100. Manual review is recommended. This is an automated assessment.

PyPI

Is esptool safe to use?

The latest brin safety scan flagged esptool v5.2.0 with risk indicators that warrant review. 1 known CVE vulnerability and 1 detected threat pattern, including patterns consistent with code injection. Trust score: 90/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

esptool Has Confirmed Threats

Confirmed threat patterns detected in this package

critical

CVEs

Threats

Install Scripts

Risk Indicators

•PYSEC-2023-234: UNKNOWN

esptool Confirmed Threats (1)

Code Injection

confidence: 90%confirmed

Location: esptool/reset.py:198

exec(self.constructed_strategy)

esptool CVE Vulnerabilities (1)

PYSEC-2023-234

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

brin Recommendations

→This package is assessed as high-risk. Manual review is strongly recommended before use.
→1 verified threat pattern detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

esptool Capabilities & Permissions

What esptool can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

docs.espressif.comgithub.comtools.ietf.org

Protocols: https, tcp

Filesystem Access

Reads and writes to the filesystem.

/usr/ (rw)/usr/ (rw)/usr/ (rw).env (rw).env (rw).env (rw)/usr/ (rw)

Environment Variables

Accesses the following environment variables.

ESPTOOL_AFTERESPTOOL_BAUDESPTOOL_BEFOREESPTOOL_CFGFILEESPTOOL_CHIPESPTOOL_CONNECT_ATTEMPTSESPTOOL_ENV_FPGAESPTOOL_FFESPTOOL_FM+5 more

Native Modules

Contains native code that runs outside the JavaScript sandbox.

cryptography

AGENTS.md for esptool

Good instructions lead to good results. brin adds esptool documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

esptool Documentation & Source Code

For the full esptool README, API documentation, and source code, visit the official package registry.

View on PyPI View Source

Frequently asked questions about esptool safety

Install (safety-checked)

Weekly Downloads

205.4K

Version

5.2.0

License

MIT

Other Versions

5.1.0critical

Last Scanned

4 days ago

Trust Score

90/100·Legitimacy signals, not safety

CVEs (1)

PYSEC-2023-234

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.

Confirmed Threats (1)

code injectionconfirmed

Location: esptool/reset.py:198

Confidence: 90%

exec(self.constructed_strategy)

Confirmed threats have been validated by human review and represent real risks.

Capabilities

Network

Connects to: docs.espressif.com, github.com, tools.ietf.org

Filesystem

Reads & Writes files

Environment

Accesses: , ESPTOOL_AFTER, ESPTOOL_BAUD...

Native

Contains native modules