Does semantic-kernel have any known vulnerabilities?

No known CVE vulnerabilities were found for semantic-kernel v1.39.3 in the brin database.

What capabilities does semantic-kernel have?

semantic-kernel has the following detected capabilities: network access, filesystem access, environment variable access, native modules. Review these before using with AI coding agents.

Can I use semantic-kernel safely with AI coding agents?

semantic-kernel has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

semantic-kernel

Q: Is semantic-kernel safe to use?

semantic-kernel v1.39.3 has warnings detected in the latest brin safety scan. Trust score: 75/100. Review the flagged concerns before use. This is an automated assessment.

PyPI

Is semantic-kernel safe to use?

The latest brin safety scan flagged semantic-kernel v1.39.3 with risk indicators that warrant review. No known CVE vulnerabilities. Trust score: 75/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

semantic-kernel Has Warnings

Warnings detected due to potential concerns

warning

CVEs

Threats

Install Scripts

Risk Indicators

•Flagged for potential CodeInjection patterns (75% confidence)
•Flagged for potential Ssrf patterns (70% confidence)
•Flagged for potential CodeInjection patterns (60% confidence)
•Flagged for potential Ssrf patterns (55% confidence)
•Package includes native code modules

brin Recommendations

→This package has warnings detected. Evaluate the specific concerns before proceeding.

Install with brin add semantic-kernel to automatically apply these checks before installation.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

semantic-kernel Capabilities & Permissions

What semantic-kernel can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

127.0.0.1<resource>.azure.openai.comNvidia.coacasessions.ioai.google.devaka.msapi.powerplatform.comapi.search.brave.comboto3.amazonaws.comcognitiveservices.azure.com+31 more

Protocols: http, https

Filesystem Access

Reads and writes to the filesystem.

.env (r).env (r).env (r).env (r).env (r).env (r).env (r).env (r)+42 more

Environment Variables

Accesses the following environment variables.

ENV_VAR_API_KEYENV_VAR_ENDPOINTTELEMETRY_DISABLED_ENV_VARTOKEN_CACHE_PATH_INTERACTIVE

Native Modules

Contains native code that runs outside the JavaScript sandbox.

numpypandas

AGENTS.md for semantic-kernel

Good instructions lead to good results. brin adds semantic-kernel documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

semantic-kernel Documentation & Source Code

For the full semantic-kernel README, API documentation, and source code, visit the official package registry.

View on PyPI View Source Homepage

Frequently asked questions about semantic-kernel safety

Install (safety-checked)

Weekly Downloads

455.3K

Version

1.39.3

License

MIT

Other Versions

1.39.4

Last Scanned

Feb 4, 2026

Trust Score

75/100·Legitimacy signals, not safety

Capabilities

Network

Connects to: 127.0.0.1, <resource>.azure.openai.com, Nvidia.co...

Filesystem

Reads & Writes files

Environment

Accesses: ENV_VAR_API_KEY, ENV_VAR_ENDPOINT, TELEMETRY_DISABLED_ENV_VAR...

Native

Contains native modules