Is this a live scanner of my code?

No. It is a curated reference of vulnerability classes commonly seen in each AI SDK ecosystem. Use it alongside a real dependency scanner like npm audit, pip-audit, or Snyk against your actual lockfile.

Why are AI SDKs especially risky?

AI SDKs glue together tool calling, code execution, retrieval, and untrusted model output, which expands the attack surface well beyond a normal HTTP client. Untrusted text flowing into tools or eval is the recurring theme.

What is dependency confusion?

Dependency confusion is when an attacker publishes a public package with the same name as your internal package, and the installer pulls the malicious public one. Fast-moving AI ecosystems with many sub-packages are frequent targets.

What is the biggest AI-specific class to worry about?

Prompt-injection-to-tool-execution. If model output can trigger tools that run code, query databases, or fetch URLs, an attacker who controls any input the model reads can pivot into those tools. Always treat model output as untrusted.

Does selecting an SDK send anything anywhere?

No. The guide is fully local and static. Nothing about your stack is transmitted.

AI SDK Dependency Vulnerability Advisor

AI SDK dependency vulnerability advisor

AI SDKs are unusually dangerous to integrate because they wire together capabilities that classic web libraries keep apart: arbitrary tool execution, code interpreters, document retrieval over the network, and untrusted text generated by a model. A bug that would be harmless in a plain HTTP client can become remote code execution once the same data can reach a tool. This advisor gives you a per-SDK reference of the vulnerability classes that recur in each ecosystem, with mitigations you can adopt immediately.

How it works

Pick your SDK and the tool loads a curated list of vulnerability classes for that ecosystem. Each entry names the class, explains the mechanism in one or two sentences, states the realistic impact, and gives a concrete mitigation. The content is static and curated from public advisories and well-known framework footguns — it is a checklist to read with your architecture in front of you, not a code scanner. Run it together with a real dependency auditor (pip-audit, npm audit, Snyk) so you cover both the design-level classes here and the specific CVEs in your lockfile.

How to use it well

Pin and verify dependencies. Use lockfiles, hashes, and an internal index to defeat dependency confusion before anything else.
Treat model output as untrusted input. Any text the model produces — and any document it retrieves — can carry an injection payload. Validate before it reaches a tool, shell, query, or deserializer.
Constrain tools tightly. Allowlist URLs for fetch tools (SSRF), parameterize every database tool, and never expose a raw eval/exec tool to the model.
Re-check on upgrade. AI SDKs move fast; a minor version can add a new tool or change a default. Re-read the relevant classes after each bump.