Minimal, secure personal AI agent — Claude Agent SDK + Telegram + MCP
Drift inferred · capture-to-capture
No drift recorded — single capability capture; advisories appear once its surface changes.
transport — counts 1 tools · 0 res
· 0 prompts
permission surface via code analysis
tools
-
search_mcp_registry
Search the official MCP registry
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed commit cda2bf9 · analyzer v20 · 10h ago
skills & prompt files 2
- agent-ruleskossov-it-cakeagent-cda2bf9/CLAUDE.md
- agent-ruleskossov-it-cakeagent-cda2bf9/groups/main/CLAUDE.md
danger signals1
- suspicious endpointapi.telegram.orgkossov-it-cakeagent-cda2bf9/channels/telegram.ts:4
const res = await fetch(`https://api.telegram.org/bot${token}/${method}`, {
evidence-backed
findings quoted directly from the published source artifact — not inferred
filesystem 6
- fs kossov-it-cakeagent-cda2bf9/src/agent.ts :3
import { readFileSync, existsSync } from 'node:fs'; - fs kossov-it-cakeagent-cda2bf9/src/hooks.ts :4
import { mkdirSync, writeFileSync, realpathSync, existsSync } from 'node:fs'; - fs kossov-it-cakeagent-cda2bf9/src/index.ts :7
import { existsSync, writeFileSync, readFileSync, mkdirSync, statSync, chmodSync } from 'node:fs'; - fs kossov-it-cakeagent-cda2bf9/src/store.ts :2
import { readFileSync, writeFileSync, existsSync, mkdirSync, renameSync } from 'node:fs'; - fs kossov-it-cakeagent-cda2bf9/src/tools.ts :3
import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync, renameSync } from 'node:fs'; - fs kossov-it-cakeagent-cda2bf9/src/voice.ts :2
import { writeFileSync, readFileSync, unlinkSync, existsSync } from 'node:fs';
shell / exec 2
- shell kossov-it-cakeagent-cda2bf9/src/index.ts :8
import { execFile } from 'node:child_process'; - shell kossov-it-cakeagent-cda2bf9/src/voice.ts :1
import { execFile } from 'node:child_process';
network 2
- net kossov-it-cakeagent-cda2bf9/channels/telegram.ts :4
const res = await fetch(`https://api.telegram.org/bot${token}/${method}`, { - net kossov-it-cakeagent-cda2bf9/src/tools.ts :15
// endpoints so prompt-injected inputs can't turn our fetch() calls into an
database 1
- db kossov-it-cakeagent-cda2bf9/src/store.ts :1
import Database from 'better-sqlite3';
declared dependencies 7
- @anthropic-ai/claude-agent-sdk@^0.2.138
- better-sqlite3@^12.9.0
- zod@^4.4.3
- @types/better-sqlite3@^7.6.13
- @types/node@^25.6.2
- tsx@^4.21.0
- typescript@^6.0.3