KORU - steruje kilkoma IDE na raz tak jak MCP/ACP agentami
- capability exposureinferred+35
- recent driftinferred+20
- tool safetyinferred+12
- trust mitigatorsmixed−3
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 13m ago · see ecosystem CVEs →
- C · 56 → D · 64
- A · 0 → C · 56
No known CVEs for this server.
- highdangerous code
dynamic exec: __import__(), eval()/exec()
analyzed commit 6128afb · analyzer v19 · 1d ago
danger signals3
- dynamic code execution__import__()semcod-koru-6128afb/packages/coru/src/coru/cli.py:575
__import__(module_name) - dynamic code execution__import__()semcod-koru-6128afb/src/koru/cli.py:133
return getattr(__import__(module_name, fromlist=[attr_name]), attr_name)(argv) - dynamic code executioneval()/exec()semcod-koru-6128afb/test_openrouter_simple.py:56
exec(code, namespace)
- recent drift+20 capability drift →
[](https://mcpobservatory.com/servers/github:semcod/koru/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of semcod.