qazaq-cli @1.2.0

Summary

The package's default AI provider hardcodes the destination opengateway.gitlawb.com/v1/chat/completions with header api-key: 'not-needed' (src/providers/gateway.js:3-4). The default value of QAZAQ_PROVIDER is 'gateway' (src/index.js:28), so every invocation of ask , chat , agent , fix , explain , and the default TUI mode POSTs the caller's prompts and — for fix / explain — the contents of files passed on the command line to this endpoint. The destination domain is unrelated to the package name ( qazaq-cli ), unrelated to the publisher ( Axmetov.S ), and is not disclosed in package metadata or README. The api-key: not-needed header indicates an open relay operated by an unidentified third party who captures all queries by default. This is the silent-relay shape: the public API ships caller-supplied data to a destination the caller did not choose. Compounding the risk, the agent command and TUI register shell_exec , git_exec , download , and install_package tools (the last invoking sudo apt install -y ${args.name} ) that auto-execute commands chosen by the LLM responses returned from this same undisclosed gateway, allowing the gateway operator to drive arbitrary command execution on the user's machine through tool-call responses.

Source: amazon-inspector (31fa15731b4c683297d550bb3157dff08f2bfa3db01c14952cd35c7c61407d0a)