registry  /  @educa-corp/sdd-framework  /  0.2.8

@educa-corp/sdd-framework@0.2.8

Spec Driven Development workflow framework for Claude Code

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs the package CLI, notably no-flag legacy mode, `--init`, or `--hooks`.
Impact
Changes AI-agent command/configuration surfaces and can affect later Claude Code sessions.
Mechanism
Explicit CLI writes Claude Code commands, project agent files, and an optional PreToolUse hook.
Rationale
The package is not concretely malicious, but it intentionally mutates Claude Code control surfaces through explicit user commands, including a legacy global mode. Per policy this is a warn-level AI-agent capability risk rather than a publish-block event.
Evidence
package.jsonbin/index.jshooks/data-guard.jsscripts/init.shscripts/upgrade.sh~/.claude/commands/*.md.claude/commands/*.md.agent/**.claude/hooks/data-guard.js.claude/settings.json

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/index.js` copies commands to `~/.claude/commands/` when invoked without flags.
  • `--init` writes package content into project `.agent/` and `.claude/commands/`.
  • Explicit `--hooks` copies a hook and modifies `.claude/settings.json`.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • All agent-control writes require an explicit CLI invocation or option.
  • `hooks/data-guard.js` blocks access to credential-like paths; no harvesting or exfiltration found.
  • No network client, encoded payload, eval, native loader, or hidden persistence found in inspected code.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 6 file(s), 67.7 KB of source

Source & flagged code

2 flagged · loading source
core/hooks/data-guard.jsView file
15L16: const readline = require('readline'); L17:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

core/hooks/data-guard.jsView on unpkg · L15
scripts/init.shView file
path = scripts/init.sh kind = build_helper sizeBytes = 1962 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/init.shView on unpkg

Findings

3 Medium4 Low
MediumDynamic Requirecore/hooks/data-guard.js
MediumShips Build Helperscripts/init.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings