registry  /  @encore-os/eos-spec  /  0.14.0

@encore-os/eos-spec@0.14.0

Portable, config-driven spec-pipeline engine + quality harness. One canonical engine consumed as a library (with a client-safe /pure subpath) by every Encore-OS repo.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a spec workflow CLI that can run tests, call configured LLM endpoints, and write workflow artifacts only when explicit commands are invoked.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes eos-spec CLI commands such as run, ac-backfill, verify-acs, init, or metrics
Impact
Can modify the target repo's spec/artifact files or run configured test/git commands during explicit CLI use; no install-time or stealth behavior identified.
Mechanism
User-invoked workflow automation with child_process, file writes, and optional LLM calls
Rationale
Static inspection shows risky primitives are tied to an explicit spec-management CLI and aligned with documented package behavior, with no install-time execution, secret collection, broad agent-control mutation, or remote payload chain. Scanner findings are noisy because child_process/network/file writes are expected for commands that run tests, call LLMs, and update spec artifacts.
Evidence
package.jsonbin/eos-spec.jsdist/index.jsdist/lib/events.jsdist/lib/gate-executor.jsdist/lib/ollama-embed.jsdist/commands/run.jsdist/commands/ac-backfill.jsdist/commands/verify-acs.js<repo-root>/.claude/tmp/eos-spec-events.jsonlspec.pathtests/e2e/generated/<core>/<spec>-run.generated.spec.tsspecs/<core>/plans/<spec>-PLAN.mdspecs/<core>/tasks/<spec>-TASKS.md
Network endpoints2
localhost:11434/v1localhost:11434/api/embed

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/commands/verify-acs.js runs user-requested Vitest via bunx/configured lane command
  • dist/lib/gate-executor.js can POST prompts to local OpenAI-compatible endpoint and optionally use ai SDK cloud model
  • dist/commands/ac-backfill.js requires AI_GATEWAY_API_KEY before model calls and may git add/commit user repo changes
  • dist/lib/events.js writes telemetry JSONL under .claude/tmp or EOS_SPEC_EVENTS_PATH
Evidence against
  • package.json has no preinstall/install/postinstall hook; prepare/prepublishOnly only run npm build
  • bin/eos-spec.js only imports dist/index.js and parses explicit CLI commands
  • Filesystem writes are command-scoped spec/artifact/telemetry outputs, not install-time persistence
  • No credential harvesting or exfiltration logic found; env vars are used as configuration/model keys
  • Network use is package-aligned LLM/embedding functionality and user-invoked, not import-time
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
Manifest
NoLicense
scanned 109 file(s), 581 KB of source

Source & flagged code

3 flagged · loading source
dist/lib/exec.jsView file
1import { spawnSync } from 'node:child_process'; L2: /** `timeoutMs` bounds the child process (spawnSync kills it and returns a null
High
Child Process

Package source references child process execution.

dist/lib/exec.jsView on unpkg · L1
dist/commands/verify-acs.jsView file
84try { L85: execFileSync('bunx', ['vitest', 'run', ...relFiles, '--reporter=json', `--outputFile=${outFile}`], { L86: cwd: repoRoot,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/verify-acs.jsView on unpkg · L84
dist/lib/events.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @encore-os/eos-spec@0.10.0 matchedIdentity = npm:QGVuY29yZS1vcy9lb3Mtc3BlYw:0.10.0 similarity = 0.714 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/lib/events.jsView on unpkg

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/lib/events.js
HighChild Processdist/lib/exec.js
HighShell
HighRuntime Package Installdist/commands/verify-acs.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License