registry  /  @encore-os/eos-spec  /  0.10.0

@encore-os/eos-spec@0.10.0

Portable, config-driven spec-pipeline engine + quality harness. One canonical engine consumed as a library (with a client-safe /pure subpath) by every Encore-OS repo.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface found. The risky primitives are package-aligned CLI functions for spec workflow automation, local telemetry, tests, git commits, and optional LLM calls.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes eos-spec CLI commands such as run, ac-backfill, verify-acs, or embeddings workflows.
Impact
Can modify project spec/test/artifact files and run local test/git/model tools when explicitly requested, but no install-time execution or credential exfiltration was identified.
Mechanism
User-directed CLI automation with child_process, filesystem writes, local/optional LLM network calls.
Rationale
Static inspection found child_process, filesystem writes, and network APIs, but they are scoped to documented, user-invoked CLI workflows and local/optional model integration rather than install/import-time behavior or hidden exfiltration. The scanner's dangerous-source delta appears to be benign telemetry and workflow automation code.
Evidence
package.jsonbin/eos-spec.jsdist/index.jsdist/lib/events.jsdist/lib/gate-executor.jsdist/lib/ollama-embed.jsdist/commands/verify-acs.jsdist/commands/ac-backfill.js.claude/tmp/eos-spec-events.jsonlspec.pathtests/e2e/generated/<core>/<spec>-run.generated.spec.tsspecs/<core>/plans/<spec>-PLAN.mdspecs/<core>/tasks/<spec>-TASKS.md
Network endpoints2
localhost:11434/v1localhost:11434/api/embed

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/postinstall hook; prepare/prepublishOnly only run npm build/test tasks.
    • bin/eos-spec.js only imports dist/index.js and parses CLI args when invoked.
    • dist/index.js registers commander commands; guarded run prevents CLI execution on library import.
    • dist/commands/verify-acs.js runs bunx vitest only for user-invoked verify-acs and writes spec status only with --write.
    • dist/lib/gate-executor.js network calls are explicit CLI model/embedding workflow to localhost or optional ai SDK, with artifact writes tied to eos-spec run.
    • dist/lib/events.js writes redacted telemetry JSONL locally and swallows failures; no exfiltration endpoint found.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStrings
    Manifest
    NoLicense
    scanned 106 file(s), 552 KB of source

    Source & flagged code

    3 flagged · loading source
    dist/lib/exec.jsView file
    1import { spawnSync } from 'node:child_process'; L2: export function runScript(args, cwd) {
    High
    Child Process

    Package source references child process execution.

    dist/lib/exec.jsView on unpkg · L1
    dist/commands/verify-acs.jsView file
    42try { L43: execFileSync('bunx', ['vitest', 'run', ...relFiles, '--reporter=json', `--outputFile=${outFile}`], { L44: cwd: repoRoot,
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/commands/verify-acs.jsView on unpkg · L42
    dist/lib/events.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @encore-os/eos-spec@0.9.0 matchedIdentity = npm:QGVuY29yZS1vcy9lb3Mtc3BlYw:0.9.0 similarity = 0.806 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    dist/lib/events.jsView on unpkg

    Findings

    1 Critical3 High3 Medium5 Low
    CriticalPrevious Version Dangerous Deltadist/lib/events.js
    HighChild Processdist/lib/exec.js
    HighShell
    HighRuntime Package Installdist/commands/verify-acs.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowNo License