AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No malicious install-time behavior was found. Explicit OpenSpec CLI setup/update actions can write generated prompt or workflow files into selected AI-tool configuration locations, including Codex's global prompts directory. Routine CLI execution also sends limited anonymous telemetry.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.js` on install.
- `dist/core/command-generation/adapters/codex.js` targets `$CODEX_HOME/prompts/opsx-<id>.md`.
- `dist/cli/index.js` invokes telemetry for every CLI action.
- `dist/telemetry/index.js` sends command name/version to `https://edge.openspec.dev`.
- `scripts/postinstall.js` only prints an opt-in completion hint; it performs no config writes.
- Completion installers are reached through `openspec completion install`, not lifecycle execution.
- AI-tool prompt paths in adapters are deterministic OpenSpec command files.
- Telemetry excludes arguments, paths, and content; supports opt-out and disables in CI.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/core/completions/installers/bash-installer.jsView on unpkg · L11