registry  /  @gobing-ai/spur  /  0.3.9

@gobing-ai/spur@0.3.9

Spur CLI — local-first harness for mainstream coding agents: constraint checking, workflow orchestration, agent health, and history analytics. Bun-native; exposes the `spur` command.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `spur init`, `spur agent run`, or `spur workflow run --async`.
Impact
Can alter a repository's AI-agent instruction surface when the user invokes initialization; no unconsented install-time mutation or exfiltration was confirmed.
Mechanism
Explicit CLI scaffolding and local agent/workflow orchestration.
Rationale
No concrete malicious chain was found, but explicit initialization writes AI-agent guidance into the target project. Per policy, this merits a warning for agent-capability abuse rather than a publish block.
Evidence
package.jsonspur.jsconfig/templates/AGENTS.mdconfig/
Network endpoints1
localhost:3000/api

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `spur init` explicitly writes bundled config and a root `AGENTS.md` template.
  • The template directs AI coding agents toward Spur commands, skills, and subagents.
  • `spur agent run` and `workflow run --async` can launch configured local agent/workflow processes.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
  • Writes are reached through explicit CLI commands, not import/install execution.
  • Observed team HTTP calls default to `http://localhost:3000/api`; no credential-exfiltration endpoint was found.
  • No first-party source evidence of secret harvesting, remote payload loading, or destructive broad filesystem behavior.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 57 file(s), 4.77 MB of source, external domains: chevrotain.io, en.wikipedia.org, github.com, gobing.ai, json-schema.org, langium.org, react.dev, www.markdownguide.org, www.w3.org
Oversized source lightweight scan
spur.js2.90 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsShellHighEntropyStringsUrlStringsgithub.comgobing.aijson-schema.org

Source & flagged code

3 flagged · loading source
web/_astro/BoardApp.DjpO2XHn.jsView file
4L5: Please change the parent <Route path="${A}"> to <Route path="${A==="/"?"*":`${A}/*`}">.`)}let f=Kn(),m;m=f;let g=m.pathname||"/",T=g;if(c!=="/"){let A=c.replace(/^\//,"").split("/"... L6: ?|
Medium
Dynamic Require

Package source references dynamic require/import behavior.

web/_astro/BoardApp.DjpO2XHn.jsView on unpkg · L4
spur.jsView file
path = spur.js kind = oversized_source_file sizeBytes = 3036367 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

spur.jsView on unpkg
path = spur.js kind = oversized_cli_entrypoint sizeBytes = 3036367 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

spur.jsView on unpkg

Findings

1 High6 Medium7 Low
HighOversized Source Filespur.js
MediumDynamic Requireweb/_astro/BoardApp.DjpO2XHn.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumOversized Cli Entrypointspur.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings