registry  /  @lucidetech/shiprun  /  0.6.1

@lucidetech/shiprun@0.6.1

Scans your vibe-coded Next.js + Supabase app and tells you exactly what's missing to make it production-ready.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious behavior or install-time attack was found. The real risk is user-invoked first-party Claude/Codex agent context and hook setup that alters AI-agent control surfaces for the local project.

Static reason
One or more suspicious static signals were detected.
Trigger
Running shiprun scan without --no-hook, or running shiprun deploy/undeploy/fix
Impact
Writes local reports, .shiprun state, optional Claude SessionStart hook, and deploy-managed agent/context files; npm audit may contact npm registry when scanning dependencies.
Mechanism
local security scanner with report generation and first-party AI-agent hook/context setup
Rationale
Source inspection supports a package-aligned CLI with local scanning, report writing, and explicit/scan-time AI-agent integration; no unconsented npm install hook, exfiltration, remote payload execution, destructive behavior, or broad foreign control-surface hijack was found. Because it writes Claude/Codex agent context and a Claude startup hook during user-invoked workflows, treat as a lifecycle risk warning rather than malicious.
Evidence
package.jsondist/cli.jsdist/hook.jsdist/deploy.jsdist/fixer.jsdist/checks/secrets.jsdist/checks/dependencies.jsSHIPRUN.mdshiprun-report/shiprun-report/changelog.md.shiprun/findings.json.shiprun/history.jsonl.shiprun/changelog.md.claude/hooks/shiprun-context.cjs.claude/settings.json.claude/context/shiprun-house-rules.md.claude/agents/shiprun-fix-*.mdCLAUDE.mdAGENTS.md.shiprun/deploy-manifest.json.gitignore.github/workflows/ci.yml

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/cli.js default scan writes reports and, unless --no-hook, calls ensureSessionStartHook(root).
  • dist/hook.js writes .claude/hooks/shiprun-context.cjs and registers a Claude SessionStart command in .claude/settings.json.
  • dist/deploy.js explicit deploy writes .claude/agents/shiprun-fix-*.md, .claude/context/shiprun-house-rules.md, and managed blocks into CLAUDE.md/AGENTS.md.
  • dist/checks/dependencies.js can run npm audit --json during scans.
Evidence against
  • package.json has no preinstall/install/postinstall; prepare/prepublishOnly only run npm run build.
  • No credential exfiltration or attacker network endpoints found in inspected source.
  • dist/checks/secrets.js reads local files to generate findings, not to transmit secrets.
  • Agent/control-surface mutations are package-aligned and user-invoked by scan/deploy commands.
  • dist/deploy.js uses delimited managed blocks and manifest-based undeploy/prune behavior.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 130 KB of source

Source & flagged code

2 flagged · loading source
dist/checks/secrets.jsView file
18patternName = private_key_rsa severity = critical line = 18 matchedText = { name: .../ },
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/checks/secrets.jsView on unpkg · L18
18patternName = private_key_rsa severity = critical line = 18 matchedText = { name: .../ },
Critical
Secret Pattern

RSA private key in dist/checks/secrets.js

dist/checks/secrets.jsView on unpkg · L18

Findings

2 Critical2 Medium4 Low
CriticalCritical Secretdist/checks/secrets.js
CriticalSecret Patterndist/checks/secrets.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings