registry  /  @shipshitdev/shipcode  /  0.2.0

@shipshitdev/shipcode@0.2.0

Autonomous AI coding pipeline. GitHub issues in, pull requests out.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `shipcode onboard`, `run`, `review`, `retry`, or terminal commands.
Impact
A user-authorized pipeline can modify its selected project through configured AI tools and GitHub workflows.
Mechanism
User-invoked AI-agent orchestration with child-process, project, and GitHub access.
Rationale
No source evidence supports a malicious publish block; the scanner’s lifecycle signal is a benign optional native-module load. The package nevertheless exposes meaningful user-invoked autonomous agent capability over a project and should be warned rather than marked clean.
Evidence
package.jsondist/index.jsdist/program-2NTFQ6M7.js
Network endpoints2
openrouter.ai/api/v1api.github.com/graphql

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/program-2NTFQ6M7.js` runs Claude/Codex CLIs for requested pipeline phases.
  • It forwards an allowlisted set of AI-provider credentials to those child CLIs.
  • Explicit `run`/`review` commands can operate on a GitHub issue and project worktree.
  • Runtime sends provider requests to OpenRouter and repo-scoped read queries to GitHub.
Evidence against
  • `package.json` postinstall only attempts to load `node-pty` and prints a warning on failure.
  • No install hook writes files, changes agent configuration, or performs network requests.
  • `dist/index.js` only checks Node.js version then loads the CLI.
  • GitHub GraphQL tool rejects mutations and limits queries to the active project repository.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 2 file(s), 1.04 MB of source, external domains: api.github.com, github.com, openrouter.ai

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "try{require('node-pty')}catch(e){console.warn('[shipcode] node-pty not loadable; terminal features disabled')}"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('node-pty')}catch(e){console.warn('[shipcode] node-pty not loadable; terminal features disabled')}"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/program-2NTFQ6M7.jsView file
2777// ../../packages/agents/dist/cli-stdin-runner.js L2778: import { spawn } from "child_process"; L2779:
High
Child Process

Package source references child process execution.

dist/program-2NTFQ6M7.jsView on unpkg · L2777
4005// ../../packages/agents/dist/health-check.js L4006: var execAsync = promisify2(exec); L4007: var execFileAsync2 = promisify2(execFile2);
High
Shell

Package source references shell execution.

dist/program-2NTFQ6M7.jsView on unpkg · L4005
9752path: "feature-intake/plugin.json", L9753: content: '{\n "name": "feature-intake",\n "version": "1.1.0",\n "description": "Capture client requirements as PRD epics, sub-issues, and GitHub Projects kanban items.",\n "aut... L9754: }, ... L9756: path: "feature-intake/SKILL.md", L9757: content: '---\nname: feature-intake\ndescription: Capture a client or stakeholder feature request, turn it into a planner-ready PRD epic with scoped sub-issues, check for duplicate... L9758: }, ... L9764: path: "gh-project-board/scripts/setup-gh-project-board.mjs", L9765: content: "#!/usr/bin/env node\n\nimport { execFileSync } from 'node:child_process';\n\n// The dev-loop board-as-truth model: five human-facing columns. The AI-loop\n// sub-phases (... L9766: },
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/program-2NTFQ6M7.jsView on unpkg · L9752

Findings

1 Critical4 High3 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/program-2NTFQ6M7.js
HighShelldist/program-2NTFQ6M7.js
HighCommand Output Exfiltrationdist/program-2NTFQ6M7.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License