registry  /  @spawn-llc/design-system  /  3.3.1

@spawn-llc/design-system@3.3.1

Spawn Partners brand system — Base UI components, design tokens, and themed CSS. Single source of truth for the Spawn Partners brand.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Direct npm installation can mutate the consuming project's `.mcp.json`. The entry registers this package's documentation MCP server for later agent use; no confirmed exfiltration or destructive behavior exists.

Static reason
One or more suspicious static signals were detected.
Trigger
Direct non-CI npm installation from a project directory with `package.json`.
Impact
Adds an AI-agent extension configuration that may be discovered and run later by an MCP-capable coding agent.
Mechanism
Guarded postinstall registration of a package-owned MCP server.
Rationale
This is a concrete install-time mutation of a consumer AI-agent control surface, but it is a guarded first-party package-owned extension setup rather than confirmed malicious behavior. Per policy, it warrants a warning rather than a block.
Evidence
package.jsonbin/postinstall.mjsbin/mcp-config.mjsbin/mcp.mjsbin/cli.mjs.mcp.json

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `bin/postinstall.mjs` on installation.
  • `bin/postinstall.mjs` writes the consumer project's `.mcp.json` outside CI and only for direct project installs.
  • `bin/mcp-config.mjs` adds `spawn-design-system` with `npx -y @spawn-llc/design-system mcp`.
Evidence against
  • Postinstall skips CI, self-installs, and nested/transitive installs.
  • MCP server tools in `bin/mcp.mjs` are declared read-only and serve package documentation over stdio.
  • No credential harvesting, shell execution, remote payload loading, native binaries, or hidden network endpoint was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 217 file(s), 401 KB of source, external domains: www.w3.org

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node bin/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings