AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky primitives are tied to a user-invoked Claude Code MCP installer and local code-indexing/product features, not lifecycle or hidden execution.
Decision evidence
public snapshot- User-invoked installer can write Claude config and hooks in lib/dist/installer/targets/claude.js.
- Interactive installer may run npm install -g @specship/specship in lib/dist/installer/index.js.
- Package ships bundled native node executable at node.
- package.json has no lifecycle scripts, main, or bin; install-time execution is absent.
- bin/specship only launches bundled node with lib/dist/bin/specship.js and user args.
- Claude config writes are explicit installer behavior for a Claude Code MCP tool, with local default and prompts unless --yes is used.
- Auto hooks are package-aligned commands: specship sync --quiet and optional specship spec-nudge.
- No credential harvesting or exfiltration endpoints found in inspected installer/entrypoint paths.
- Dynamic eval is limited to ESM import helper new Function('specifier','return import(specifier)').
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
lib/dist/health/smoke-check.jsView on unpkg · L56Package source references dynamic require/import behavior.
lib/dist/ui/shimmer-worker.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/dist/designer/cdp-ensure.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
lib/dist/installer/index.jsView on unpkg · L123Package ships WebAssembly modules.
lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkgPackage contains source files above the static scanner size ceiling.
lib/dist/web/chunk-JTFXTIPE.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
lib/dist/installer/targets/claude.jsView on unpkg