AI Security Review
scanned 2d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- lib/dist/installer/targets/claude.js writes Claude MCP config to ./.mcp.json or ~/.claude.json.
- lib/dist/installer/targets/claude.js can add Claude settings permissions and auto hooks running specship sync commands.
- lib/dist/installer/targets/claude.js copies package slash commands and specship-explorer agent into ./.claude or ~/.claude.
- lib/dist/installer/index.js defaults --yes installs to local with autoAllow true and can run npm install -g @specship/specship in interactive flow.
- lib/dist/sync/git-hooks.js can install git post-commit/post-merge/post-checkout hooks, but only via user-invoked fallback setup.
- package.json has no npm lifecycle scripts, so install does not automatically mutate agent config.
- bin/specship is a shell wrapper executing bundled node and lib/dist/bin/specship.js with user arguments.
- Claude config writes are under explicit specship install/uninstall/init flows, not import-time execution.
- MCP server command is package-aligned: specship serve --mcp.
- No credential harvesting or external exfiltration endpoint was confirmed in inspected installer paths.
- Native node binary and tree-sitter WASM are consistent with a self-contained darwin-x64 code-indexing bundle.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
lib/dist/health/smoke-check.jsView on unpkg · L56This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/dist/bin/specship.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
lib/dist/bin/specship.jsView on unpkg · L247Package source references dynamic require/import behavior.
lib/dist/ui/shimmer-worker.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/dist/designer/cdp-ensure.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
lib/dist/installer/index.jsView on unpkg · L125Package ships WebAssembly modules.
lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkg