AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package contains a user-invoked SpecShip/Claude Code integration that writes package-owned MCP, command, agent, permission, and sync-hook configuration after explicit CLI use.
Decision evidence
public snapshot- Ships native ARM64 node executable invoked by bin/specship.
- User-invoked installer can write Claude MCP config, permissions, slash commands, subagent, and hooks.
- Runtime installer can run `npm install -g @specship/specship` only after interactive confirmation.
- package.json has no lifecycle scripts, bin, main, or module entrypoints.
- Claude config mutation is reached via `specship`/`specship install`, not npm install/import time.
- Default install is local project scope; global scope is prompted/flagged.
- SDD CLAUDE.md rule and UserPromptSubmit hook require explicit `--sdd` opt-in.
- MCP entry launches package-aligned `specship serve --mcp`; permissions are limited to mcp__specship tools.
- No credential harvesting or external exfiltration found in inspected installer/bin paths.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
lib/dist/health/smoke-check.jsView on unpkg · L56Package source references a known benign dynamic code generation pattern.
lib/dist/bin/specship.jsView on unpkg · L247Package source references dynamic require/import behavior.
lib/dist/ui/shimmer-worker.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/dist/designer/cdp-ensure.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
lib/dist/installer/index.jsView on unpkg · L125Package ships WebAssembly modules.
lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/dist/server/cli.jsView on unpkg