registry  /  @specship/specship-linux-arm64  /  0.17.0

@specship/specship-linux-arm64@0.17.0

SpecShip self-contained bundle for linux-arm64

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface was found. An explicit `specship install` can configure SpecShip as a Claude Code MCP server and add first-party hooks in local or global Claude configuration.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `specship install` or invokes the CLI update command.
Impact
Can persist SpecShip MCP/hook configuration in user or project Claude settings; no unconsented lifecycle execution or exfiltration was found.
Mechanism
explicit first-party Claude Code extension setup and self-update
Rationale
Not malicious by static source inspection: the root package has no lifecycle scripts and no confirmed credential exfiltration, remote payload execution, or destructive chain. Flag as warn because explicit installation can persist MCP and hook configuration in global Claude Code settings.
Evidence
package.jsonbin/specshiplib/dist/installer/index.jslib/dist/installer/targets/claude.jslib/dist/installer/targets/shared.jslib/dist/update/run-installer.jslib/dist/update/resolve-latest.jslib/dist/bin/specship.js~/.claude.json~/.claude/settings.json.mcp.json.claude/settings.json
Network endpoints2
github.com/selvakumarEsra/specship/releases/latestregistry.npmjs.org/@specship/specship

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/dist/installer/targets/claude.js` registers SpecShip MCP, Claude hooks, permissions, instructions, commands, and agent files.
  • The installer can target global `~/.claude.json` and `~/.claude/settings.json`, affecting all Claude projects.
  • `lib/dist/update/run-installer.js` runs `npm i -g @specship/specship@latest` only through explicit update flow.
Evidence against
  • Root `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • `bin/specship` only executes the bundled CLI after explicit user invocation.
  • Installer writes are scoped to named `specship` config entries and documented Claude locations.
  • Update checks use declared GitHub and npm-registry endpoints; no credential harvesting or exfiltration was confirmed.
  • `new Function` in `lib/dist/installer/index.js` is an ESM dynamic-import compatibility helper, not payload evaluation.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 222 file(s), 3.05 MB of source, external domains: 127.0.0.1, acme.atlassian.net, claude.ai, cli.github.com, docs.claude.com, github.com, raw.githubusercontent.com, reactjs.org, registry.npmjs.org, www.w3.org

Source & flagged code

9 flagged · loading source
lib/dist/update/run-installer.jsView file
12*/ L13: const node_child_process_1 = require("node:child_process"); L14: const updater_1 = require("./updater");
High
Child Process

Package source references child process execution.

lib/dist/update/run-installer.jsView on unpkg · L12
lib/dist/bin/specship.jsView file
250// eslint-disable-next-line @typescript-eslint/no-implied-eval L251: const importESM = new Function('specifier', 'return import(specifier)'); L252: // Block SpecShip on Node.js 25.x — V8's turboshaft WASM JIT has a Zone
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/dist/bin/specship.jsView on unpkg · L250
lib/dist/ui/shimmer-worker.jsView file
2Object.defineProperty(exports, "__esModule", { value: true }); L3: const worker_threads_1 = require("worker_threads"); L4: const fs_1 = require("fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/dist/ui/shimmer-worker.jsView on unpkg · L2
lib/dist/designer/cdp-ensure.jsView file
9const node_path_1 = __importDefault(require("node:path")); L10: const node_child_process_1 = require("node:child_process"); L11: const cross_platform_1 = require("./cross-platform"); L12: const cdp_env_1 = require("./cdp-env"); L13: const PORT = process.env.DESIGNER_CDP || '9222'; L14: const PROFILE = node_path_1.default.join(node_os_1.default.homedir(), '.chrome-designer-profile'); ... L17: try { L18: const res = await fetch(`http://127.0.0.1:${PORT}/json/version`, { signal: AbortSignal.timeout(1500) }); L19: return res.ok;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/dist/designer/cdp-ensure.jsView on unpkg · L9
lib/dist/installer/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @specship/specship-linux-arm64@0.15.0 matchedIdentity = npm:[redacted]:0.15.0 similarity = 0.892 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/dist/installer/index.jsView on unpkg
128try { L129: (0, child_process_1.execSync)('npm install -g @specship/specship', { stdio: 'pipe', windowsHide: true }); L130: s.stop('Installed specship CLI on PATH');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/dist/installer/index.jsView on unpkg · L128
path = node kind = native_binary sizeBytes = 121333752 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

nodeView on unpkg
lib/dist/extraction/wasm/tree-sitter-scala.wasmView file
path = lib/dist/extraction/wasm/tree-sitter-scala.wasm kind = wasm_module sizeBytes = 4958320 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkg
lib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View file
path = lib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2 kind = high_entropy_blob sizeBytes = 7716 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

lib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View on unpkg

Findings

1 Critical5 High6 Medium4 Low
CriticalPrevious Version Dangerous Deltalib/dist/installer/index.js
HighChild Processlib/dist/update/run-installer.js
HighShell
HighSame File Env Network Executionlib/dist/designer/cdp-ensure.js
HighRuntime Package Installlib/dist/installer/index.js
HighShips High Entropy Bloblib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2
MediumDynamic Requirelib/dist/ui/shimmer-worker.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarynode
MediumShips Wasm Modulelib/dist/extraction/wasm/tree-sitter-scala.wasm
MediumStructural Risk Force Deep Review
LowEvallib/dist/bin/specship.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings