AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Confirmed agent-extension setup exists, but it is user-invoked and package-aligned rather than npm lifecycle-delivered. Residual risk is Claude Code control-surface expansion through MCP tools, auto-allow permissions, hooks, commands, and optional CLAUDE.md guidance.
Decision evidence
public snapshot- User-invoked installer writes Claude Code MCP config to ./.mcp.json or ~/.claude.json in lib/dist/installer/targets/claude.js.
- Installer can add Claude settings permissions and hooks running `specship sync --quiet` after edits and at session start.
- Installer copies package slash commands and an agent into ./.claude or ~/.claude command/agent dirs.
- `--sdd` opt-in writes a CLAUDE.md steering block and UserPromptSubmit hook `specship spec-nudge`.
- `specship install` may run `npm install -g @specship/specship`, but only after interactive confirmation.
- Root package.json has no npm lifecycle scripts, so no install-time execution on package install.
- Default CLI entry bin/specship only execs bundled node with lib/dist/bin/specship.js on user invocation.
- Claude writes are reached through explicit `specship install`, with prompts or flags; not automatic npm lifecycle mutation.
- MCP config points to local command `specship serve --mcp`, not a remote endpoint.
- Network use found is package-aligned local UI/CDP or Claude design integration, not credential exfiltration.
- No credential harvesting, destructive behavior, remote payload download, or broad persistence confirmed.
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
lib/dist/health/smoke-check.jsView on unpkg · L56This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/dist/bin/specship.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
lib/dist/bin/specship.jsView on unpkg · L295Package source references dynamic require/import behavior.
lib/dist/ui/shimmer-worker.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/dist/designer/cdp-ensure.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
lib/dist/installer/index.jsView on unpkg · L125Package ships WebAssembly modules.
lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkgPackage contains source files above the static scanner size ceiling.
lib/dist/web/chunk-JTFXTIPE.jsView on unpkg