AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky agent-integration behavior is guarded by explicit CLI installer flow and is aligned to SpecShip's own Claude/MCP extension functionality.
Decision evidence
public snapshot- User-invoked installer writes Claude Code MCP config, permissions, hooks, commands, and agent files.
- Installer can run `npm install -g @specship/specship`, but only after interactive confirmation and skipped with `--yes`.
- package.json has no lifecycle scripts, bin, main, or install-time execution.
- bin/specship only launches bundled node with lib/dist/bin/specship.js.
- Claude config writes are under explicit `specship install`, default local scope, package-aligned, and uninstall removes owned entries.
- MCP config launches `specship serve --mcp`; permissions are `mcp__specship__*` only.
- No credential harvesting or exfiltration endpoints found in inspected installer/CLI paths.
- Native binary is a bundled Node runtime for linux-x64, invoked by wrapper script.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
lib/dist/health/smoke-check.jsView on unpkg · L56Package source references a known benign dynamic code generation pattern.
lib/dist/bin/specship.jsView on unpkg · L247Package source references dynamic require/import behavior.
lib/dist/ui/shimmer-worker.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/dist/designer/cdp-ensure.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
lib/dist/installer/index.jsView on unpkg · L125Package ships WebAssembly modules.
lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/dist/server/cli.jsView on unpkg