registry  /  @specship/specship-win32-arm64  /  0.11.9

@specship/specship-win32-arm64@0.11.9

SpecShip self-contained bundle for win32-arm64

AI Security Review

scanned 3d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface. The package is an agent/Claude Code extension that can write Claude MCP, settings, hooks, commands, agents, and project index files when the user runs the CLI installer.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs specship or specship install
Impact
Adds SpecShip MCP tools and auto-sync hooks to Claude/project configuration; no unconsented npm lifecycle mutation found.
Mechanism
user-invoked Claude Code extension setup
Rationale
Static inspection shows a package-aligned Claude/SpecShip extension installer with broad agent-control writes, but they are user-invoked and there is no npm lifecycle hook or covert exfiltration behavior. This fits guarded agent extension lifecycle risk rather than malicious lifecycle hijack.
Evidence
package.jsonbin/specship.cmdlib/package.jsonlib/dist/bin/specship.jslib/dist/installer/index.jslib/dist/installer/targets/claude.jslib/dist/installer/targets/shared.jslib/dist/sync/git-hooks.jslib/dist/.claude-plugin/plugin.jsonlib/dist/hooks/hooks.json~/.claude.json./.mcp.json~/.claude/settings.json./.claude/settings.json~/.claude/commands/specship/explore.md./.claude/commands/specship/explore.md~/.claude/agents/specship-explorer.md./.claude/agents/specship-explorer.md./CLAUDE.md.specship/git hooks post-commit/post-merge/post-checkout

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • User-invoked installer writes Claude MCP config to ~/.claude.json or ./.mcp.json.
  • Installer can add Claude settings permissions and hooks running specship sync/spec-nudge.
  • Installer copies package slash commands and agent markdown into Claude commands/agents dirs.
  • Local install can initialize .specship and optionally install git sync hooks when watcher is disabled.
Evidence against
  • Top-level package.json has no npm lifecycle scripts or bin entry; install-time execution is not present.
  • bin/specship.cmd only launches bundled node.exe with lib/dist/bin/specship.js.
  • CLI installer is activated by running specship with no args or install flags, not by npm install.
  • MCP command is package-aligned: specship serve --mcp; permissions are specship MCP tools.
  • No credential harvesting or exfiltration endpoint found in inspected installer/CLI paths.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 342 file(s), 4.07 MB of source, external domains: 127.0.0.1, angular.dev, claude.ai, docs.claude.com, github.com, mcp.sentry.dev, www.w3.org
Oversized source lightweight scan
lib/dist/web/chunk-JTFXTIPE.js3.48 MB file, sampled 256 KB
ChildProcessEnvironmentVarsShellObfuscatedHighEntropyStringsMinified

Source & flagged code

10 flagged · loading source
lib/dist/health/smoke-check.jsView file
56const path = __importStar(require("path")); L57: const child_process_1 = require("child_process"); L58: const sqlite_adapter_1 = require("../db/sqlite-adapter");
High
Child Process

Package source references child process execution.

lib/dist/health/smoke-check.jsView on unpkg · L56
lib/dist/bin/specship.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @specship/specship-win32-arm64@0.11.7 matchedIdentity = npm:[redacted]:0.11.7 similarity = 0.942 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/dist/bin/specship.jsView on unpkg
295// eslint-disable-next-line @typescript-eslint/no-implied-eval L296: const importESM = new Function('specifier', 'return import(specifier)'); L297: // Block SpecShip on Node.js 25.x — V8's turboshaft WASM JIT has a Zone
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/dist/bin/specship.jsView on unpkg · L295
lib/dist/ui/shimmer-worker.jsView file
2Object.defineProperty(exports, "__esModule", { value: true }); L3: const worker_threads_1 = require("worker_threads"); L4: const fs_1 = require("fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/dist/ui/shimmer-worker.jsView on unpkg · L2
lib/dist/designer/cdp-ensure.jsView file
9const node_path_1 = __importDefault(require("node:path")); L10: const node_child_process_1 = require("node:child_process"); L11: const cross_platform_1 = require("./cross-platform"); L12: const cdp_env_1 = require("./cdp-env"); L13: const PORT = process.env.DESIGNER_CDP || '9222'; L14: const PROFILE = node_path_1.default.join(node_os_1.default.homedir(), '.chrome-designer-profile'); ... L17: try { L18: const res = await fetch(`http://127.0.0.1:${PORT}/json/version`, { signal: AbortSignal.timeout(1500) }); L19: return res.ok;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/dist/designer/cdp-ensure.jsView on unpkg · L9
lib/dist/installer/index.jsView file
125try { L126: (0, child_process_1.execSync)('npm install -g @specship/specship', { stdio: 'pipe', windowsHide: true }); L127: s.stop('Installed specship CLI on PATH');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/dist/installer/index.jsView on unpkg · L125
node.exeView file
path = node.exe kind = native_binary sizeBytes = 81025864 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

node.exeView on unpkg
lib/dist/extraction/wasm/tree-sitter-scala.wasmView file
path = lib/dist/extraction/wasm/tree-sitter-scala.wasm kind = wasm_module sizeBytes = 4958320 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkg
bin/specship.cmdView file
path = bin/specship.cmd kind = build_helper sizeBytes = 74 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/specship.cmdView on unpkg
lib/dist/web/chunk-JTFXTIPE.jsView file
path = lib/dist/web/chunk-JTFXTIPE.js kind = oversized_source_file sizeBytes = 3651043 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

lib/dist/web/chunk-JTFXTIPE.jsView on unpkg

Findings

1 Critical5 High8 Medium6 Low
CriticalPrevious Version Dangerous Deltalib/dist/bin/specship.js
HighChild Processlib/dist/health/smoke-check.js
HighShell
HighSame File Env Network Executionlib/dist/designer/cdp-ensure.js
HighRuntime Package Installlib/dist/installer/index.js
HighOversized Source Filelib/dist/web/chunk-JTFXTIPE.js
MediumDynamic Requirelib/dist/ui/shimmer-worker.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binarynode.exe
MediumShips Wasm Modulelib/dist/extraction/wasm/tree-sitter-scala.wasm
MediumShips Build Helperbin/specship.cmd
MediumStructural Risk Force Deep Review
LowEvallib/dist/bin/specship.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings