AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface is established for the root platform bundle. The package ships a Windows ARM64 Node binary and SpecShip app code; risky agent integrations are activated by the SpecShip installer/CLI rather than npm install of this root package.
Decision evidence
public snapshot- lib/package.json has preuninstall for the inner @specship/specship package, but root package.json has no lifecycle scripts.
- lib/dist/installer/targets/claude.js can write Claude MCP config, permissions, hooks, commands, agent files, and optional CLAUDE.md SDD instructions.
- lib/dist/installer/index.js default --yes local install sets autoAllow true and initializes project; interactive path may run npm install -g @specship/specship.
- lib/dist/sync/git-hooks.js can install marked git post-commit/post-merge/post-checkout hooks when watcher fallback is selected.
- Root package.json only declares name/version/os/cpu/files/license; no install/postinstall hooks or bin entry at root.
- Agent/MCP writes are in user-invoked specship install flow, with local default, prompts unless --yes, and uninstall cleanup.
- MCP config launches package-aligned command specship serve --mcp; no foreign remote endpoint is registered.
- Commands/agent content inspected is package-aligned retrieval guidance and MCP-only explorer, not credential harvesting or reviewer manipulation.
- Child process use in smoke-check spawns the local CLI with bounded timeout; git/bun/uv/claude runners are user-invoked workflow features.
- No source evidence of credential exfiltration, destructive install-time behavior, or unconsented lifecycle mutation from the root platform package.
Source & flagged code
9 flagged · loading sourcePackage source references child process execution.
lib/dist/health/smoke-check.jsView on unpkg · L56Package source references a known benign dynamic code generation pattern.
lib/dist/bin/specship.jsView on unpkg · L247Package source references dynamic require/import behavior.
lib/dist/ui/shimmer-worker.jsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution; review context before blocking.
lib/dist/designer/cdp-ensure.jsView on unpkg · L9Package source invokes a package manager install command at runtime.
lib/dist/installer/index.jsView on unpkg · L125Package ships WebAssembly modules.
lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
bin/specship.cmdView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/dist/server/cli.jsView on unpkg