registry  /  @specship/specship-win32-x64  /  0.18.0

@specship/specship-win32-x64@0.18.0

SpecShip self-contained bundle for win32-x64

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is confirmed. An explicit CLI install configures a first-party Claude Code MCP extension with permissions and hooks that invoke SpecShip commands.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `specship install` (or invokes its installed Claude hooks afterward).
Impact
Claude Code can automatically invoke bundled SpecShip commands after edits, at session start, and for prompt guidance.
Mechanism
Explicit Claude Code MCP, permission, and hook configuration.
Rationale
Source inspection contradicts the scanner's malicious conclusion: no root lifecycle execution or credential exfiltration chain was found. The explicit installer modifies Claude Code control surfaces and enables automatic hooks, so policy supports a warning rather than a clean or block verdict.
Evidence
package.jsonbin/specship.cmdlib/dist/bin/specship.jslib/dist/installer/targets/claude.jslib/dist/installer/targets/shared.jslib/dist/update/run-installer.jslib/dist/jira/client.js~/.claude.json./.mcp.json~/.claude/settings.json./.claude/settings.json~/.claude/commands/specship./.claude/commands/specship~/.claude/agents/specship-explorer.md./.claude/agents/specship-explorer.md

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `lib/dist/installer/targets/claude.js` installs a `specship` MCP server into Claude config.
  • Explicit `specship install` writes Claude permission entries and command hooks.
  • Installed hooks run `specship sync` after edits/session start and prompt-nudge commands.
  • `lib/dist/update/run-installer.js` can run `npm i -g @specship/specship@latest` only through explicit update.
Evidence against
  • Root `package.json` has no lifecycle scripts, bin/main hooks, or install-time execution.
  • `bin/specship.cmd` only launches bundled `node.exe` with the CLI entrypoint.
  • Claude configuration changes are reached through the explicit `specship install` command.
  • Optional JIRA networking is opt-in and targets the user-configured Atlassian host; source guards redirects.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 224 file(s), 3.07 MB of source, external domains: 127.0.0.1, acme.atlassian.net, claude.ai, cli.github.com, docs.claude.com, github.com, raw.githubusercontent.com, reactjs.org, registry.npmjs.org, www.w3.org

Source & flagged code

10 flagged · loading source
lib/dist/update/run-installer.jsView file
12*/ L13: const node_child_process_1 = require("node:child_process"); L14: const updater_1 = require("./updater");
High
Child Process

Package source references child process execution.

lib/dist/update/run-installer.jsView on unpkg · L12
lib/dist/bin/specship.jsView file
250// eslint-disable-next-line @typescript-eslint/no-implied-eval L251: const importESM = new Function('specifier', 'return import(specifier)'); L252: // Block SpecShip on Node.js 25.x — V8's turboshaft WASM JIT has a Zone
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/dist/bin/specship.jsView on unpkg · L250
lib/dist/ui/shimmer-worker.jsView file
2Object.defineProperty(exports, "__esModule", { value: true }); L3: const worker_threads_1 = require("worker_threads"); L4: const fs_1 = require("fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

lib/dist/ui/shimmer-worker.jsView on unpkg · L2
lib/dist/designer/cdp-ensure.jsView file
9const node_path_1 = __importDefault(require("node:path")); L10: const node_child_process_1 = require("node:child_process"); L11: const cross_platform_1 = require("./cross-platform"); L12: const cdp_env_1 = require("./cdp-env"); L13: const PORT = process.env.DESIGNER_CDP || '9222'; L14: const PROFILE = node_path_1.default.join(node_os_1.default.homedir(), '.chrome-designer-profile'); ... L17: try { L18: const res = await fetch(`http://127.0.0.1:${PORT}/json/version`, { signal: AbortSignal.timeout(1500) }); L19: return res.ok;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

lib/dist/designer/cdp-ensure.jsView on unpkg · L9
lib/dist/installer/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @specship/specship-win32-x64@0.17.0 matchedIdentity = npm:[redacted]:0.17.0 similarity = 0.942 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/dist/installer/index.jsView on unpkg
128try { L129: (0, child_process_1.execSync)('npm install -g @specship/specship', { stdio: 'pipe', windowsHide: true }); L130: s.stop('Installed specship CLI on PATH');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

lib/dist/installer/index.jsView on unpkg · L128
node.exeView file
path = node.exe kind = native_binary sizeBytes = 92279112 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

node.exeView on unpkg
lib/dist/extraction/wasm/tree-sitter-scala.wasmView file
path = lib/dist/extraction/wasm/tree-sitter-scala.wasm kind = wasm_module sizeBytes = 4958320 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkg
bin/specship.cmdView file
path = bin/specship.cmd kind = build_helper sizeBytes = 74 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/specship.cmdView on unpkg
lib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View file
path = lib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2 kind = high_entropy_blob sizeBytes = 7716 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

lib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View on unpkg

Findings

1 Critical5 High7 Medium4 Low
CriticalPrevious Version Dangerous Deltalib/dist/installer/index.js
HighChild Processlib/dist/update/run-installer.js
HighShell
HighSame File Env Network Executionlib/dist/designer/cdp-ensure.js
HighRuntime Package Installlib/dist/installer/index.js
HighShips High Entropy Bloblib/dist/ui/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2
MediumDynamic Requirelib/dist/ui/shimmer-worker.js
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarynode.exe
MediumShips Wasm Modulelib/dist/extraction/wasm/tree-sitter-scala.wasm
MediumShips Build Helperbin/specship.cmd
MediumStructural Risk Force Deep Review
LowEvallib/dist/bin/specship.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings