registry  /  @stdd/cli  /  0.1.0

@stdd/cli@0.1.0

Spec + Test Driven Development — a markdown-first methodology kit for teams building software with AI coding agents

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. A user-run `stdd init` can install package-supplied Claude skill files and, when selected, a GitHub Actions workflow into the target repository. No automatic install-time execution or concrete malicious behavior is established.

Static reason
No blocking static signals were detected.
Trigger
User runs `stdd init` in a target repository.
Impact
Changes repository-local AI-agent instructions and optionally adds a read-only PR validation workflow.
Mechanism
Explicit first-party agent-skill and CI-workflow generation.
Rationale
Source inspection confirms a benign methodology CLI, but its explicit default setup writes agent-consumed skill files and therefore merits a non-blocking lifecycle warning under the stated policy.
Evidence
package.jsoncli/stdd.mjscli/lib.mjstemplates/github-stdd.yml.stdd/method.md.stdd/playbooks/*.md.stdd/config.json.stdd/manifest.json.claude/skills/*/SKILL.md.stdd/AGENTS-snippet.md.github/workflows/stdd.yml

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • `cli/stdd.mjs` `init` explicitly writes packaged Claude skills to `.claude/skills/*/SKILL.md`.
  • `cli/stdd.mjs` can generate `.github/workflows/stdd.yml` when `--ci github` is requested.
  • `init` defaults to the known tools, including `claude`, when invoked without `--tools`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • All writes are behind the user-invoked `stdd init` command; import-time code only loads local package data.
  • Process execution uses `execFileSync` for fixed `git`/`gh` commands, with no shell, eval, or dynamic code loading.
  • No credential harvesting, environment access, exfiltration code, binary payload, or destructive deletion was found.
  • `templates/github-stdd.yml` requests read-only GitHub permissions and only validates PR evidence.
Behavioral surface
Source
ChildProcessCryptoFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 29.4 KB of source

Source & flagged code

2 flagged · loading source
cli/stdd.mjsView file
Published source reference
Medium
Ai Review Evidence

`cli/stdd.mjs` `init` explicitly writes packaged Claude skills to `.claude/skills/*/SKILL.md`.

cli/stdd.mjsView on unpkg
Published source reference
Medium
Ai Review Evidence

`cli/stdd.mjs` can generate `.github/workflows/stdd.yml` when `--ci github` is requested.

cli/stdd.mjsView on unpkg

Findings

3 Medium3 Low
MediumAi Review Evidencecli/stdd.mjs
MediumAi Review Evidencecli/stdd.mjs
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings