registry  /  create-deepspace  /  0.5.0

create-deepspace@0.5.0

Create a new DeepSpace app

AI Security Review

scanned 42m ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface: the package is a scaffolding CLI that writes a new app template, configures project files, installs a first-party DeepSpace skill, and starts dependency installation in the scaffolded app. The risky primitives are explicit CLI-time setup behavior, not install-time package compromise.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs create-deepspace CLI/bin with an app name
Impact
Creates/modifies files in the requested app directory and invokes package managers for the scaffolded project
Mechanism
project scaffolding plus first-party agent skill setup and background dependency install
Rationale
Source inspection shows explicit scaffolding behavior with user-invoked agent skill setup and dependency installation, but no npm install-time hook, stealth persistence, credential theft, or exfiltration. Under the policy, first-party package-owned agent extension setup from an explicit CLI command is a warning-level lifecycle risk rather than publish-block malware.
Evidence
package.jsondist/index.jsdist/install-worker.jstemplates/starter/package.jsontemplates/starter/CLAUDE.mdtemplates/starter/AGENTS.mdtarget app directorytarget app package.jsontarget app .gitignoretarget app .claude/launch.jsontarget app .deepspace/skill.errtarget app .deepspace/install.startedtarget app .deepspace/install.log
Network endpoints2
deepdotspace/deepspace-skillskills@latest

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js creates .claude/launch.json in the scaffolded app with npx deepspace dev settings.
  • dist/index.js runs user-triggered npx -y skills@latest add deepdotspace/deepspace-skill -y during CLI scaffolding.
  • dist/index.js starts detached dist/install-worker.js after scaffolding to install dependencies.
  • dist/index.js uses execSync for git init and optional --local npm pack in user-specified paths.
Evidence against
  • package.json has no preinstall/install/postinstall hook; only prepublishOnly build.
  • bin entry is dist/index.js, so behavior is activated by explicit create-deepspace CLI use.
  • dist/index.js scaffolds templates, edits the new app package.json, and writes .gitignore/.deepspace status files in the target app.
  • Agent skill install is first-party/package-aligned and failure is logged locally to .deepspace/skill.err.
  • No credential harvesting or exfiltration endpoints found in inspected source.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 46 file(s), 143 KB of source, external domains: deep.space, docs.deep.space, react.dev

Source & flagged code

3 flagged · loading source
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = create-deepspace@0.4.5 matchedIdentity = npm:Y3JlYXRlLWRlZXBzcGFjZQ:0.4.5 similarity = 0.957 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
6import { fileURLToPath } from "url"; L7: import { execSync } from "child_process"; L8: import spawn from "cross-spawn";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L6
333} catch (err) { L334: s.stop("Skill install failed \u2014 see .deepspace/skill.err, then run `npx deepspace skills add`"); L335: try { ... L346: const workerScript = join(__dirname, "install-worker.js"); L347: const worker = spawn(process.execPath, [workerScript, appDir], { L348: cwd: appDir,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L333

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings