registry  /  create-stack-next  /  0.7.0

create-stack-next@0.7.0

Scaffolder opinado para proyectos Next.js 15 con TypeScript estricto, Biome, Vitest, Playwright y AI agent config preinstalado.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. A user-invoked scaffolder defaults to initializing an external AI-agent extension in the newly created project. This is a first-party project setup action, not install-time mutation of an existing broad agent surface.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `create-stack-next <project>` without `--no-openspec`.
Impact
May install/configure OpenSpec AI-tool files in the new project; no confirmed exfiltration, destructive action, or foreign-scope persistence.
Mechanism
Spawns a fixed OpenSpec npx command with selected AI-tool identifiers and copies agent configuration templates.
Rationale
The static warning reflects real user-command AI-agent setup and runtime package resolution, but source does not establish malicious behavior. Per policy, this first-party extension setup warrants a warning rather than a block.
Evidence
package.jsondist/cli.jsdist/openspec-init.jsdist/copy-template.jstemplate/.openclaw/config.jsontemplate/.agents/config.json

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js` runs OpenSpec by default after user invokes the scaffold CLI.
  • `dist/openspec-init.js` spawns `npx @fission-ai/openspec init --tools … --force` in the new project.
  • `template/.openclaw/config.json` and agent prompt files are copied into generated projects.
  • Non-interactive mode selects Claude and Cursor defaults.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook.
  • Child processes use fixed executable names and argument arrays; no shell option is used.
  • No credential harvesting, data exfiltration, eval, or obfuscated payload was found.
  • Writes are confined to the requested generated project template and Git initialization.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 24 file(s), 33.3 KB of source

Source & flagged code

3 flagged · loading source
dist/openspec-init.jsView file
matchType = previous_version_dangerous_delta matchedPackage = create-stack-next@0.6.2 matchedIdentity = npm:Y3JlYXRlLXN0YWNrLW5leHQ:0.6.2 similarity = 0.870 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/openspec-init.jsView on unpkg
12*/ L13: import { spawn } from "node:child_process"; L14: /**
High
Child Process

Package source references child process execution.

dist/openspec-init.jsView on unpkg · L12
12*/ L13: import { spawn } from "node:child_process"; L14: /** ... L23: return new Promise((resolve, reject) => { L24: // Usamos npx para no requerir instalación global de openspec L25: const proc = spawn("npx", ["@fission-ai/openspec", "init", "--tools", toolFlag, "--force"], {
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/openspec-init.jsView on unpkg · L12

Findings

1 Critical3 High1 Medium3 Low
CriticalPrevious Version Dangerous Deltadist/openspec-init.js
HighChild Processdist/openspec-init.js
HighShell
HighRuntime Package Installdist/openspec-init.js
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem