registry  /  gsd-lite  /  0.8.2

gsd-lite@0.8.2

AI orchestration tool for Claude Code — GSD management shell + Superpowers quality core

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. This is a persistent Claude Code extension. After installation, its session hook can modify its own Claude configuration and auto-download/run newer release installers.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `gsd install` or installs the Claude plugin; later Claude session starts invoke the installed hook.
Impact
Persistent local Claude configuration and execution of future release installers.
Mechanism
First-party agent extension lifecycle with remote self-update
Rationale
Source inspection does not establish malicious exfiltration, destructive behavior, or an unconsented npm preinstall/install/postinstall control-surface mutation. The persistent hook plus auto-update execution is a guarded first-party agent-extension lifecycle risk and should be warned.
Evidence
package.jsoncli.jslauncher.jsinstall.jshooks/gsd-session-init.cjshooks/gsd-auto-update.cjs~/.claude/settings.json~/.claude/hooks/gsd-session-init.cjs~/.claude/hooks/gsd-auto-update.cjs~/.claude/gsd/${CLAUDE_PLUGIN_ROOT}/launcher.jsCLAUDE.md
Network endpoints5
api.github.com/repos/sdsrss/gsd-lite/releases/latestgithub.comapi.github.comcodeload.github.comobjects.githubusercontent.com

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `install.js` writes GSD MCP, status-line, and hook entries to `~/.claude/settings.json`.
  • `hooks/gsd-session-init.cjs` self-heals GSD configuration and spawns background auto-update on Claude session start.
  • `hooks/gsd-auto-update.cjs` downloads release tarballs and executes their `install.js`; checksum verification is skipped when a release lacks one.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall`; `prepare` only links a Git pre-commit hook when `.git` exists.
  • `cli.js` exposes installation and updates through named user commands.
  • Network use is limited to allowlisted GitHub release/download hosts; no credential or project-data exfiltration was found.
  • No obfuscated payload, eval/vm use, or arbitrary remote endpoint was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 298 KB of source, external domains: api.github.com

Source & flagged code

5 flagged · loading source
install.jsView file
7import { fileURLToPath, pathToFileURL } from 'node:url'; L8: import { execSync } from 'node:child_process'; L9: import { createRequire } from 'node:module';
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L7
215// the runtime). Leaving them in means a later manual `npm install` in L216: // ~/.claude/gsd fails under cmd.exe on Windows (issue #2). L217: if (DRY_RUN) {
High
Shell

Package source references shell execution.

install.jsView on unpkg · L215
215// the runtime). Leaving them in means a later manual `npm install` in L216: // ~/.claude/gsd fails under cmd.exe on Windows (issue #2). L217: if (DRY_RUN) { ... L230: copyFile(join(__dirname, 'uninstall.js'), join(RUNTIME_DIR, 'uninstall.js'), 'runtime/uninstall.js → ~/.claude/gsd/uninstall.js'); L231: // Copy lock file so `npm ci` works when node_modules are not present (npx scenario) L232: const lockFile = join(__dirname, 'package-lock.json');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

install.jsView on unpkg · L215
hooks/gsd-statusline.cjsView file
5L6: const fs = require('node:fs'); L7: const path = require('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

hooks/gsd-statusline.cjsView on unpkg · L5
hooks/gsd-auto-update.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = gsd-lite@0.8.1 matchedIdentity = npm:Z3NkLWxpdGU:0.8.1 similarity = 0.964 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

hooks/gsd-auto-update.cjsView on unpkg

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltahooks/gsd-auto-update.cjs
HighChild Processinstall.js
HighShellinstall.js
HighRuntime Package Installinstall.js
MediumDynamic Requirehooks/gsd-statusline.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings