registry  /  gsd-lite  /  0.8.5

gsd-lite@0.8.5

AI orchestration tool for Claude Code — GSD management shell + Superpowers quality core

AI Security Review

scanned 56m ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. After a user installs GSD, its SessionStart hook can perform a background self-update. This is package-owned Claude extension lifecycle behavior, not an npm lifecycle attack.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User-installed GSD hook runs when a Claude Code session starts.
Impact
A compromised or improperly signed upstream release could execute its installer and modify GSD-managed files under `~/.claude`.
Mechanism
Signed GitHub release download followed by package installer execution and GSD configuration updates.
Rationale
No unconsented npm install-time mutation or credential/data theft was found. The background updater and Claude configuration writes warrant a warning for extension lifecycle risk, not a block.
Evidence
package.jsoncli.jsinstall.jshooks/gsd-session-init.cjshooks/gsd-auto-update.cjsuninstall.js~/.claude/settings.json~/.claude/hooks/gsd-*.cjs~/.claude/gsd/~/.claude/plugins/installed_plugins.json
Network endpoints1
api.github.com/repos/sdsrss/gsd-lite/releases/latest

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `hooks/gsd-session-init.cjs` launches a detached auto-update hook on Claude session start.
  • `hooks/gsd-auto-update.cjs` fetches GitHub release metadata and downloads an update tarball.
  • The updater executes the downloaded package's `install.js` and rewrites GSD Claude configuration/cache.
  • `install.js` copies hooks and registers GSD MCP/hooks in `~/.claude/settings.json`.
Evidence against
  • `package.json` has no npm `preinstall`, `install`, or `postinstall` hook.
  • `cli.js` exposes installation as explicit `gsd install`; `prepare` only links a VCS pre-commit hook when `.git` exists.
  • `hooks/gsd-auto-update.cjs` restricts downloads to GitHub hosts and verifies SHA-256 plus Ed25519 signatures for releases >= 0.8.3.
  • No credential harvesting, unrelated exfiltration, destructive payload, eval, or foreign-agent mutation was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 302 KB of source, external domains: api.github.com

Source & flagged code

5 flagged · loading source
install.jsView file
7import { fileURLToPath, pathToFileURL } from 'node:url'; L8: import { execSync } from 'node:child_process'; L9: import { createRequire } from 'node:module';
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L7
215// the runtime). Leaving them in means a later manual `npm install` in L216: // ~/.claude/gsd fails under cmd.exe on Windows (issue #2). L217: if (DRY_RUN) {
High
Shell

Package source references shell execution.

install.jsView on unpkg · L215
215// the runtime). Leaving them in means a later manual `npm install` in L216: // ~/.claude/gsd fails under cmd.exe on Windows (issue #2). L217: if (DRY_RUN) { ... L230: copyFile(join(__dirname, 'uninstall.js'), join(RUNTIME_DIR, 'uninstall.js'), 'runtime/uninstall.js → ~/.claude/gsd/uninstall.js'); L231: // Copy lock file so `npm ci` works when node_modules are not present (npx scenario) L232: const lockFile = join(__dirname, 'package-lock.json');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

install.jsView on unpkg · L215
hooks/gsd-statusline.cjsView file
5L6: const fs = require('node:fs'); L7: const path = require('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

hooks/gsd-statusline.cjsView on unpkg · L5
hooks/gsd-auto-update.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = gsd-lite@0.8.3 matchedIdentity = npm:Z3NkLWxpdGU:0.8.3 similarity = 0.964 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

hooks/gsd-auto-update.cjsView on unpkg

Findings

1 Critical3 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltahooks/gsd-auto-update.cjs
HighChild Processinstall.js
HighShellinstall.js
HighRuntime Package Installinstall.js
MediumDynamic Requirehooks/gsd-statusline.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings