registry  /  shark-ai  /  0.4.27

shark-ai@0.4.27

Shark AI: AI-Native Collaborative Development Tool powered by StackSpot AI and BMAD Method

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `shark super` (optionally `--local`).
Impact
Changes agent instructions/capabilities in the selected global or project skill directory.
Mechanism
explicit CLI installation of bundled agent skills
Rationale
This is a real, user-invoked AI-agent control-surface mutation and merits a warning under policy, not a block. The package has no install lifecycle hook and its observed network use is aligned with its configured StackSpot/OpenAI-compatible CLI functionality.
Evidence
package.jsondist/bin/shark.jsdist/chunk-LQ2PEYRD.jsskills/~/.shark/skills.agents/skills
Network endpoints2
idm.stackspot.com/${realm}/oidc/oauth/tokengenai-inference-app.stackspot.com

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/bin/shark.js` registers explicit `shark super`.
  • `shark super` recursively removes then copies shipped `skills/` to `.agents/skills` or `~/.shark/skills`.
  • `dist/bin/shark.js` runs child-process helpers only under user CLI commands.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
  • Entrypoints only parse commands; no install-time network or file mutation.
  • StackSpot auth/chat requests are invoked by login/dev flows and use configured credentials.
  • No source evidence of credential exfiltration, remote payload loading, stealth persistence, or destructive behavior.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 256 KB of source, external domains: cdn.tailwindcss.com, fonts.googleapis.com, genai-inference-app.stackspot.com, idm.stackspot.com, json-schema.org, primeradiant.com, unpkg.com

Source & flagged code

2 flagged · loading source
dist/chunk-WJUQF54U.jsView file
14var __filename = fileURLToPath(import.meta.url); L15: var __dirname = path.dirname(__filename); L16: var packageRoot = __dirname; L17: while (packageRoot && packageRoot !== path.parse(packageRoot).root) { L18: if (fs.existsSync(path.join(packageRoot, "package.json"))) { L19: break; ... L36: try { L37: this.cache = JSON.parse(fs.readFileSync(this.cachePath, "utf8")); L38: } catch { ... L43: saveCache() { L44: if (process.env.VITEST || process.env.NODE_ENV === "test") { L45: const dir = path.dirname(this.cachePath);
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-WJUQF54U.jsView on unpkg · L14
skills/systematic-debugging/find-polluter.shView file
path = skills/systematic-debugging/find-polluter.sh kind = build_helper sizeBytes = 1528 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/systematic-debugging/find-polluter.shView on unpkg

Findings

4 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/systematic-debugging/find-polluter.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-WJUQF54U.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings