AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `shark super` (optionally `--local`).
Impact
Changes agent instructions/capabilities in the selected global or project skill directory.
Mechanism
explicit CLI installation of bundled agent skills
Rationale
This is a real, user-invoked AI-agent control-surface mutation and merits a warning under policy, not a block. The package has no install lifecycle hook and its observed network use is aligned with its configured StackSpot/OpenAI-compatible CLI functionality.
Evidence
package.jsondist/bin/shark.jsdist/chunk-LQ2PEYRD.jsskills/~/.shark/skills.agents/skills
Network endpoints2
idm.stackspot.com/${realm}/oidc/oauth/tokengenai-inference-app.stackspot.com
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/bin/shark.js` registers explicit `shark super`.
- `shark super` recursively removes then copies shipped `skills/` to `.agents/skills` or `~/.shark/skills`.
- `dist/bin/shark.js` runs child-process helpers only under user CLI commands.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- Entrypoints only parse commands; no install-time network or file mutation.
- StackSpot auth/chat requests are invoked by login/dev flows and use configured credentials.
- No source evidence of credential exfiltration, remote payload loading, stealth persistence, or destructive behavior.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/chunk-WJUQF54U.jsView file
14var __filename = fileURLToPath(import.meta.url);
L15: var __dirname = path.dirname(__filename);
L16: var packageRoot = __dirname;
L17: while (packageRoot && packageRoot !== path.parse(packageRoot).root) {
L18: if (fs.existsSync(path.join(packageRoot, "package.json"))) {
L19: break;
...
L36: try {
L37: this.cache = JSON.parse(fs.readFileSync(this.cachePath, "utf8"));
L38: } catch {
...
L43: saveCache() {
L44: if (process.env.VITEST || process.env.NODE_ENV === "test") {
L45: const dir = path.dirname(this.cachePath);
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/chunk-WJUQF54U.jsView on unpkg · L14skills/systematic-debugging/find-polluter.shView file
•path = skills/systematic-debugging/find-polluter.sh
kind = build_helper
sizeBytes = 1528
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
skills/systematic-debugging/find-polluter.shView on unpkgFindings
4 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/systematic-debugging/find-polluter.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-WJUQF54U.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings