registry  /  shark-ai  /  0.4.28

shark-ai@0.4.28

Shark AI: AI-Native Collaborative Development Tool powered by StackSpot AI and BMAD Method

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `shark super --local`.
Impact
Can alter the behavior and tool guidance of agents configured to consume that project skill directory.
Mechanism
Recursively replaces `.agents/skills` with bundled agent skills.
Rationale
Source inspection confirms an explicit command replaces a project-level AI-agent skills directory, so it warrants a warning under the agent-control policy. There is no concrete install-time, exfiltration, remote-payload, or stealth-persistence chain supporting a malicious block.
Evidence
package.jsondist/bin/shark.jsdist/chunk-E5OLC6X4.jsdist/chunk-3LTYWFIC.jsskills/writing-skills/render-graphs.jsskills/brainstorming/scripts/server.cjsskills
Network endpoints2
genai-inference-app.stackspot.comidm.stackspot.com/${realm}/oidc/oauth/token

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/bin/shark.js` exposes `shark super --local`.
  • That action recursively deletes and replaces `.agents/skills`.
  • It copies the package-bundled `skills` tree into the agent skill directory.
  • Agent responses can invoke `run_command`, implemented with a shell subprocess.
Evidence against
  • `package.json` has no install, preinstall, or postinstall hook.
  • The `.agents/skills` write is only reached by the explicit `shark super` command.
  • Network auth/API code targets StackSpot endpoints expected by this AI CLI.
  • No source evidence of credential exfiltration, stealth persistence, or remote payload loading.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 269 KB of source, external domains: cdn.tailwindcss.com, fonts.googleapis.com, genai-inference-app.stackspot.com, idm.stackspot.com, json-schema.org, primeradiant.com, unpkg.com

Source & flagged code

3 flagged · loading source
skills/brainstorming/scripts/server.cjsView file
1const crypto = require('crypto'); L2: const http = require('http'); L3: const fs = require('fs'); ... L12: function computeAcceptKey(clientKey) { L13: return crypto.createHash('sha1').update(clientKey + WS_MAGIC).digest('base64'); L14: } ... L84: L85: const PORT_FILE = process.env.BRAINSTORM_PORT_FILE || null; L86: const randomPort = () => 49152 + Math.floor(Math.random() * 16383); ... L195: try { sessionStorage.setItem('brainstorm-session-key', ${jsonKey}); } catch (e) {} L196: location.replace('/'); L197: </script>
Low
Weak Crypto

Package source references weak cryptographic algorithms.

skills/brainstorming/scripts/server.cjsView on unpkg · L1
skills/systematic-debugging/find-polluter.shView file
path = skills/systematic-debugging/find-polluter.sh kind = build_helper sizeBytes = 1528 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/systematic-debugging/find-polluter.shView on unpkg
dist/bin/shark.jsView file
matchType = previous_version_dangerous_delta matchedPackage = shark-ai@0.4.27 matchedIdentity = npm:c2hhcmstYWk:0.4.27 similarity = 0.444 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bin/shark.jsView on unpkg

Findings

1 High4 Medium6 Low
HighPrevious Version Dangerous Deltadist/bin/shark.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/systematic-debugging/find-polluter.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptoskills/brainstorming/scripts/server.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings