registry  /  shark-ai  /  0.4.29

shark-ai@0.4.29

Shark AI: AI-Native Collaborative Development Tool powered by StackSpot AI and BMAD Method

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No install-time execution or confirmed unconsented attack chain is present. The CLI provides user-invoked AI coding capabilities, including approved shell and project-file actions.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `shark dev` and approves an agent action, or explicitly enables its automatic mode.
Impact
Expected developer-agent capability; no stealth persistence, credential harvesting, or foreign AI-agent control-surface mutation confirmed.
Mechanism
Interactive AI CLI sends prompts to configured providers and can modify project files or execute shell commands after user-selected execution.
Rationale
Static inspection shows a user-invoked AI development CLI with intentional shell and file-edit functions, normally confirmation-gated. There is no install-time hook, hidden exfiltration path, or confirmed malicious behavior.
Evidence
package.jsondist/index.jsdist/bin/shark.jsdist/chunk-QSDS6XH6.jsdist/chunk-ULZAUMWS.jsskills/systematic-debugging/find-polluter.sh
Network endpoints3
genai-inference-app.stackspot.comidm.stackspot.com/${realm}/oidc/oauth/tokenlocalhost:11434/v1

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no preinstall/install/postinstall lifecycle hook; only publish-time scripts.
    • `dist/index.js` only registers login/config commands on import; the full CLI runs through the user-invoked `shark` bin.
    • `dist/bin/shark.js` gates model-requested file mutation and shell commands behind interactive approval unless `--auto` is explicitly selected.
    • Credential storage is limited to Shark's own `~/.shark/credentials.json` with mode 0600 in `dist/chunk-QSDS6XH6.js`.
    • Network requests target configured AI providers and StackSpot auth/inference endpoints during user CLI actions.
    • `skills/systematic-debugging/find-polluter.sh` is a test helper, not referenced by npm lifecycle scripts.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 10 file(s), 283 KB of source, external domains: cdn.tailwindcss.com, fonts.googleapis.com, genai-inference-app.stackspot.com, idm.stackspot.com, json-schema.org, primeradiant.com, unpkg.com

    Source & flagged code

    3 flagged · loading source
    skills/brainstorming/scripts/server.cjsView file
    1const crypto = require('crypto'); L2: const http = require('http'); L3: const fs = require('fs'); ... L12: function computeAcceptKey(clientKey) { L13: return crypto.createHash('sha1').update(clientKey + WS_MAGIC).digest('base64'); L14: } ... L84: L85: const PORT_FILE = process.env.BRAINSTORM_PORT_FILE || null; L86: const randomPort = () => 49152 + Math.floor(Math.random() * 16383); ... L195: try { sessionStorage.setItem('brainstorm-session-key', ${jsonKey}); } catch (e) {} L196: location.replace('/'); L197: </script>
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    skills/brainstorming/scripts/server.cjsView on unpkg · L1
    skills/systematic-debugging/find-polluter.shView file
    path = skills/systematic-debugging/find-polluter.sh kind = build_helper sizeBytes = 1528 magicHex = [redacted]
    Medium
    Ships Build Helper

    Package ships non-JavaScript build or shell helper files.

    skills/systematic-debugging/find-polluter.shView on unpkg
    dist/bin/shark.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = shark-ai@0.4.28 matchedIdentity = npm:c2hhcmstYWk:0.4.28 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/bin/shark.jsView on unpkg

    Findings

    1 High4 Medium6 Low
    HighPrevious Version Dangerous Deltadist/bin/shark.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Build Helperskills/systematic-debugging/find-polluter.sh
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowWeak Cryptoskills/brainstorming/scripts/server.cjs
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings