AI Security Review
scanned 3h ago · by lpm-firewall-aiNo install-time execution or confirmed unconsented attack chain is present. The CLI provides user-invoked AI coding capabilities, including approved shell and project-file actions.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `shark dev` and approves an agent action, or explicitly enables its automatic mode.
Impact
Expected developer-agent capability; no stealth persistence, credential harvesting, or foreign AI-agent control-surface mutation confirmed.
Mechanism
Interactive AI CLI sends prompts to configured providers and can modify project files or execute shell commands after user-selected execution.
Rationale
Static inspection shows a user-invoked AI development CLI with intentional shell and file-edit functions, normally confirmation-gated. There is no install-time hook, hidden exfiltration path, or confirmed malicious behavior.
Evidence
package.jsondist/index.jsdist/bin/shark.jsdist/chunk-QSDS6XH6.jsdist/chunk-ULZAUMWS.jsskills/systematic-debugging/find-polluter.sh
Network endpoints3
genai-inference-app.stackspot.comidm.stackspot.com/${realm}/oidc/oauth/tokenlocalhost:11434/v1
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook; only publish-time scripts.
- `dist/index.js` only registers login/config commands on import; the full CLI runs through the user-invoked `shark` bin.
- `dist/bin/shark.js` gates model-requested file mutation and shell commands behind interactive approval unless `--auto` is explicitly selected.
- Credential storage is limited to Shark's own `~/.shark/credentials.json` with mode 0600 in `dist/chunk-QSDS6XH6.js`.
- Network requests target configured AI providers and StackSpot auth/inference endpoints during user CLI actions.
- `skills/systematic-debugging/find-polluter.sh` is a test helper, not referenced by npm lifecycle scripts.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourceskills/brainstorming/scripts/server.cjsView file
1const crypto = require('crypto');
L2: const http = require('http');
L3: const fs = require('fs');
...
L12: function computeAcceptKey(clientKey) {
L13: return crypto.createHash('sha1').update(clientKey + WS_MAGIC).digest('base64');
L14: }
...
L84:
L85: const PORT_FILE = process.env.BRAINSTORM_PORT_FILE || null;
L86: const randomPort = () => 49152 + Math.floor(Math.random() * 16383);
...
L195: try { sessionStorage.setItem('brainstorm-session-key', ${jsonKey}); } catch (e) {}
L196: location.replace('/');
L197: </script>
Low
Weak Crypto
Package source references weak cryptographic algorithms.
skills/brainstorming/scripts/server.cjsView on unpkg · L1skills/systematic-debugging/find-polluter.shView file
•path = skills/systematic-debugging/find-polluter.sh
kind = build_helper
sizeBytes = 1528
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
skills/systematic-debugging/find-polluter.shView on unpkgdist/bin/shark.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = shark-ai@0.4.28
matchedIdentity = npm:c2hhcmstYWk:0.4.28
similarity = 0.800
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/bin/shark.jsView on unpkgFindings
1 High4 Medium6 Low
HighPrevious Version Dangerous Deltadist/bin/shark.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/systematic-debugging/find-polluter.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptoskills/brainstorming/scripts/server.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings