registry  /  shark-ai  /  0.4.32

shark-ai@0.4.32

Shark AI: AI-Native Collaborative Development Tool powered by StackSpot AI and BMAD Method

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious or install-time attack surface. This is an explicit AI developer CLI that sends user task/context to configured AI providers and can perform user-approved project actions. Its optional skill installer is user-command-only.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `shark dev`, `shark super`, or the shipped brainstorming helper.
Impact
User-approved or `--auto` AI actions may execute shell commands or modify project files; no stealth persistence or exfiltration chain was found.
Mechanism
Opt-in remote AI workflow, local project automation, and bundled skill installation.
Rationale
Source inspection shows a package-aligned, explicitly invoked AI coding CLI rather than malware. Powerful shell/file and skill-install features are disclosed by commands and are not triggered during npm installation.
Evidence
package.jsondist/bin/shark.jsdist/chunk-QSDS6XH6.jsdist/chunk-ULZAUMWS.jsskills/brainstorming/scripts/server.cjsskills/writing-skills/render-graphs.jsskills/systematic-debugging/find-polluter.sh
Network endpoints3
genai-inference-app.stackspot.comidm.stackspot.comlocalhost:11434/v1

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/bin/shark.js` runs model-proposed shell commands only through explicit `shark dev`; `--auto` suppresses prompts.
  • `dist/bin/shark.js` `super --local` replaces `.agents/skills` only when the user explicitly invokes it.
  • `skills/brainstorming/scripts/server.cjs` is a local HTTP/WebSocket companion with configurable non-loopback binding.
Evidence against
  • `package.json` contains no `preinstall`, `install`, or `postinstall` hook.
  • `dist/bin/shark.js` normally prompts before agent-directed create, modify, delete, and shell actions.
  • Network calls target the advertised StackSpot/OpenAI-compatible provider paths; no unrelated exfiltration endpoint was found.
  • Credential storage in `dist/chunk-QSDS6XH6.js` is scoped to `~/.shark-ai/credentials.json` with owner-only permissions.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 283 KB of source, external domains: cdn.tailwindcss.com, fonts.googleapis.com, genai-inference-app.stackspot.com, idm.stackspot.com, json-schema.org, primeradiant.com, unpkg.com

Source & flagged code

3 flagged · loading source
skills/brainstorming/scripts/server.cjsView file
1const crypto = require('crypto'); L2: const http = require('http'); L3: const fs = require('fs'); ... L12: function computeAcceptKey(clientKey) { L13: return crypto.createHash('sha1').update(clientKey + WS_MAGIC).digest('base64'); L14: } ... L84: L85: const PORT_FILE = process.env.BRAINSTORM_PORT_FILE || null; L86: const randomPort = () => 49152 + Math.floor(Math.random() * 16383); ... L195: try { sessionStorage.setItem('brainstorm-session-key', ${jsonKey}); } catch (e) {} L196: location.replace('/'); L197: </script>
Low
Weak Crypto

Package source references weak cryptographic algorithms.

skills/brainstorming/scripts/server.cjsView on unpkg · L1
skills/systematic-debugging/find-polluter.shView file
path = skills/systematic-debugging/find-polluter.sh kind = build_helper sizeBytes = 1528 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skills/systematic-debugging/find-polluter.shView on unpkg
dist/bin/shark.jsView file
matchType = previous_version_dangerous_delta matchedPackage = shark-ai@0.4.31 matchedIdentity = npm:c2hhcmstYWk:0.4.31 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bin/shark.jsView on unpkg

Findings

1 High4 Medium6 Low
HighPrevious Version Dangerous Deltadist/bin/shark.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperskills/systematic-debugging/find-polluter.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptoskills/brainstorming/scripts/server.cjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings