AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an AI coding harness that explicitly installs first-party workflow assets and hooks into project-scoped Claude/Codex runtime paths when the user runs `spec-first init`.
Decision evidence
public snapshot- Explicit `spec-first init` plans writes to `.claude/settings.json`, `.claude/hooks/*`, `.codex/hooks.json`, `.codex/hooks/*`, `.agents/skills`, and `.codex/agents`.
- Generated SessionStart hooks execute bundled CLI `startup-reminder` and inject workflow guidance into Claude/Codex sessions.
- `src/cli/version-reminder.js` fetches latest version metadata from GitHub/raw npm registry during selected CLI commands/startup reminders.
- `package.json` has no preinstall/install/postinstall/prepare lifecycle scripts; install alone does not mutate agent control surfaces.
- CLI entry `bin/spec-first.js` only checks Node version then dispatches user-provided commands.
- Runtime control-surface writes are tied to explicit `spec-first init`/clean flows with preview/confirmation or `-y`, not import-time execution.
- Context-bundle child process use is limited to `git rev-parse --show-toplevel` and rejects outside-repo paths by realpath checks.
- No credential harvesting or exfiltration flow found in inspected entrypoints, helpers, or hook templates.
- Network endpoints are package-aligned version/help/update metadata, not arbitrary payload download/execute.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
bin/spec-first.jsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
templates/codex/hooks/session-start.cmdView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/cli/helpers/context-bundle.jsView on unpkg