registry  /  spec-first  /  1.12.1

spec-first@1.12.1

AI Coding Harness for Claude Code and Codex — turns one-off AI coding chats into a repo-backed, verifiable engineering loop for spec-driven development. Scripts prepare facts; LLMs decide; evidence stays in your repo.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The main risk is explicit, first-party agent extension setup that writes managed hooks and workflow assets for Claude/Codex.

Static reason
No blocking static signals were detected.
Trigger
User runs `spec-first init` or installed SessionStart hook runs in configured project
Impact
Adds spec-first workflow guidance and optional update reminder to configured agent runtime; no evidence of theft or payload execution.
Mechanism
first-party managed AI-agent runtime hook and workflow asset installation
Rationale
Source inspection shows an agent workflow setup CLI with explicit managed hook writes and package-aligned update checks, but no automatic install-time mutation, exfiltration, destructive behavior, or remote code loading. Per policy, first-party agent extension lifecycle setup is warning-level rather than a publish block.
Evidence
package.jsonbin/spec-first.jssrc/cli/commands/init.jssrc/cli/adapters/codex.jssrc/cli/adapters/claude.jssrc/cli/version-reminder.jstemplates/codex/hooks/session-starttemplates/claude/hooks/session-starttemplates/codex/hooks/session-start.cmd.claude/hooks/session-start.claude/hooks/spec-plan-guard.claude/hooks/prd-prewrite-guard.claude/hooks/prd-readiness-guard.claude/settings.json.codex/hooks/session-start.codex/hooks/session-start.cmd.codex/hooks.jsonAGENTS.mdCLAUDE.md.agents/skills/**.codex/agents/**.claude/skills/**.claude/agents/**
Network endpoints2
raw.githubusercontent.com/sunrain520/spec-first/main/package.jsonregistry.npmjs.org/<package>/latest

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • Explicit `spec-first init` can install first-party Claude/Codex runtime hooks and agent/skill assets under `.claude`, `.codex`, `.agents`.
  • `templates/*/hooks/session-start` run on agent SessionStart and inject spec-first workflow guidance into host context.
  • Startup reminder performs bounded package-aligned version checks to GitHub/npm endpoints.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle scripts.
  • `bin/spec-first.js` only checks Node version and dispatches CLI commands; no import-time payload beyond CLI invocation.
  • Hook setup is explicit user-command behavior, not automatic npm install mutation.
  • No credential harvesting, broad file exfiltration, destructive action, or remote payload execution found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 137 file(s), 1.33 MB of source, external domains: github.com, raw.githubusercontent.com, registry.npmjs.org

Source & flagged code

2 flagged · loading source
bin/spec-first.jsView file
4(function () { L5: const { ensureSupportedNodeVersion } = require('../src/cli/node-version'); L6:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/spec-first.jsView on unpkg · L4
templates/codex/hooks/session-start.cmdView file
path = templates/codex/hooks/session-start.cmd kind = build_helper sizeBytes = 92 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

templates/codex/hooks/session-start.cmdView on unpkg

Findings

5 Medium5 Low
MediumDynamic Requirebin/spec-first.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpertemplates/codex/hooks/session-start.cmd
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings