registry  /  specability  /  0.1.3

specability@0.1.3

Free local coding-agent harness distributed as Specability Core.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

The npm package is a thin postinstall downloader/launcher for an external native binary. Source inspection shows no confirmed malicious JS behavior, but the installed executable is fetched at install time rather than shipped in the package.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install/postinstall, then user runs specability
Impact
External binary code is introduced into the npm install outside registry tarball contents; no confirmed exfiltration or persistence in reviewed source.
Mechanism
postinstall downloads, verifies, extracts, copies, and later executes a GitHub release binary
Attack narrative
On npm install, postinstall contacts the SpecabilityAI GitHub releases API, downloads a platform archive plus checksums.txt, verifies the archive hash from that release metadata, extracts it with tar or PowerShell, copies the native binary into npm/bin, and the package bin wrapper later executes it. The reviewed JS does not automatically install AI-agent hooks or exfiltrate data, but it acts as an external binary carrier.
Rationale
The suspicious primitives are mostly aligned with a binary CLI installer, and no concrete malicious behavior appears in the reviewed package source. Because install-time external binary download/execution remains a real unresolved trust risk, a warn verdict is more appropriate than clean or block.
Evidence
package.jsonnpm/install.jsnpm/bin/specability.jsREADME.mddocs/install.mddocs/verify.mdnpm/bin/specabilitynpm/bin/specability.exetemporary directory under os.tmpdir()/specability-npm-*
Network endpoints5
api.github.com/repos/SpecabilityAI/specability-core/releases/tags/<version>api.github.com/repos/SpecabilityAI/specability-core/releasesasset.browser_download_url from GitHub releasechecksums.browser_download_url from GitHub releasegithub.com/SpecabilityAI/specability-core/releases

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node npm/install.js
  • npm/install.js downloads a platform archive and checksums.txt from GitHub release URLs
  • npm/install.js extracts the archive and copies specability/specability.exe into npm/bin
  • npm/bin/specability.js executes the downloaded binary with user CLI args
Evidence against
  • No install-time hook writes to Codex/Claude/Gemini config found; hook install is only printed as a user command
  • No credential harvesting, source upload, or telemetry code found in package JS/docs
  • Archive SHA256 is checked against checksums.txt before copying
  • Network endpoints are package-aligned GitHub release/API locations
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 8.34 KB of source, external domains: api.github.com, github.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node npm/install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node npm/install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
npm/bin/specability.jsView file
1#!/usr/bin/env node L2: const { spawnSync } = require("node:child_process"); L3: const { existsSync } = require("node:fs");
High
Child Process

Package source references child process execution.

npm/bin/specability.jsView on unpkg · L1
npm/install.jsView file
4const { chmod, mkdtemp } = require("node:fs/promises"); L5: const { get } = require("node:https"); L6: const { tmpdir } = require("node:os"); L7: const { basename, join } = require("node:path"); L8: const { spawnSync } = require("node:child_process"); L9: L10: const repo = process.env.SPECABILITY_REPO || "SpecabilityAI/specability-core"; L11: const apiBase = process.env.GITHUB_API_URL || "https://api.github.com";
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

npm/install.jsView on unpkg · L4

Findings

3 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processnpm/bin/specability.js
HighSame File Env Network Executionnpm/install.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License