AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The main risk is explicit user-command installation of first-party AI-agent hooks and MCP registrations into the current workspace.
Decision evidence
public snapshot- dist/cli/commands/init.js writes Specky assets/config into workspace .claude, .github, .vscode, .mcp.json, and .specky on explicit specky init.
- dist/cli/lib/settings-merger.js merges Claude Code hooks and permissions into .claude/settings.json.
- dist/claude-hooks.json and dist/copilot-hooks.json configure shell hooks for Specky MCP/tool lifecycle events.
- .apm/hooks/scripts/security-scan.sh can run npm audit during configured hook execution.
- dist/cli/lib/update-check.js performs optional once-daily GET to npm registry after selected CLI commands.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Agent/config mutation is activated by explicit user CLI commands, not npm install/import-time execution.
- dist/index.js defaults HTTP MCP server to 127.0.0.1 and supports bearer-token auth for /mcp.
- dist/services/file-manager.js rejects absolute paths and traversal for MCP file operations.
- No credential harvesting or exfiltration logic found in inspected entrypoints/hooks.
- Shell scripts are package-aligned validation/gating hooks, not stealth persistence or payload downloaders.
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.apm/hooks/scripts/release-gate.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.apm/hooks/scripts/release-gate.shView on unpkg