AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious behavior, but the package provides explicit first-party AI-agent extension setup. Running init/install mutates Claude/Copilot hook and MCP config surfaces in the current workspace.
Decision evidence
public snapshot- dist/cli/commands/init.js user-invoked install/init writes Claude/Copilot agent assets and MCP registrations
- dist/cli/lib/settings-merger.js merges hooks and permissions into .claude/settings.json
- dist/cli/lib/asset-copier.js chmods copied hook scripts executable and installs them under .claude or .github hooks
- dist/cli/lib/mcp-writer.js registers npx -y specky-sdd@3.5.0 serve in MCP config
- package.json has no preinstall/install/postinstall lifecycle scripts
- dist/cli/index.js dispatches commands only when the bin is run; no import-time install mutation
- Hook scripts inspected are pipeline validators/checks; no credential exfiltration or remote payload fetch found
- HTTP server defaults to 127.0.0.1 and warns when non-loopback lacks auth
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.apm/hooks/scripts/release-gate.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.apm/hooks/scripts/release-gate.shView on unpkg