registry  /  specky-sdd  /  3.7.0

specky-sdd@3.7.0

Specky — Spec-Driven Development CLI toolkit. 58 MCP tools, 13 agents, 22 prompts, 8 skills, 16 hooks. Unified `specky` CLI installs to Claude Code or GitHub Copilot on macOS, Linux, and Windows.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an MCP/AI-agent extension installer that can write first-party Specky hooks, prompts, skills, and MCP registrations into a workspace when the user runs specky init/install. No install-time execution, credential harvesting, destructive behavior, or unconsented broad agent control-surface mutation was found.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit user CLI command: specky init/install, or runtime specky serve
Impact
Workspace AI-agent configuration and Specky hook scripts are installed by user command; residual lifecycle risk is bounded to package-aligned behavior.
Mechanism
first-party agent extension setup and local MCP server
Rationale
Source inspection shows explicit-user-command installation of first-party Specky agent/MCP assets and hooks, not npm lifecycle abuse or covert execution. Because it mutates AI-agent configuration and hook surfaces, it merits a warning under the lifecycle-risk policy rather than a publish block.
Evidence
package.jsondist/cli/index.jsdist/index.jsdist/cli/commands/init.jsdist/cli/lib/asset-copier.jsdist/cli/lib/settings-merger.jsdist/cli/lib/mcp-writer.jsdist/cli/lib/update-check.js.apm/hooks/scripts/release-gate.sh.apm/hooks/scripts/security-scan.sh.claude/.github/.mcp.json.vscode/mcp.json.vscode/settings.json.specky/config.yml.specky/install.json.specky/install.lock.gitignore
Network endpoints4
registry.npmjs.org/specky-sdd/latestgetspecky.airaw.githubusercontent.com/paulasilvatech/specky/main/media/specky-brand-icon.svgraw.githubusercontent.com/paulasilvatech/specky/main/media/specky-icon-128.png

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/cli/commands/init.js copies assets into .claude/ and .github/ on explicit specky init/install
  • dist/cli/lib/settings-merger.js merges Claude hooks and permissions including Bash(git:*), Bash(npm:*), Bash(npx:*)
  • dist/cli/lib/mcp-writer.js writes .mcp.json/.vscode/mcp.json to run npx -y specky-sdd@3.7.0 serve
  • dist/cli/lib/update-check.js performs an optional GET to registry.npmjs.org after selected CLI commands
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • dist/cli/index.js only runs setup commands when user invokes install/init; legacy no-arg specky-sdd routes to serve
  • Hook scripts inspected are Specky workflow gates/scanners; no credential exfiltration or remote payload fetch observed
  • HTTP server in dist/index.js binds 127.0.0.1 by default and supports optional bearer auth
  • MCP registration pins specky-sdd@3.7.0 rather than @latest
  • Update check is opt-out/cached/fail-silent and limited to npm registry latest version lookup
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 94 file(s), 846 KB of source, external domains: 127.0.0.1, api.githubcopilot.com, astral.sh, getspecky.ai, github.com, id.atlassian.com, mcp.miro.com, raw.githubusercontent.com, registry.npmjs.org, www.docker.com

Source & flagged code

3 flagged · loading source
.apm/hooks/scripts/release-gate.shView file
path = .apm/hooks/scripts/release-gate.sh kind = payload_in_excluded_dir sizeBytes = 2167 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

.apm/hooks/scripts/release-gate.shView on unpkg
path = .apm/hooks/scripts/release-gate.sh kind = build_helper sizeBytes = 2167 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

.apm/hooks/scripts/release-gate.shView on unpkg
dist/services/doc-generator.jsView file
matchType = previous_version_dangerous_delta matchedPackage = specky-sdd@3.5.0 matchedIdentity = npm:c3BlY2t5LXNkZA:3.5.0 similarity = 0.750 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/services/doc-generator.jsView on unpkg

Findings

2 High4 Medium4 Low
HighPayload In Excluded Dir.apm/hooks/scripts/release-gate.sh
HighPrevious Version Dangerous Deltadist/services/doc-generator.js
MediumDynamic Require
MediumEnvironment Vars
MediumShips Build Helper.apm/hooks/scripts/release-gate.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings