AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an MCP/AI-agent extension installer that can write first-party Specky hooks, prompts, skills, and MCP registrations into a workspace when the user runs specky init/install. No install-time execution, credential harvesting, destructive behavior, or unconsented broad agent control-surface mutation was found.
Decision evidence
public snapshot- dist/cli/commands/init.js copies assets into .claude/ and .github/ on explicit specky init/install
- dist/cli/lib/settings-merger.js merges Claude hooks and permissions including Bash(git:*), Bash(npm:*), Bash(npx:*)
- dist/cli/lib/mcp-writer.js writes .mcp.json/.vscode/mcp.json to run npx -y specky-sdd@3.7.0 serve
- dist/cli/lib/update-check.js performs an optional GET to registry.npmjs.org after selected CLI commands
- package.json has no preinstall/install/postinstall lifecycle hooks
- dist/cli/index.js only runs setup commands when user invokes install/init; legacy no-arg specky-sdd routes to serve
- Hook scripts inspected are Specky workflow gates/scanners; no credential exfiltration or remote payload fetch observed
- HTTP server in dist/index.js binds 127.0.0.1 by default and supports optional bearer auth
- MCP registration pins specky-sdd@3.7.0 rather than @latest
- Update check is opt-out/cached/fail-silent and limited to npm registry latest version lookup
Source & flagged code
3 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.apm/hooks/scripts/release-gate.shView on unpkgPackage ships non-JavaScript build or shell helper files.
.apm/hooks/scripts/release-gate.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/services/doc-generator.jsView on unpkg