AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `spec-cli/src/init.ts` explicitly invokes `materialize` after `spex init`.
- `spec-cli/src/harness.ts` defines project `.claude/settings.json` and `.codex/hooks.json` shims.
- `spec-cli/src/materialize.ts` writes managed hook/contract artifacts for supported agent harnesses.
- `spec-cli/hooks/dispatch.sh` executes configured project hook handlers on agent lifecycle events.
- `spec-forge/src/drivers/gitlab.ts` reads `GITLAB_TOKEN` or git credentials for GitLab API requests.
- `package.json` postinstall only chmods `node-pty`'s local `spawn-helper`; it does not alter agent configuration.
- Agent-control writes occur through explicit `spex init`/materialize paths, not npm install.
- `spec-cli/bin/spex.mjs` spawns the package's resolved `tsx` CLI shell-free.
- GitLab requests target the repository origin-derived host, not a hard-coded collection endpoint.
- No inspected source showed credential exfiltration, remote payload loading, stealth persistence, or destructive commands.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
spec-yatsu/src/scenariofresh.tsView on unpkg · L1Package source references weak cryptographic algorithms.
spec-cli/src/boardDelta.tsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
spec-forge/src/drivers/gitlab.tsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
spec-cli/hooks/harness.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
spec-cli/templates/spec/project/.config/core/idle/idle.shView on unpkg