registry  /  spexcode  /  0.2.5

spexcode@0.2.5

SpexCode — a spec-driven, self-developing dev tool. The `spex` CLI + spec server reads the .spec tree and its git history, and serves the dashboard.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `spex init`/materialization workflow can modify a target repository's Git hooks and AI-agent integration files. This is first-party tooling behavior, not an install-time mutation.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `spex init` or `spex materialize` in a Git repository.
Impact
Can influence configured Claude/Codex agent workflows and commit-time behavior within the opted-in project.
Mechanism
User-invoked agent harness, contract, trust, and Git-hook setup.
Rationale
Source inspection does not support the scanner's malicious block verdict: install-time behavior is limited to chmod on a dependency helper. The package nevertheless has explicit user-invoked AI-agent lifecycle and Git-hook setup with trust-related wiring, so it warrants a warning under the stated policy.
Evidence
package.jsonspec-cli/bin/spex.mjsspec-cli/src/init.tsspec-cli/src/materialize.tsspec-cli/src/harness.tsspec-cli/src/uninstall.tsspec-forge/src/drivers/gitlab.ts.spec/spexcode.json.git/hooks/pre-commit.git/hooks/prepare-commit-msgAGENTS.mdCLAUDE.md.claude/.codex/

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `spex init` explicitly seeds project `.spec/` and `spexcode.json`.
  • `spec-cli/src/init.ts` installs Git hooks when the user runs `spex init`.
  • `spec-cli/src/materialize.ts` renders managed `AGENTS.md`/`CLAUDE.md` blocks and `.claude`/`.codex` harness artifacts.
  • `spec-cli/src/harness.ts` contains Codex hook-trust/bypass lifecycle setup.
  • `spec-forge/src/drivers/gitlab.ts` reads a GitLab token and sends authenticated requests to the user remote.
Evidence against
  • `postinstall` only chmods dependency `node-pty` prebuilt `spawn-helper` files.
  • No lifecycle script writes agent configuration, hooks, credentials, or network payloads.
  • `spec-cli/bin/spex.mjs` starts the package CLI through Node without a shell.
  • Observed local server/client URLs are loopback; GitLab access is activated by explicit forge use and derives its host from Git origin.
  • No confirmed credential exfiltration, remote code loading, destructive action, or stealth persistence.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 72 file(s), 1.79 MB of source, external domains: 127.0.0.1, pro.reactflow.dev, reactflow.dev, reactjs.org, www.w3.org

Source & flagged code

8 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "try{require('fs').readdirSync('node_modules/node-pty/prebuilds').forEach(d=>{try{require('fs').chmodSync('node_modules/node-pty/prebuilds/'+d+'/spawn-helper',0o755)}catch{...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('fs').readdirSync('node_modules/node-pty/prebuilds').forEach(d=>{try{require('fs').chmodSync('node_modules/node-pty/prebuilds/'+d+'/spawn-helper',0o755)}catch{...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
spec-yatsu/src/scenariofresh.tsView file
1import { spawn } from 'node:child_process' L2: import { git, gitA, headSha } from '../../spec-cli/src/git.js'
High
Child Process

Package source references child process execution.

spec-yatsu/src/scenariofresh.tsView on unpkg · L1
spec-cli/src/contract-filter.tsView file
93const filterCmd = (shim: string, mode: 'smudge' | 'clean') => L94: `sh -c 'test -r "$0" && exec bash "$0" ${mode} || exec cat' '${shim.replace(/'/g, `'\\''`)}'` L95:
High
Shell

Package source references shell execution.

spec-cli/src/contract-filter.tsView on unpkg · L93
spec-cli/src/boardDelta.tsView file
1import { createHash } from 'node:crypto' L2:
Low
Weak Crypto

Package source references weak cryptographic algorithms.

spec-cli/src/boardDelta.tsView on unpkg · L1
spec-forge/src/drivers/gitlab.tsView file
4// @@@gitlab context — resolved once, lazily, from the repo the command runs in. L5: // base + project come from `git remote get-url origin` (https://host/group/proj.git and L6: // git@host:group/proj.git forms both collapse to { base: https://host, project: group/proj }); ... L13: if (ctx) return ctx L14: const remote = execFileSync('git', ['remote', 'get-url', 'origin'], { encoding: 'utf8' }).trim() L15: const parsed = parseRemote(remote) L16: if (!parsed) throw new Error(`gitlab: cannot parse origin remote '${remote}' as a GitLab URL`) L17: const token = process.env.GITLAB_TOKEN || credentialToken(parsed.host) L18: if (!token) {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

spec-forge/src/drivers/gitlab.tsView on unpkg · L4
spec-cli/hooks/harness.shView file
path = spec-cli/hooks/harness.sh kind = build_helper sizeBytes = 13253 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

spec-cli/hooks/harness.shView on unpkg
spec-cli/templates/spec/project/.config/core/idle/idle.shView file
path = spec-cli/templates/spec/project/.config/core/idle/idle.sh kind = payload_in_excluded_dir sizeBytes = 1163 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

spec-cli/templates/spec/project/.config/core/idle/idle.shView on unpkg

Findings

1 Critical5 High4 Medium7 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processspec-yatsu/src/scenariofresh.ts
HighShellspec-cli/src/contract-filter.ts
HighSame File Env Network Executionspec-forge/src/drivers/gitlab.ts
HighPayload In Excluded Dirspec-cli/templates/spec/project/.config/core/idle/idle.sh
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperspec-cli/hooks/harness.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowWeak Cryptospec-cli/src/boardDelta.ts
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings