AI Security Review
scanned 1d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `spex init`/materialization workflow can modify a target repository's Git hooks and AI-agent integration files. This is first-party tooling behavior, not an install-time mutation.
Decision evidence
public snapshot- `spex init` explicitly seeds project `.spec/` and `spexcode.json`.
- `spec-cli/src/init.ts` installs Git hooks when the user runs `spex init`.
- `spec-cli/src/materialize.ts` renders managed `AGENTS.md`/`CLAUDE.md` blocks and `.claude`/`.codex` harness artifacts.
- `spec-cli/src/harness.ts` contains Codex hook-trust/bypass lifecycle setup.
- `spec-forge/src/drivers/gitlab.ts` reads a GitLab token and sends authenticated requests to the user remote.
- `postinstall` only chmods dependency `node-pty` prebuilt `spawn-helper` files.
- No lifecycle script writes agent configuration, hooks, credentials, or network payloads.
- `spec-cli/bin/spex.mjs` starts the package CLI through Node without a shell.
- Observed local server/client URLs are loopback; GitLab access is activated by explicit forge use and derives its host from Git origin.
- No confirmed credential exfiltration, remote code loading, destructive action, or stealth persistence.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
spec-yatsu/src/scenariofresh.tsView on unpkg · L1Package source references weak cryptographic algorithms.
spec-cli/src/boardDelta.tsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
spec-forge/src/drivers/gitlab.tsView on unpkg · L4Package ships non-JavaScript build or shell helper files.
spec-cli/hooks/harness.shView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
spec-cli/templates/spec/project/.config/core/idle/idle.shView on unpkg