registry  /  unspaghettit  /  0.10.1

unspaghettit@0.10.1

Executable specifications for AI-assisted software development. Local-first and MCP-native.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack surface was confirmed. An explicit user command can register this package's MCP server in AI-client configuration, causing that server to run when the configured client starts.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `unspa init` and selects or accepts AI-client registration.
Impact
Selected AI clients may launch the package's local MCP server in later sessions; no exfiltration or remote payload execution was confirmed.
Mechanism
First-party MCP server registration plus local project/skill scaffolding.
Rationale
The package is not malicious by source inspection, but its explicit CLI command configures broad AI-agent control surfaces and installs packaged agent skills. Per policy, this warrants a warning rather than a publish block.
Evidence
package.jsoncli/commands/init.tscli/clients/claude-code.tsmcp-server/bin.cjssrc/features/update-check/infrastructure/NpmRegistryVersionSource.tsbuild/client/_app/immutable/chunks/DNzq6p3w2.js
Network endpoints1
registry.npmjs.org

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `unspa init` merges an `unspaghettit` MCP entry into selected AI-client configs.
  • The generated MCP entry launches `mcp-server/bin.cjs` via Node on future client starts.
  • The runtime performs a public update check against npm and caches its result.
  • Bundled skill/context installation can modify the current project when `init` is invoked.
Evidence against
  • `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook exists.
  • AI-client config mutation is confined to the explicit `unspa init` command and supports detected/selected clients.
  • No source-side `eval`, `vm`, native binary loading, credential harvesting, or arbitrary shell execution was found.
  • The flagged bundle contains one U+200B character; source files contain no bidi controls and no hidden execution chain was established.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
CopyleftLicense
scanned 819 file(s), 9.81 MB of source, external domains: 127.0.0.1, 192.168.1.10, api.mapbox.com, api.stripe.com, chevrotain.io, commentanalyzer.googleapis.com, datatracker.ietf.org, en.wikipedia.org, example.com, fonts.googleapis.com, fonts.gstatic.com, github.com, langium.org, lyriks.io, my.site, npmjs.com, registry.npmjs.org, svelte.dev, unspaghettit.dev, www.w3.org

Source & flagged code

4 flagged · loading source
mcp-server/bin.cjsView file
6// `Module._resolveFilename` ourselves. L7: const path = require('path'); L8: process.env.TSX_TSCONFIG_PATH ||= path.join(__dirname, '..', 'tsconfig.runtime.json');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

mcp-server/bin.cjsView on unpkg · L6
build/client/_app/immutable/chunks/DNzq6p3w2.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Da(e){let t=typeof e==`string`?new RegExp(e):e;return Ea.some(e=>t.test(e))}o(Da,`isWhitespace`);function Oa(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(Oa,`escapeReg
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

build/client/_app/immutable/chunks/DNzq6p3w2.jsView on unpkg · L46
build/client/lyriks_logo.svg.gzView file
path = build/client/lyriks_logo.svg.gz kind = compressed_blob sizeBytes = 1391 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

build/client/lyriks_logo.svg.gzView on unpkg
build/client/_app/immutable/nodes/4.ClVWSTyD.js.brView file
path = build/client/_app/immutable/nodes/4.ClVWSTyD.js.br kind = high_entropy_blob sizeBytes = 4780 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

build/client/_app/immutable/nodes/4.ClVWSTyD.js.brView on unpkg

Findings

1 Critical1 High6 Medium7 Low
CriticalTrojan Source Unicodebuild/client/_app/immutable/chunks/DNzq6p3w2.js
HighShips High Entropy Blobbuild/client/_app/immutable/nodes/4.ClVWSTyD.js.br
MediumDynamic Requiremcp-server/bin.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Compressed Blobbuild/client/lyriks_logo.svg.gz
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License