registry  /  unspaghettit  /  0.5.1

unspaghettit@0.5.1

Executable specifications for AI-assisted software development. Local-first and MCP-native.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a CLI, local dashboard, and MCP server that modifies project/AI-client config only when the user runs setup commands.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User invokes CLI commands such as `unspa init`, `unspa dashboard`, `unspa-mcp`, or `unspa uninstall`.
Impact
Creates or updates local Unspaghettit model/config files; no stealth install-time execution, credential theft, or external exfiltration found.
Mechanism
User-directed local MCP/dashboard setup and behavior-model persistence
Rationale
Static inspection shows potentially sensitive primitives are aligned with the advertised MCP/local-dashboard setup and are user-invoked, not lifecycle-triggered or covert. I found no source evidence of malware, credential/file harvesting, persistence, destructive behavior, dependency confusion, or external exfiltration.
Evidence
package.jsoncli/unspa.cjscli/unspaghettit.cjsmcp-server/bin.cjscli/commands/init.tscli/util/context-files.tscli/util/skills.tsmcp-server/bin.tsmcp-server/server.tscli/commands/dashboard.tscli/commands/uninstall.tsbuild/client/_app/immutable/chunks/DNzq6p3w2.js.mcp.jsonCLAUDE.mdAGENTS.md.claude/skillsunspa/~/.unspa-hub/unspa.unspa.json

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • User-invoked `unspa init` can write MCP entries and managed AI context/skill files via `cli/commands/init.ts`.
  • Dashboard/MCP code uses local WebSocket/fetch sync and filesystem persistence for package data.
Evidence against
  • `package.json` has no install/postinstall hook; `prepublishOnly` is publisher-side lint/build/test only.
  • Bin shims only register `tsx`, set package env vars, load aliases, and enter CLI/MCP source.
  • AI-client config/context writes are explicit `init` behavior with flags/prompts and bounded paths such as `.mcp.json`, `CLAUDE.md`, `AGENTS.md`, `.claude/skills`.
  • MCP server reads/writes Unspaghettit snapshot/model files and exposes local stdio tools; no credential harvesting or external exfiltration found.
  • `child_process` use is limited to dashboard/serve subprocesses and optional `npm uninstall -g` during `uninstall --global-uninstall`.
  • Scanner blob/Trojan-source hints map to built assets/compressed Svelte output; direct search found no bidi controls in the flagged JS file.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
CopyleftLicense
scanned 707 file(s), 8.71 MB of source, external domains: 127.0.0.1, 192.168.1.10, api.mapbox.com, api.stripe.com, chevrotain.io, commentanalyzer.googleapis.com, datatracker.ietf.org, en.wikipedia.org, example.com, fonts.googleapis.com, fonts.gstatic.com, github.com, langium.org, lyriks.io, my.site, npmjs.com, svelte.dev, unspaghettit.dev, www.w3.org

Source & flagged code

4 flagged · loading source
mcp-server/bin.cjsView file
6// `Module._resolveFilename` ourselves. L7: const path = require('path'); L8: process.env.TSX_TSCONFIG_PATH ||= path.join(__dirname, '..', 'tsconfig.runtime.json');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

mcp-server/bin.cjsView on unpkg · L6
build/client/_app/immutable/chunks/DNzq6p3w2.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Da(e){let t=typeof e==`string`?new RegExp(e):e;return Ea.some(e=>t.test(e))}o(Da,`isWhitespace`);function Oa(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(Oa,`escapeReg
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

build/client/_app/immutable/chunks/DNzq6p3w2.jsView on unpkg · L46
build/client/lyriks_logo.svg.gzView file
path = build/client/lyriks_logo.svg.gz kind = compressed_blob sizeBytes = 1391 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

build/client/lyriks_logo.svg.gzView on unpkg
build/client/_app/immutable/nodes/11.tGaCW3Gg.js.gzView file
path = build/client/_app/immutable/nodes/11.tGaCW3Gg.js.gz kind = high_entropy_blob sizeBytes = 9192 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

build/client/_app/immutable/nodes/11.tGaCW3Gg.js.gzView on unpkg

Findings

1 Critical1 High6 Medium7 Low
CriticalTrojan Source Unicodebuild/client/_app/immutable/chunks/DNzq6p3w2.js
HighShips High Entropy Blobbuild/client/_app/immutable/nodes/11.tGaCW3Gg.js.gz
MediumDynamic Requiremcp-server/bin.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Compressed Blobbuild/client/lyriks_logo.svg.gz
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License