Is specialist-agent safe to install?

specialist-agent was flagged as CRITICAL RISK (risk score 271) with 16 findings detected across 290 files. Review the findings before installing.

What security issues were found in specialist-agent?

Sigil detected 16 findings in specialist-agent, including patterns related to install_hooks, network_exfil, code_patterns. See the full scan report for details.

Scans/npm/specialist-agent

specialist-agent

npm

Summary

specialist-agent v2.12.0 was classified as CRITICAL RISK with a risk score of 271. Sigil detected 16 findings across 290 files, covering phases including install hooks, network exfiltration, code patterns. Review the findings below before installing this package.

CRITICAL RISK(271)

v2.12.0

21 March 2026, 20:00 UTC

by Sigil Bot

Risk Score

271

Findings

Files Scanned

290

Provenance

Registry

https://www.npmjs.com/package/specialist-agent/v/2.12.0

Scanned From

https://registry.npmjs.org/specialist-agent/-/specialist-agent-2.12.0.tgz

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

package/.claude-plugin/plugin.json:35

    "command": "npx specialist-agent init",
    "postInstall": "Select your framework pack when prompted"
  }

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

package/.cursor-plugin/plugin.json:35

    "command": "npx specialist-agent init",
    "postInstall": "Select your framework pack when prompted"
  }

Why was this flagged?

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/agents/sentry-triage.md:34

> - `brew install getsentry/tools/sentry-cli` (macOS)
> - `curl -sL https://sentry.io/get-cli/ | bash` (Linux)
>

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/npm/specialist-agent)](https://sigilsec.ai/scans/18F24F23-31C6-4BF7-B159-46563D6C8655)

HTML

<a href="https://sigilsec.ai/scans/18F24F23-31C6-4BF7-B159-46563D6C8655"><img src="https://sigilsec.ai/badge/npm/specialist-agent" alt="Sigil Scan"></a>

Run This Scan Yourself