Skip to content

v9.5.0 — Trust Boundary: 5 new agents + AIBOM & EU AI Act readiness

Choose a tag to compare

@asamassekou10 asamassekou10 released this 14 Jul 14:27
55a21ec

Ship Safe

The Trust Boundary release — five new agents for the attack surface that moved into the AI developer toolchain, plus an AI Bill of Materials and EU AI Act readiness.

npm 29 agents tests MIT


Why this release

Through the first half of 2026, the highest-velocity attacks stopped targeting production apps and moved into the AI developer toolchain itself — the coding agents, package registries, model hubs, and MCP servers teams now build with. Those are exactly the surfaces Ship Safe scans.

v9.5.0 grew coverage from 24 → 29 agents to meet the threats that are landing right now, and adds a compliance track timed to the EU AI Act high-risk deadline (Aug 2, 2026).


New agents

Agent Threat it closes Key rules
🧠 ModelScanAgent ML model supply chain — pickle weights execute on load; malware evades even Hugging Face's PickleScan (which carries CVSS-9.3 CVEs) Code-execution payloads in .pkl/.pt/.ckpt, torch.load without weights_only, 7z/RAR scanner-evasion
🔗 TrustBoundaryAgent GhostApproval + Friendly Fire — a malicious repo weaponizes the coding agent's own trust boundary Symlinks into ~/.ssh/~/.aws/.env, symlinks escaping the repo, curl|bash / run-on-review instructions in agent-read docs
📦 SlopSquatAgent Slopsquatting — attackers register package names LLMs reliably hallucinate Imports that are neither declared, installed, nor a builtin; known-hallucinated names
🎣 ClickFixAgent ClickFix (~517% surge) — fake-error "paste this to fix it" lures and fake npm installers Fake-error/CAPTCHA framing + Win+R/Ctrl+V/command-bar keystrokes, PowerShell cradles, pre/postinstall fake installers
🪱 InstallGuardAgent npm worms (Shai-Hulud → Miasma) that run before defenses engage Lifecycle-script credential harvesting, env exfil, destructive rm -rf, obfuscated node -e, weaponized binding.gyp

Also: MCPSecurityAgent now flags MCP_AUTO_LAUNCH_ON_TRUST — a repo-local .mcp.json / .cursor/mcp.json that auto-launches a server the moment you accept the editor's folder-trust prompt.


New: AI Bill of Materials + EU AI Act readiness

ship-safe aibom . --ai-act
  • AIBOM (CycloneDX 1.5) — inventories the AI supply chain an SBOM misses: model weights (pickle vs. safetensors flagged), LLM/ML SDKs & providers (npm + PyPI), MCP servers, agent instruction files.
  • --ai-act — a heuristic EU AI Act high-risk readiness report mapped to provider obligations (Art. 9–17): risk management, data governance, logging, transparency, human oversight, testing, and AI-specific security — scored with a prioritized gap list. An engineering indicator, not legal advice.

Also in this release

  • OWASP Agentic coverage refreshed to the finalized OWASP Top 10 for Agentic Applications 2026 categories.
  • Docs encoding fix — repaired 735+ pre-existing mojibake characters (triple-encoded em-dashes) that rendered as garbled text on the docs page.
  • Agent count 24 → 29 across the CLI, README, docs, and site.

Install / upgrade

# Run it now, no install
npx ship-safe@9.5.0 audit .

# Scan an ML repo's model files + AI supply chain
npx ship-safe@9.5.0 aibom . --ai-act

# Or upgrade a global install
npm install -g ship-safe@9.5.0

Requires Node.js ≥ 18. No signup, no API key required for scanning. Works offline.


Release validation

Check Result
npm test ✅ 249 passing
npm run lint ✅ 0 errors
ship-safe scan . (self-scan) ✅ clean
Every new agent ✅ verified end-to-end through the real CLI
False-positive discipline ✅ safetensors skipped, benign symlinks/READMEs quiet, self-package excluded, normal postinstall quiet

Design notes for defenders

The theme of v9.5.0 is that agents-scanning-agents is now the norm, and the scanner must not become the attack surface. Ship Safe never executes a repo's suggested workflow during a scan — it reads and analyzes, it does not run. If a repository's docs tell an agent to "run this to set up / review," that instruction is treated as untrusted input, not a command.


Full changelog: v9.4.1...v9.5.0
Docs: https://shipsafecli.com/docs · npm: https://www.npmjs.com/package/ship-safe