Publish SpecFlow and Pii to community registry

[jcfischer]

Summary

• First community-published packages from an external contributor
• Adds SpecFlow (spec-driven development) and Pii (PII pseudonymization) to skills/REGISTRY.yaml

Skill Details

SpecFlow

• Repo: https://github.com/jcfischer/specflow-bundle
• Type: skill (monorepo with CLI)
• Capabilities: filesystem read/write to .specflow/, .specify/, ~/.config/specflow/; bash restricted to specflow CLI
• Risk: LOW (no network, no secrets)
• Tested: pai-pkg install https://github.com/jcfischer/specflow-bundle — installs cleanly as v0.1.0

Pii

• Repo: https://github.com/jcfischer/pii-pseudonymizer
• Type: skill with CLI
• Capabilities: filesystem read/write to ~/.config/pii-pseudonymizer/; bash restricted to pii CLI
• Risk: LOW (no network, no secrets)
• Tested: pai-pkg install https://github.com/jcfischer/pii-pseudonymizer — installs cleanly as v1.0.0

Checklist

• pai-manifest.yaml present and complete in both repos
• All capabilities honestly declared
• Repos are public
• License files present (MIT)
• Tested install via pai-pkg from git URL
• Names match pai-manifest.yaml name fields

🤖 Generated with Claude Code

[mellanon]

Security Review: APPROVE WITH NOTES

Reviewed both repos for community registry inclusion. Neither is malicious — both are legitimate, well-structured tools. The findings below are manifest accuracy issues, not security threats.

---

Pii-Pseudonymizer — LOW risk ✅

Clean codebase. One manifest update needed:

• Undeclared network: @huggingface/transformers downloads the NER model from huggingface.co on first use. Manifest says network: []. Should declare network: ["huggingface.co"].
• Filesystem: CLI accepts arbitrary paths via --file, --save-session, etc. This is standard CLI behavior, but manifest only declares ~/.config/pii-pseudonymizer/.

SpecFlow Bundle — MEDIUM risk ✅

Larger surface area. Several manifest updates needed:

1. Undeclared network: Code calls Anthropic API (api.anthropic.com) for eval grading + user-configurable webhook in notifications.ts. Manifest says network: []. Should declare at minimum network: ["api.anthropic.com"].
2. Undeclared secrets: Reads ANTHROPIC_API_KEY from env and probes .env files. Manifest says secrets: []. Should declare secrets: ["ANTHROPIC_API_KEY"].
3. Broader bash than declared: 13 uses of claude --dangerously-skip-permissions, plus git and gitleaks commands. Manifest restricted_to only lists specflow * and bun packages/specflow/src/index.ts *.
4. Author PII leak: migrate-registry.ts contains hardcoded /Users/fischer/... paths. Should be parameterized or removed before wider distribution.
5. Undeclared filesystem: Reads ~/work/, ~/.claude/.env, ~/work/ragent/.env — none declared.

---

Action items (non-blocking for registry inclusion)

These don't block the merge — the packages work correctly and are safe to install. But accurate manifests matter for pai-pkg audit to produce trustworthy results. @jcfischer please update the manifests in follow-up commits:

• Pii: add network: ["huggingface.co"]
• SpecFlow: add network: ["api.anthropic.com"], secrets: ["ANTHROPIC_API_KEY"]
• SpecFlow: expand bash.restricted_to to include claude *, git *, gitleaks *
• SpecFlow: clean hardcoded /Users/fischer/ paths from migrate-registry.ts

First community-published packages — nice work! 🎉