AI Security Review
scanned 15d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are tied to explicit CLI provider workflows, optional dependency installation, auto-update, or tunnel setup rather than install/import-time execution.
Decision evidence
public snapshot- dist/updater.js contains default-on serve-time self-update via `npm install -g @iicp/client@latest`.
- dist/tunnel.js can spawn an existing `cloudflared` binary for Quick Tunnel when serve/NAT fallback is used.
- dist/cli.js `init` may run `npm install --no-save` for optional peer deps after interactive user confirmation.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- dist/index.js only re-exports SDK modules; no import-time execution beyond requires.
- Network traffic is package-aligned: IICP directory, backend probes, npm version check, Cloudflare tunnel health/DNS checks.
- Identity code stores operator/node config under user IICP config and explicitly omits operator secret/contact from public views.
- MCP gateway requires explicit `--tools` allowlist and blocks shell/interpreter tool names.
- No credential harvesting, destructive behavior, persistence outside user-invoked service install, or AI-agent control-surface mutation found.
Source & flagged code
5 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/node.jsView on unpkg · L713Package source references dynamic require/import behavior.
dist/client.jsView on unpkg · L7Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L1888Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L333