AI Security Review
scanned 14d ago · by lpm-firewall-aiNo confirmed malware or install-time attack was found. The main unresolved risk is a user-invoked provider server that performs default-on self-update with a global npm install and process reexec.
Decision evidence
public snapshot- dist/updater.js default-on autoUpdateTick runs npm install -g @iicp/client@latest then reexecs during serve
- dist/cli.js startProviderAutoUpdate is called by runServe without an explicit update command; opt-out is IICP_AUTO_UPDATE=0
- dist/cli.js init can run execSync npm install --no-save for optional deps, but only after interactive prompt
- dist/tunnel.js spawns cloudflared tunnel when serving and tunnel fallback is enabled
- package.json has no install/preinstall/postinstall lifecycle hooks
- dist/index.js is a re-export entrypoint with no obvious import-time execution beyond requires
- Network activity is aligned with IICP SDK/node functions: directory registration/discovery, backend probes, credits, NAT/tunnel checks
- Identity/token files are stored under ~/.iicp for operator/node operation, not harvested or exfiltrated generically
- No credential scraping, destructive behavior, persistence outside CLI service generation, or reviewer/prompt manipulation found
Source & flagged code
6 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/node.jsView on unpkg · L756Package source references dynamic require/import behavior.
dist/client.jsView on unpkg · L7This package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L2081Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L388