AI Security Review
scanned 14d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The main unresolved risk is a user-invoked provider CLI with default-on self-update that can globally install a newer @iicp/client from npm during runtime.
Decision evidence
public snapshot- dist/updater.js default-on autoUpdateEnabled checks registry and runs spawn('npm',['install','-g','@iicp/client@latest']) during long-running serve unless IICP_AUTO_UPDATE=0.
- dist/cli.js startProviderAutoUpdate wires updater into provider runtime; dist/cli.js installMissing can run npm install --no-save for optional extras when user invokes dependency setup.
- dist/tunnel.js spawns existing cloudflared for user-requested/auto NAT Quick Tunnel and writes state under IICP_HOME or ~/.iicp/state.
- package.json has no preinstall/install/postinstall hooks; main dist/index.js only re-exports SDK modules.
- dist/cli.js executes main only under require.main === module, so importing ./cli does not run commands.
- Network endpoints are package-aligned: https://iicp.network/api, npm registry, local backend URLs, Anthropic API, Cloudflare tunnel/DoH.
- No source evidence of credential harvesting, arbitrary remote payload execution, destructive filesystem actions, or unconsented install-time behavior.
- Identity/token files in dist/identity.js are created for CLI node operation under ~/.iicp with chmod 0600, not exfiltrated in inspected paths.
Source & flagged code
6 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/node.jsView on unpkg · L756Package source references dynamic require/import behavior.
dist/client.jsView on unpkg · L7This package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L2109Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L404