AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malware or install-time attack behavior was found. The main unresolved risk is a default-on runtime self-updater that can globally reinstall the package after a user starts long-running provider commands.
Decision evidence
public snapshot- dist/updater.js performs default-on runtime self-update via spawn("npm", ["install","-g","@iicp/client@latest"]).
- dist/cli.js starts auto-update timers during serve and mcp-gateway, first check within 5 minutes unless IICP_AUTO_UPDATE disables it.
- dist/cli.js init can run execSync("npm install --no-save ...") after an interactive prompt for optional peers.
- dist/cli.js mcp-gateway exposes user-allowed MCP tools over /v1/task to IICP directory-discovered callers.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- Main import dist/index.js only re-exports SDK modules; no import-time execution observed.
- Network calls are aligned with IICP directory, backend probing, npm version check, Cloudflare tunnel health, and user-configured endpoints.
- Identity secrets are stored locally under ~/.iicp and public registration omits operator_secret/contact.
- MCP gateway requires explicit command plus --tools/IICP_MCP_TOOLS and deny-lists shell/interpreter tool names.
- Quick Tunnel spawns existing cloudflared only after explicit/serve reachability logic and never auto-installs it.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version.
dist/node.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/node.jsView on unpkg · L762Package source references dynamic require/import behavior.
dist/client.jsView on unpkg · L7Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L2109Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L404