AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The main unresolved risk is a default-on runtime self-updater for long-running provider CLI processes.
Decision evidence
public snapshot- dist/cli.js starts default provider auto-update during serve/mcp-gateway runtime.
- dist/updater.js fetches npm latest and runs npm install -g @iicp/client@latest, then reexecs CLI.
- dist/cli.js init can run npm install --no-save for optional deps after an interactive prompt.
- dist/tunnel.js can spawn cloudflared tunnel for user-invoked provider reachability.
- package.json has no lifecycle scripts; main is dist/index.js and bin is user-invoked dist/cli.js.
- dist/index.js only re-exports SDK modules; no install/import-time execution found.
- Network endpoints are package-aligned: iicp.network directory/API, npm registry version check, local backends, Cloudflare tunnel health/DNS.
- Identity/token files under ~/.iicp are created/read for declared CLI operator/node configuration, not harvested for exfiltration.
- No credential scanning, destructive actions, persistence outside service/update features, or reviewer/prompt manipulation found.
Source & flagged code
6 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/node.jsView on unpkg · L762Package source references dynamic require/import behavior.
dist/client.jsView on unpkg · L7This package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L2133Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L407