AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious behavior, but the provider CLI has a default-on self-update path that can mutate the global npm installation during runtime. Other child-process and network primitives are visible CLI features for node hosting and tunnel reachability.
Decision evidence
public snapshot- dist/updater.js default-on serve updater fetches npm latest and runs `npm install -g @iicp/client@latest`.
- dist/cli.js startProviderAutoUpdate schedules updater for long-running provider processes unless IICP_AUTO_UPDATE disables it.
- dist/cli.js init can run `npm install --no-save` for optional peer deps after interactive confirmation.
- dist/tunnel.js spawns `cloudflared tunnel --url http://127.0.0.1:<port>` when NAT/tunnel path is requested or auto-selected.
- package.json has no install/preinstall/postinstall lifecycle hooks.
- dist/index.js only re-exports SDK modules; no install-time or simple import-time updater execution observed.
- Network use is aligned with IICP SDK/node operation: directory registration, backend probing, NAT checks, proxy/query, and update checks.
- dist/client.js includes SSRF guards for discovered node endpoints.
- Identity/config writes are user-invoked CLI/provider state under ~/.iicp, not hidden credential harvesting.
Source & flagged code
5 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/node.jsView on unpkg · L762Package source references dynamic require/import behavior.
dist/client.jsView on unpkg · L7Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L2133Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L407