AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious install/import-time attack surface. The main unresolved risk is a default-on runtime self-updater in provider commands that installs the latest global package from npm and re-execs the CLI.
Decision evidence
public snapshot- dist/updater.js default-on auto-update fetches npm latest and runs npm install -g @iicp/client@latest during serve/mcp-gateway.
- dist/cli.js startProviderAutoUpdate() is called from runServe and runMcpGateway, not just an explicit update command.
- dist/cli.js init can run npm install --no-save for optional deps after an interactive prompt.
- dist/tunnel.js can spawn cloudflared for user-invoked Quick Tunnel reachability.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Main import dist/index.js only re-exports SDK modules; provider actions are CLI/runtime commands.
- Network endpoints are aligned with package function: iicp.network directory, npm registry update check, local backends, Cloudflare tunnel.
- Identity files under ~/.iicp are created for operator/node config and chmod 0600; code avoids sending operator_secret/contact.
- No credential harvesting, hidden exfiltration, destructive file operations, obfuscated payloads, or AI-agent control-surface mutation found.
Source & flagged code
5 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/node.jsView on unpkg · L789Package source references dynamic require/import behavior.
dist/client.jsView on unpkg · L7This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L407