registry  /  @intellicore/cli  /  0.7.7

@intellicore/cli@0.7.7

IntelliCore CLI — agentflow를 터미널에서 실행하는 AI 개발 도구

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the CLI and authorizes agent actions or enables auto-approval.
Impact
Authorized or auto-approved model output can alter project files, delete `src/`, or run local commands.
Mechanism
Remote flow tool calls execute shell commands and modify the current project.
Rationale
The scanner’s malicious label is unsupported by the source: the risky behavior is exposed as a user-invoked coding-agent feature, not an install-time attack. Its remote-controlled shell and destructive scaffold behavior remain sufficiently dangerous to warn.
Evidence
package.jsondist/cli.jsdist/chunk-TLN7YK7T.jsdist/update-C67XPWZS.jsdist/init-QR2YUWA2.jsdist/chunk-BH2AN5FA.js.intellicode/config.json.intellicode/rules/coding.md.intellicode/prompts/system.md.intellicode/mcp.json~/.intellicorerc<current-project>/src
Network endpoints1
localhost:${port}/

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/chunk-TLN7YK7T.js` executes LLM-returned `shell_exec` commands.
  • `project_scaffold` deletes an existing user-project `src/` directory before writing files.
  • `dist/update-C67XPWZS.js` runs global npm install only through explicit `intellicode update`.
  • API responses can direct file and shell tools after normal CLI use.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
  • `dist/cli.js` activates update, init, MCP, and agent flows only from user commands.
  • Shell-danger patterns and existing-file writes prompt by default.
  • No fixed external exfiltration endpoint, eval/vm payload, or foreign AI-agent config mutation found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 44 file(s), 372 KB of source, external domains: get.docker.com, github.com, sh.rustup.rs

Source & flagged code

4 flagged · loading source
dist/chunk-TLN7YK7T.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @intellicore/cli@0.7.6 matchedIdentity = npm:QGludGVsbGljb3JlL2NsaQ:0.7.6 similarity = 0.977 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-TLN7YK7T.jsView on unpkg
300// src/features/tools/shell-exec.ts L301: import { execSync, spawn } from "child_process"; L302: import { resolve as resolve3, join as join2 } from "path";
High
Child Process

Package source references child process execution.

dist/chunk-TLN7YK7T.jsView on unpkg · L300
dist/knowledge-VZYH555V.jsView file
80/^(?:export\s+)?const\s+\w+\s*=\s*(?:async\s*)?\(/, L81: /^(?:public|private|protected)\s+(?:static\s+)?(?:async\s+)?\w+\s*\(/, L82: /^def\s+\w+/, ... L176: try { L177: const data = JSON.parse(readFileSync(storePath, "utf-8")); L178: this.chunks = data.chunks;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/knowledge-VZYH555V.jsView on unpkg · L80
dist/update-C67XPWZS.jsView file
19console.log(chalk.blue(" \u280B \uC5C5\uB370\uC774\uD2B8 \uC911...")); L20: execSync("npm install -g @intellicore/cli@latest", { L21: encoding: "utf-8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/update-C67XPWZS.jsView on unpkg · L19

Findings

1 Critical3 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/chunk-TLN7YK7T.js
HighChild Processdist/chunk-TLN7YK7T.js
HighShell
HighRuntime Package Installdist/update-C67XPWZS.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/knowledge-VZYH555V.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings