registry  /  @intellicore/cli  /  0.3.1

@intellicore/cli@0.3.1

IntelliCore CLI — agentflow를 터미널에서 실행하는 AI 개발 도구

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is an AI developer CLI with user-invoked network, shell, file, and project scaffolding capabilities aligned with its advertised function.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs intellicode commands such as login, init, update, mcp-serve, or a prompt.
Impact
Can modify files or run commands during interactive agent use, but source inspection found no unconsented install-time execution, credential harvesting, or exfiltration.
Mechanism
package-owned AI CLI tools with explicit user-triggered shell/file/API operations
Rationale
The risky primitives are exposed as normal functionality of an authenticated AI coding CLI and are activated by explicit user commands, with no npm install-time mutation or hidden exfiltration path found. Static scanner hits for shell, network, env vars, and runtime install are explained by CLI features and update/login flows.
Evidence
package.jsondist/cli.jsdist/chunk-BVDHGBXK.jsdist/update-7U4SZ6FF.jsdist/login-PCIMGJQD.jsdist/init-AZRL73X3.jsdist/chunk-UEC5BN6B.jssettings/defaults.json~/.intellicorerc.intellicode/config.json.intellicode/rules/coding.md.intellicode/prompts/system.md.intellicode/mcp.jsoncurrent-working-directory files via user/agent-invoked tools
Network endpoints6
<configured apiUrl>/api/v1/auth/login<configured apiUrl>/api/v1/auth/refresh<configured apiUrl>/api/v1/agentflows<configured apiUrl>/api/v1/agentflows/{id}/webhooklocalhost:${port}/github.com/SolomonJongmin/intellicore-cli/releases

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/chunk-BVDHGBXK.js registers AI-agent tools for file_write/file_patch/project_scaffold and shell_exec.
  • dist/update-7U4SZ6FF.js update command runs npm install -g and git pull/npm install only when user invokes intellicode update.
  • dist/init-AZRL73X3.js user-invoked init writes .intellicode prompt/config files in the current project.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepublishOnly builds before publishing.
  • dist/cli.js only dispatches explicit CLI subcommands or oneshot mode; no install/import-time payload.
  • dist/chunk-BVDHGBXK.js file tools constrain writes/reads to process.cwd() and block some sensitive reads.
  • dist/login-PCIMGJQD.js sends entered credentials only to the user-provided API URL and stores tokens in ~/.intellicorerc chmod 0600.
  • dist/chunk-UEC5BN6B.js API calls use configured apiUrl for agentflow endpoints; no hardcoded exfiltration host found.
  • settings/defaults.json contains agent instructions for this package-owned CLI, not a broad foreign agent control-surface mutation.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 28 file(s), 188 KB of source, external domains: get.docker.com, github.com, sh.rustup.rs

Source & flagged code

3 flagged · loading source
dist/chunk-BVDHGBXK.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @intellicore/cli@0.3.0 matchedIdentity = npm:QGludGVsbGljb3JlL2NsaQ:0.3.0 similarity = 0.821 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-BVDHGBXK.jsView on unpkg
281// src/features/tools/shell-exec.ts L282: import { execSync, spawn } from "child_process"; L283:
High
Child Process

Package source references child process execution.

dist/chunk-BVDHGBXK.jsView on unpkg · L281
dist/update-7U4SZ6FF.jsView file
18console.log(chalk.blue(" \u280B \uC5C5\uB370\uC774\uD2B8 \uC911...")); L19: execSync("npm install -g @intellicore/cli@latest", { L20: encoding: "utf-8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/update-7U4SZ6FF.jsView on unpkg · L18

Findings

1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/chunk-BVDHGBXK.js
HighChild Processdist/chunk-BVDHGBXK.js
HighShell
HighRuntime Package Installdist/update-7U4SZ6FF.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings