AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is an AI developer CLI with user-invoked network, shell, file, and project scaffolding capabilities aligned with its advertised function.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs intellicode commands such as login, init, update, mcp-serve, or a prompt.
Impact
Can modify files or run commands during interactive agent use, but source inspection found no unconsented install-time execution, credential harvesting, or exfiltration.
Mechanism
package-owned AI CLI tools with explicit user-triggered shell/file/API operations
Rationale
The risky primitives are exposed as normal functionality of an authenticated AI coding CLI and are activated by explicit user commands, with no npm install-time mutation or hidden exfiltration path found. Static scanner hits for shell, network, env vars, and runtime install are explained by CLI features and update/login flows.
Evidence
package.jsondist/cli.jsdist/chunk-BVDHGBXK.jsdist/update-7U4SZ6FF.jsdist/login-PCIMGJQD.jsdist/init-AZRL73X3.jsdist/chunk-UEC5BN6B.jssettings/defaults.json~/.intellicorerc.intellicode/config.json.intellicode/rules/coding.md.intellicode/prompts/system.md.intellicode/mcp.jsoncurrent-working-directory files via user/agent-invoked tools
Network endpoints6
<configured apiUrl>/api/v1/auth/login<configured apiUrl>/api/v1/auth/refresh<configured apiUrl>/api/v1/agentflows<configured apiUrl>/api/v1/agentflows/{id}/webhooklocalhost:${port}/github.com/SolomonJongmin/intellicore-cli/releases
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/chunk-BVDHGBXK.js registers AI-agent tools for file_write/file_patch/project_scaffold and shell_exec.
- dist/update-7U4SZ6FF.js update command runs npm install -g and git pull/npm install only when user invokes intellicode update.
- dist/init-AZRL73X3.js user-invoked init writes .intellicode prompt/config files in the current project.
Evidence against
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly builds before publishing.
- dist/cli.js only dispatches explicit CLI subcommands or oneshot mode; no install/import-time payload.
- dist/chunk-BVDHGBXK.js file tools constrain writes/reads to process.cwd() and block some sensitive reads.
- dist/login-PCIMGJQD.js sends entered credentials only to the user-provided API URL and stores tokens in ~/.intellicorerc chmod 0600.
- dist/chunk-UEC5BN6B.js API calls use configured apiUrl for agentflow endpoints; no hardcoded exfiltration host found.
- settings/defaults.json contains agent instructions for this package-owned CLI, not a broad foreign agent control-surface mutation.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/chunk-BVDHGBXK.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @intellicore/cli@0.3.0
matchedIdentity = npm:QGludGVsbGljb3JlL2NsaQ:0.3.0
similarity = 0.821
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-BVDHGBXK.jsView on unpkg281// src/features/tools/shell-exec.ts
L282: import { execSync, spawn } from "child_process";
L283:
High
Child Process
Package source references child process execution.
dist/chunk-BVDHGBXK.jsView on unpkg · L281dist/update-7U4SZ6FF.jsView file
18console.log(chalk.blue(" \u280B \uC5C5\uB370\uC774\uD2B8 \uC911..."));
L19: execSync("npm install -g @intellicore/cli@latest", {
L20: encoding: "utf-8",
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/update-7U4SZ6FF.jsView on unpkg · L18Findings
1 Critical3 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/chunk-BVDHGBXK.js
HighChild Processdist/chunk-BVDHGBXK.js
HighShell
HighRuntime Package Installdist/update-7U4SZ6FF.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings