registry  /  @intellicore/cli  /  0.5.0

@intellicore/cli@0.5.0

IntelliCore CLI — agentflow를 터미널에서 실행하는 AI 개발 도구

AI Security Review

scanned 3d ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `intellicode <prompt>` or starts the interactive CLI after configuration.
Impact
A configured agentflow service can mutate the project and execute local commands during an active session.
Mechanism
Configured remote agent directs local shell and file tools.
Rationale
The source establishes dangerous, user-invoked remote-agent command execution rather than a concrete malicious package chain. It warrants a warning for capability risk, not a publish block.
Evidence
package.jsondist/cli.jsdist/oneshot-BNTVD5UR.jsdist/chunk-WZGKQ4WN.jsdist/login-2RCW33BA.jsdist/init-KYDTSZYF.js~/.intellicorerc.intellicode/config.json.intellicode/rules/coding.md.intellicode/prompts/system.md.intellicode/mcp.json
Network endpoints3
deb.nodesource.com/setup_20.xsh.rustup.rsget.docker.com

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/chunk-WZGKQ4WN.js` registers `shell_exec` for agent responses.
  • `shell_exec` passes supplied commands to `execSync`/`sh -c`.
  • The tool allows project file writes and scaffold cleanup.
  • Tool code includes remote installer command URLs.
Evidence against
  • `package.json` has no preinstall/install/postinstall hook.
  • `dist/cli.js` loads agent execution only after user CLI invocation.
  • `dist/login-2RCW33BA.js` posts credentials only to a user-entered API URL.
  • `dist/init-KYDTSZYF.js` writes only explicit `.intellicode/` setup files.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 43 file(s), 330 KB of source, external domains: get.docker.com, github.com, sh.rustup.rs

Source & flagged code

4 flagged · loading source
dist/update-3RA2HA44.jsView file
4// src/features/update/update.ts L5: import { execSync } from "child_process"; L6: import chalk from "chalk";
High
Child Process

Package source references child process execution.

dist/update-3RA2HA44.jsView on unpkg · L4
19console.log(chalk.blue(" \u280B \uC5C5\uB370\uC774\uD2B8 \uC911...")); L20: execSync("npm install -g @intellicore/cli@latest", { L21: encoding: "utf-8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/update-3RA2HA44.jsView on unpkg · L19
dist/knowledge-VZYH555V.jsView file
80/^(?:export\s+)?const\s+\w+\s*=\s*(?:async\s*)?\(/, L81: /^(?:public|private|protected)\s+(?:static\s+)?(?:async\s+)?\w+\s*\(/, L82: /^def\s+\w+/, ... L176: try { L177: const data = JSON.parse(readFileSync(storePath, "utf-8")); L178: this.chunks = data.chunks;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/knowledge-VZYH555V.jsView on unpkg · L80
dist/chunk-WZGKQ4WN.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @intellicore/cli@0.4.0 matchedIdentity = npm:QGludGVsbGljb3JlL2NsaQ:0.4.0 similarity = 0.930 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-WZGKQ4WN.jsView on unpkg

Findings

1 Critical3 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/chunk-WZGKQ4WN.js
HighChild Processdist/update-3RA2HA44.js
HighShell
HighRuntime Package Installdist/update-3RA2HA44.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/knowledge-VZYH555V.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings