registry  /  @intellicore/cli  /  0.7.6

@intellicore/cli@0.7.6

IntelliCore CLI — agentflow를 터미널에서 실행하는 AI 개발 도구

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The interactive AI development CLI accepts agent-flow tool calls that can execute shell commands and modify project files. This is an explicit runtime capability, not install-time behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `intellicode` and connects to a configured agent-flow service; user can also invoke `intellicode update`.
Impact
A configured or compromised agent-flow service could cause local project command execution; broad approval can permit commands outside the limited denylist.
Mechanism
Remote agent-directed shell execution and project file mutation.
Rationale
This is a dangerous dual-use AI coding-agent capability with insufficiently comprehensive command gating, warranting a warning. It is not concrete malicious package behavior because activation is user-driven and no covert exfiltration, persistence, or install-time execution was found.
Evidence
package.jsondist/cli.jsdist/chunk-7TGRTTMB.jsdist/chunk-PPPSFEJE.jsdist/update-EVILX2JM.jsdist/init-QR2YUWA2.js~/.intellicorerc./.intellicode/

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/chunk-7TGRTTMB.js` registers an agent `shell_exec` tool that runs commands through `sh -c`.
  • Remote agent-flow responses can invoke registered tools after the user starts the CLI.
  • Command approval only covers a short dangerous-pattern list; other shell commands proceed.
  • `dist/update-EVILX2JM.js` runs global npm installation and git/npm rebuild commands when the user invokes `update`.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
  • Network API calls use a user-supplied configured API URL and stored login credentials.
  • No source evidence of credential harvesting, hidden exfiltration, payload download-and-execute, or foreign AI-agent configuration writes.
  • `init` writes only the package-owned `.intellicode/` project directory after explicit invocation.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 44 file(s), 371 KB of source, external domains: get.docker.com, github.com, sh.rustup.rs

Source & flagged code

4 flagged · loading source
dist/update-EVILX2JM.jsView file
4// src/features/update/update.ts L5: import { execSync } from "child_process"; L6: import chalk from "chalk";
High
Child Process

Package source references child process execution.

dist/update-EVILX2JM.jsView on unpkg · L4
19console.log(chalk.blue(" \u280B \uC5C5\uB370\uC774\uD2B8 \uC911...")); L20: execSync("npm install -g @intellicore/cli@latest", { L21: encoding: "utf-8",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/update-EVILX2JM.jsView on unpkg · L19
dist/knowledge-VZYH555V.jsView file
80/^(?:export\s+)?const\s+\w+\s*=\s*(?:async\s*)?\(/, L81: /^(?:public|private|protected)\s+(?:static\s+)?(?:async\s+)?\w+\s*\(/, L82: /^def\s+\w+/, ... L176: try { L177: const data = JSON.parse(readFileSync(storePath, "utf-8")); L178: this.chunks = data.chunks;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/knowledge-VZYH555V.jsView on unpkg · L80
dist/chunk-7TGRTTMB.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @intellicore/cli@0.5.0 matchedIdentity = npm:QGludGVsbGljb3JlL2NsaQ:0.5.0 similarity = 0.558 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-7TGRTTMB.jsView on unpkg

Findings

1 Critical3 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/chunk-7TGRTTMB.js
HighChild Processdist/update-EVILX2JM.js
HighShell
HighRuntime Package Installdist/update-EVILX2JM.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/knowledge-VZYH555V.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings