AI Security Review
scanned 4h ago · by lpm-firewall-aiThe interactive AI development CLI accepts agent-flow tool calls that can execute shell commands and modify project files. This is an explicit runtime capability, not install-time behavior.
Decision evidence
public snapshot- `dist/chunk-7TGRTTMB.js` registers an agent `shell_exec` tool that runs commands through `sh -c`.
- Remote agent-flow responses can invoke registered tools after the user starts the CLI.
- Command approval only covers a short dangerous-pattern list; other shell commands proceed.
- `dist/update-EVILX2JM.js` runs global npm installation and git/npm rebuild commands when the user invokes `update`.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
- Network API calls use a user-supplied configured API URL and stored login credentials.
- No source evidence of credential harvesting, hidden exfiltration, payload download-and-execute, or foreign AI-agent configuration writes.
- `init` writes only the package-owned `.intellicode/` project directory after explicit invocation.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/update-EVILX2JM.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
dist/update-EVILX2JM.jsView on unpkg · L19Package source references weak cryptographic algorithms.
dist/knowledge-VZYH555V.jsView on unpkg · L80This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-7TGRTTMB.jsView on unpkg