AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky primitives are tied to explicit CLI deployment/demo/adopt commands and package-aligned infrastructure automation, not install-time or hidden execution.
Decision evidence
public snapshot- dist/demo.js combines Docker/git/SSH execution, Cloudflare API calls, and local state writes, but is not package bin or lifecycle.
- dist/resolve/resolve.js dynamically imports user-specified deploy config and reads Cloudflare token from env when resolve is invoked.
- dist/apply/apply.command.js can POST a reconcile summary to a user-supplied Discord webhook from artifact outputs.
- package.json has no preinstall/install/postinstall lifecycle hooks; only bin is dist/cli.js.
- dist/cli.js only dispatches Stricli commands; no import-time exfiltration or mutation observed.
- dist/index.js exports helpers only; no network, shell, or install-time behavior.
- Child process use in dist/init/init.js and dist/adopt/adopt.js is explicit CLI scaffolding/git workflow behavior.
- Secret reads/writes are documented package functions: .env/.secrets.json, /opt/intentic/secrets.json over configured SSH, and Forgejo repo secrets.
- README.md describes an intent-driven deployment CLI matching observed Cloudflare/Forgejo/Komodo/Docker behavior.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/init/scaffold-app.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/resolve/resolve.jsView on unpkg · L6A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/demo.jsView on unpkg · L29Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/demo.jsView on unpkg · L29