registry  /  @intentic/cli  /  1.58.1

@intentic/cli@1.58.1

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a deployment CLI with explicit commands that scaffold project directories, reconcile infrastructure, create Cloudflare tunnels/DNS, and push Forgejo repos/secrets.

Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs intentic subcommands such as init, resolve, apply, adopt, sandbox-tunnel, host-ssh-tunnel, or demo.
Impact
Expected project/infra mutation under the user's selected workspace and configured providers; no install-time or hidden execution observed.
Mechanism
User-invoked deployment and project scaffolding automation
Rationale
Static inspection shows suspicious primitives are consistent with an explicit infrastructure deployment CLI and demo harness, not install-time malware or hidden exfiltration. No unconsented foreign AI-agent control-surface mutation, persistence, credential harvesting, or remote code execution path was found.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/adopt/adopt.command.jsdist/adopt/adopt.jsdist/pipelines/adopt-pipelines.jsdist/sandbox-tunnel/sandbox-tunnel.jsdist/host-ssh-tunnel/host-ssh-tunnel.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/.env.exampledesired-state/.secrets.jsondesired-state/desired-state.jsondesired-state/.status.jsondesired-state/.access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json.forgejo/workflows/resolve.yaml
Network endpoints4
api.cloudflare.com/client/v4/github.com/actions/checkoutregistry.npmjs.org/github.com/radarsu/intentic.git

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle scripts; only bin "intentic" -> dist/cli.js.
    • dist/cli.js only dispatches @stricli CLI routes; no import-time install behavior.
    • Child process use is user-invoked: init runs git/pnpm scaffolding, demo runs Docker/SSH demo workflow.
    • Network/API use is package-aligned deployment automation for Cloudflare, Forgejo, Discord webhook, and user-specified services.
    • No writes to Claude/Codex/Cursor/MCP/agent control surfaces or shell/VCS persistence hooks found.
    • Secrets are read from env/project files for deployment and repo secret setup; no hardcoded exfiltration endpoint found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 88.7 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings