registry  /  @intentic/cli  /  1.59.0

@intentic/cli@1.59.0

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Risky primitives are tied to explicit deployment/demo CLI commands for this infrastructure tool, with no install-time or import-time execution.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs intentic commands such as init, resolve, apply, adopt, or demo.
Impact
Creates local intent/desired-state/app files, runs git/pnpm/docker for scaffolding/demo, and calls configured provider endpoints as part of deployment workflows.
Mechanism
user-invoked deployment scaffolding and provider API automation
Rationale
Static inspection shows an infrastructure/deployment CLI with no lifecycle hooks and no unconsented agent-control or persistence writes. Network, environment, dynamic import, and child-process use are package-aligned and activated by explicit CLI workflows.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/adopt/adopt.jsdist/demo.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/desired-state.jsondesired-state/.env.exampledesired-state/.secrets.jsondesired-state/.last-applied.jsondesired-state/status.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints5
api.cloudflare.com/client/v4/accounts/.../cfd_tunnel/.../connectionsgit.<zone>deploy.<zone>127.0.0.1:<forgejoPort>127.0.0.1:<komodoPort>

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; bin only maps intentic to dist/cli.js.
    • dist/cli.js only dispatches Stricli app routes from argv.
    • dist/init/init.js and dist/init/scaffold-app.js run git/pnpm and write scaffold files only when init is invoked.
    • dist/resolve/resolve.js dynamically imports the user-specified deploy config and uses Cloudflare token only for zone discovery.
    • dist/demo.js Docker/SSH/Cloudflare actions are demo mode command behavior, not install/import-time execution.
    • rg found no Claude/Codex/Cursor/MCP control-surface writes or shell startup/autostart persistence.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 88.7 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings