registry  /  @intentic/cli  /  1.65.0

@intentic/cli@1.65.0

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a deployment CLI with user-invoked commands that scaffold repos, resolve/apply desired state, and manage demo infrastructure.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the intentic CLI commands such as init, resolve, apply, adopt, or demo.
Impact
Expected project scaffolding and infrastructure changes under user-selected directories/providers; no install-time or import-time compromise observed.
Mechanism
User-invoked deployment automation with project file writes, git/docker/ssh execution, and provider API calls.
Rationale
Static inspection shows suspicious primitives are aligned with an infrastructure deployment CLI and require explicit user command execution. There is no npm lifecycle execution, credential exfiltration, hidden persistence, or unconsented AI-agent control-surface mutation.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/resolve/resolve.command.jsdist/apply/apply.command.jsdist/adopt/adopt.command.jsdist/demo.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/.env.exampledesired-state/.secrets.jsondesired-state/status.jsondesired-state/.last-applied.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints4
api.cloudflare.com/client/v4/accounts/${cfZone.accountId}/cfd_tunnel/${tunnel.id}/connections${domain}127.0.0.1:${forgejoPort}127.0.0.1:${komodoPort}

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/init/init.js runs git and pnpm during user-invoked init
  • dist/demo.js runs docker/ssh/git-style demo setup and Cloudflare cleanup
  • dist/resolve/resolve.js dynamically imports the user config path
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks
  • dist/cli.js only dispatches user-invoked Stricli commands
  • Command execution is tied to documented init/demo/adopt/apply workflows
  • Secrets are read from env/.env or generated into .secrets.json, then used for Cloudflare/Forgejo operations
  • No foreign AI-agent files, shell startup files, VCS hooks, or autostart persistence writes found
  • Network use is package-aligned deployment/control-plane API access
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 88.8 KB of source, external domains: 127.0.0.1, api.cloudflare.com

Source & flagged code

4 flagged · loading source
dist/init/scaffold-app.jsView file
1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/init/scaffold-app.jsView on unpkg · L1
dist/resolve/resolve.jsView file
6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/resolve/resolve.jsView on unpkg · L6
dist/demo.jsView file
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/demo.jsView on unpkg · L29
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/demo.jsView on unpkg · L29

Findings

4 High3 Medium4 Low
HighChild Processdist/init/scaffold-app.js
HighShell
HighSame File Env Network Executiondist/demo.js
HighCommand Output Exfiltrationdist/demo.js
MediumDynamic Requiredist/resolve/resolve.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings