registry  /  @intentic/cli  /  1.66.0

@intentic/cli@1.66.0

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an infrastructure deployment CLI with user-invoked commands that scaffold repos, read deployment secrets, call provider APIs, and run local tools.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit CLI commands such as intentic init, resolve, apply, adopt, or demo up/clear
Impact
Can create project files, run git/pnpm/docker, manage remote deployment resources, and post optional status webhooks as part of intended operation.
Mechanism
User-invoked deployment automation
Rationale
Static inspection shows risky deployment primitives, but they are tied to explicit CLI/demo workflows and package-aligned infrastructure automation, with no lifecycle trigger, hidden exfiltration, persistence, or AI-agent control-surface mutation. Mark clean despite scanner hits because the suspicious APIs are expected for this CLI.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/adopt/adopt.command.jsdist/demo.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/.envdesired-state/.secrets.jsondesired-state/.last-applied.jsondesired-state/status.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.forgejo/workflows/resolve.yaml.forgejo/workflows/apply.yaml
Network endpoints4
api.cloudflare.com/client/v4/accounts/${cfZone.accountId}/cfd_tunnel/${tunnel.id}/connections${domain}127.0.0.1:${forgejoPort}127.0.0.1:${komodoPort}

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/init/init.js runs git init and pnpm install during explicit intentic init.
  • dist/demo.js runs docker/git/CLI commands and Cloudflare cleanup only when demo script is invoked.
  • dist/resolve/resolve.js dynamically imports user config path for resolve.
Evidence against
  • package.json has no npm lifecycle scripts; only bin intentic points to dist/cli.js.
  • dist/app.js wires explicit CLI commands; no import-time install or background behavior found.
  • Network use is product-aligned: Cloudflare, Forgejo/Komodo, and optional user-provided Discord webhook.
  • No writes to AI-agent control surfaces, shell startup files, VCS hooks, or autostart persistence found.
  • Secret reads are for user-provided .env/generated .secrets.json used by deployment workflows.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 88.8 KB of source, external domains: 127.0.0.1, api.cloudflare.com

Source & flagged code

4 flagged · loading source
dist/init/scaffold-app.jsView file
1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/init/scaffold-app.jsView on unpkg · L1
dist/resolve/resolve.jsView file
6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/resolve/resolve.jsView on unpkg · L6
dist/demo.jsView file
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/demo.jsView on unpkg · L29
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/demo.jsView on unpkg · L29

Findings

4 High3 Medium4 Low
HighChild Processdist/init/scaffold-app.js
HighShell
HighSame File Env Network Executiondist/demo.js
HighCommand Output Exfiltrationdist/demo.js
MediumDynamic Requiredist/resolve/resolve.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings