registry  /  @intentic/cli  /  1.67.0

@intentic/cli@1.67.0

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky primitives are aligned with an infrastructure deployment CLI and are activated by explicit commands, not npm install or import.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes intentic commands such as init, resolve, apply, adopt, or demo.
Impact
Can create, modify, or delete user-specified deployment resources when explicitly run with credentials; no evidence of credential harvesting, persistence, or unconsented control-surface mutation.
Mechanism
User-directed infrastructure scaffolding, deployment reconciliation, git operations, SSH/Docker/Cloudflare API calls.
Rationale
Static inspection shows a deployment CLI with explicit user-invoked commands and no lifecycle hooks, install-time execution, persistence, AI-agent control-surface writes, or concrete exfiltration path. Scanner hits map to expected infrastructure operations: git/pnpm scaffolding, Cloudflare/Forgejo APIs, SSH/Docker demo management, and user-configured webhook status posting.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/demo.jsREADME.mdintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/desired-state.jsondesired-state/status.jsondesired-state/.last-applied.jsondesired-state/access.mddesired-state/.envdesired-state/.secrets.jsonapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints5
api.cloudflare.com/client/v4/accounts/.../cfd_tunnel/.../connectionsgit.${domain}${domain}127.0.0.1:${forgejoPort}127.0.0.1:${komodoPort}

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; only bin points to dist/cli.js.
    • dist/cli.js only starts the Stricli CLI; no install/import-time side effects observed.
    • dist/init/init.js and dist/init/scaffold-app.js run git/pnpm and write scaffold files only when user invokes init.
    • dist/resolve/resolve.js imports a user-specified config and calls Cloudflare APIs using user env secrets for zone discovery.
    • dist/apply/apply.command.js reconciles user-provided desired-state artifacts and optionally posts a non-secret status summary to a configured webhook.
    • dist/demo.js Docker/Cloudflare/SSH actions are explicit demo up/down/clear behavior, not automatic package execution.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 88.8 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings