registry  /  @intentic/cli  /  1.68.0

@intentic/cli@1.68.0

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an infrastructure deployment CLI whose network, secret, filesystem, and subprocess behavior is package-aligned and activated by explicit commands.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs intentic subcommands such as init, resolve, apply, adopt, sandbox-tunnel, host-ssh-tunnel, or demo directly.
Impact
Can create local project files, run git/pnpm/docker, read configured secrets, and call Cloudflare/Forgejo/Komodo/Discord endpoints as part of documented deployment workflows.
Mechanism
User-invoked deployment automation
Rationale
Static inspection found no install-time execution and no unconsented persistence, agent-surface mutation, credential exfiltration, or remote payload execution. Suspicious primitives are consistent with a user-invoked deployment CLI that manages local repos, secrets, tunnels, and infrastructure.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/demo.jstemplates/workflows/resolve.yaml.etatemplates/workflows/apply.yaml.etaintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/desired-state.jsondesired-state/.env.exampledesired-state/.secrets.jsondesired-state/status.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints3
api.cloudflare.com/client/v4github.com/actions/checkoutregistry.npmjs.org/

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts; only bin is dist/cli.js
    • dist/cli.js only dispatches user-invoked stricli commands
    • dist/init/init.js runs git/pnpm and writes intent/desired-state/app files only during explicit init
    • dist/resolve/resolve.js dynamically imports the user-specified deploy config and reads Cloudflare token for zone discovery
    • dist/demo.js Docker/SSH/Cloudflare actions are gated by explicit demo up/down/clear mode and are not wired as bin or install hook
    • No AI-agent control-surface writes, shell startup persistence, credential harvesting, or hidden exfiltration found
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 88.8 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings