registry  /  @intentic/cli  /  1.72.0

@intentic/cli@1.72.0

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Sensitive operations are user-invoked deployment/demo CLI behavior aligned with the package purpose.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs intentic commands such as init, resolve, apply, or demo.
Impact
Can create project scaffold files and manage user-declared deployment infrastructure when explicitly invoked.
Mechanism
deployment orchestration CLI using user config, env tokens, git, pnpm, Docker, SSH, and Cloudflare APIs
Rationale
Static inspection shows a deployment CLI with no lifecycle hooks and no unconsented install/import-time mutation. The scanner hits are explained by explicit CLI features for scaffolding, resolving Cloudflare-backed state, applying deployments, and running a local demo.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/resolve/resolve.command.jsdist/apply/apply.command.jsdist/demo.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/desired-state.jsondesired-state/.env.exampledesired-state/.secrets.jsondesired-state/.last-applied.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints5
api.cloudflare.com/client/v4/accounts/${cfZone.accountId}/cfd_tunnel/${tunnel.id}/connectionsuser-provided reconcileWebhook${domain}127.0.0.1:${forgejoPort}127.0.0.1:${komodoPort}

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; only bin intentic -> dist/cli.js.
    • dist/cli.js only dispatches Stricli commands; no install/import-time side effects.
    • dist/init/init.js runs git/pnpm and writes intent/desired-state/app files only when user invokes init.
    • dist/resolve/resolve.js imports user config and calls Cloudflare zone APIs using env token for deployment resolution.
    • dist/demo.js Docker/SSH/Cloudflare operations are demo-mode code, not package install-time behavior.
    • No writes to AI-agent control surfaces, shell startup files, VCS hooks, or broad home persistence found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 88.8 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings