registry  /  @intentic/cli  /  1.73.0

@intentic/cli@1.73.0

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a CLI that performs user-invoked deployment, demo, resolve, and scaffold actions involving Docker, git, SSH, Cloudflare, and local project files.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the intentic CLI commands such as init, resolve, apply, or demo actions.
Impact
Can create project scaffold files, run local Docker/git/Node commands, write demo state/secrets under the working repo, and modify package-aligned Cloudflare/DNS/tunnel resources when invoked with credentials.
Mechanism
user-invoked infrastructure provisioning CLI
Rationale
Static inspection found risky primitives, but they are tied to explicit CLI/demo/deployment workflows and package-aligned infrastructure behavior rather than install-time execution, credential exfiltration, persistence, or agent control-surface hijacking. The Cloudflare token handling and command execution are sensitive but user-invoked and expected for this deployment CLI.
Evidence
package.jsondist/demo.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/cli.jsintent/deploy.config.tsdesired-state/desired-state.jsondesired-state/.env.demo/state.json
Network endpoints6
api.cloudflare.com/client/v4/accounts/{accountId}/cfd_tunnel/{tunnelId}/connectionsgit.{zone}deploy.{zone}app.{zone}127.0.0.1:{forgejoPort}127.0.0.1:{komodoPort}

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/demo.js can read Cloudflare token from config or desired-state/.env and writes .demo/state.json with apiToken, but only inside user-invoked demo flow.
  • dist/demo.js runs docker/git/CLI commands and calls Cloudflare/Forgejo APIs for demo provisioning and teardown.
  • dist/resolve/resolve.js dynamically imports user config and reads an env-named Cloudflare token to list zones during resolve.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts; execution is via bin intentic or imported API.
  • dist/init/scaffold-app.js child_process use is git clone/init for explicit app scaffolding.
  • dist/demo.js network endpoints are package-aligned Cloudflare/Forgejo/Komodo/demo URLs derived from user config, not hardcoded exfiltration hosts.
  • No source inspected writes AI-agent control surfaces, shell startup files, VCS hooks, autostart services, or foreign MCP/Claude/Codex config.
  • No import-time execution beyond definitions was found in inspected hot files.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 88.8 KB of source, external domains: 127.0.0.1, api.cloudflare.com

Source & flagged code

4 flagged · loading source
dist/init/scaffold-app.jsView file
1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/init/scaffold-app.jsView on unpkg · L1
dist/resolve/resolve.jsView file
6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/resolve/resolve.jsView on unpkg · L6
dist/demo.jsView file
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/demo.jsView on unpkg · L29
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/demo.jsView on unpkg · L29

Findings

4 High3 Medium4 Low
HighChild Processdist/init/scaffold-app.js
HighShell
HighSame File Env Network Executiondist/demo.js
HighCommand Output Exfiltrationdist/demo.js
MediumDynamic Requiredist/resolve/resolve.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings