registry  /  @intentic/cli  /  1.76.3

@intentic/cli@1.76.3

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a deployment CLI whose shell, filesystem, SSH, and network behavior is exposed through explicit user-invoked commands and is consistent with its intent-driven deployment purpose.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs intentic CLI commands such as init, resolve, apply, adopt, or demo up/clear
Impact
Creates local project artifacts, runs git/pnpm/docker, manages SSH/deployment resources, and calls configured deployment APIs when requested
Mechanism
user-invoked deployment automation
Rationale
Static inspection found powerful deployment primitives, but they are user-invoked and package-aligned with no install-time execution, covert exfiltration, or unconsented control-surface mutation. Scanner findings are explained by legitimate CLI deployment, demo, and scaffold workflows.
Evidence
package.jsondist/cli.jsdist/app.jsdist/demo.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/resolve/resolve.command.jsdist/apply/apply.command.jsdist/adopt/adopt.jsdist/adopt/adopt.command.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/.envdesired-state/.secrets.jsondesired-state/desired-state.jsondesired-state/last-applied.jsondesired-state/status.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints5
api.cloudflare.com/client/v4/accounts/{accountId}/cfd_tunnel/{tunnel.id}/connections{domain}127.0.0.1:{forgejoPort}127.0.0.1:{komodoPort}127.0.0.1:{appPort}

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/demo.js combines docker/git execution, Cloudflare API calls, SSH setup, and local secret writes for explicit demo up/clear modes
  • dist/init/init.js and dist/init/scaffold-app.js run git/pnpm and write scaffold files when user invokes init
  • dist/resolve/resolve.js dynamically imports the user-supplied config path and reads a Cloudflare token from env for zone discovery
  • dist/apply/apply.command.js can POST a reconcile summary to a graph-provided Discord webhook
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • dist/cli.js only invokes @stricli routing for user-supplied CLI commands
  • Network calls are aligned with deployment features: Cloudflare, Forgejo/control plane, local demo services, and optional Discord webhook
  • No import-time credential harvesting, hidden persistence, foreign AI-agent config mutation, or stealth payload download observed
  • Command execution is tied to explicit user commands such as init, adopt, apply, and demo, not automatic install execution
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 88.8 KB of source, external domains: 127.0.0.1, api.cloudflare.com

Source & flagged code

4 flagged · loading source
dist/init/scaffold-app.jsView file
1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/init/scaffold-app.jsView on unpkg · L1
dist/resolve/resolve.jsView file
6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/resolve/resolve.jsView on unpkg · L6
dist/demo.jsView file
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/demo.jsView on unpkg · L29
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/demo.jsView on unpkg · L29

Findings

4 High3 Medium4 Low
HighChild Processdist/init/scaffold-app.js
HighShell
HighSame File Env Network Executiondist/demo.js
HighCommand Output Exfiltrationdist/demo.js
MediumDynamic Requiredist/resolve/resolve.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings