registry  /  @intentic/cli  /  1.77.0

@intentic/cli@1.77.0

AI Security Review

scanned 22h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is an infrastructure deployment CLI with network, secret, git, ssh, and process execution capabilities activated by explicit commands.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs intentic CLI commands such as init, resolve, apply, adopt, or demo script directly.
Impact
Can create local project files, run git/pnpm/docker/ssh operations, and call configured infrastructure APIs when explicitly invoked.
Mechanism
package-aligned deployment automation and project scaffolding
Rationale
Scanner findings map to expected CLI behavior for an intent-driven deployment tool and are not lifecycle-triggered or hidden. Source inspection found no unconsented control-surface mutation, exfiltration, persistence, or remote code execution beyond user-supplied config loading and explicit deployment commands.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/demo.jsdist/adopt/adopt.jsdist/secrets/secret-store.jsREADME.mdintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/desired-state.jsondesired-state/status.jsondesired-state/access.mddesired-state/.envdesired-state/.secrets.jsonapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore
Network endpoints3
api.cloudflare.com/client/v4/accounts/.../cfd_tunnel/.../connectionsgithub.com/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5registry.npmjs.org/

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle scripts; only bin intentic -> dist/cli.js.
    • dist/app.js wires user-invoked CLI commands only: init, resolve, plan, apply, adopt, restore, deployments, tunnels.
    • dist/init/init.js and dist/init/scaffold-app.js run git/pnpm and write scaffold files only during explicit init.
    • dist/resolve/resolve.js dynamically imports the user-provided deploy config and uses Cloudflare token only for zone discovery.
    • dist/apply/apply.command.js reads artifact/.env, reconciles declared infrastructure, writes status/access files, and optionally posts to a configured Discord webhook.
    • No AI-agent control-surface writes, persistence hooks, credential harvesting, or install/import-time execution found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 37 file(s), 89.3 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings