registry  /  @intentic/cli  /  1.79.0

@intentic/cli@1.79.0

AI Security Review

scanned 22h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Risky primitives are tied to explicit deployment/demo CLI commands and user-provided infrastructure configuration, not install-time execution.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs intentic CLI commands such as init, resolve, apply, adopt, or demo
Impact
Can create local project files, run git/pnpm/docker, connect to SSH/Cloudflare/Forgejo, and manage generated deployment secrets as documented.
Mechanism
User-invoked infrastructure deployment and scaffolding
Rationale
Static inspection found deployment-oriented subprocess, dynamic import, secret, and network behavior, but all are activated by explicit CLI commands and align with the package's documented purpose. There are no lifecycle hooks, hidden persistence, credential harvesting/exfiltration, or AI-agent control-surface mutations.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/demo.jsdist/adopt/adopt.jsREADME.mdintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/.env.exampledesired-state/.secrets.jsondesired-state/status.jsondesired-state/access.mddesired-state/.known-hosts.jsonapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints4
api.cloudflare.com/client/v4/accounts/${cfZone.accountId}/cfd_tunnel/${tunnel.id}/connections${domain}127.0.0.1:${forgejoPort}127.0.0.1:${komodoPort}

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/resolve/resolve.js dynamically imports user-supplied deploy config via pathToFileURL
  • dist/init/init.js and dist/init/scaffold-app.js run git/pnpm during explicit init scaffolding
  • dist/demo.js combines Docker/git/SSH execution with Cloudflare API calls and writes demo state/secrets
  • dist/apply/apply.command.js can POST status to a user-provided discord reconcileWebhook
Evidence against
  • package.json has no npm lifecycle hooks; only bin is dist/cli.js
  • dist/cli.js only dispatches Stricli commands, no install/import-time behavior
  • README.md documents deployment CLI behavior, .env/.secrets.json handling, and user-invoked commands
  • Network access is deployment-aligned: Cloudflare, Forgejo, SSH, and optional webhook from artifacts/config
  • No writes to foreign AI-agent control surfaces, shell startup files, VCS hooks, or OS persistence found
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 89.7 KB of source, external domains: 127.0.0.1, api.cloudflare.com

Source & flagged code

4 flagged · loading source
dist/init/scaffold-app.jsView file
1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/init/scaffold-app.jsView on unpkg · L1
dist/resolve/resolve.jsView file
6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/resolve/resolve.jsView on unpkg · L6
dist/demo.jsView file
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/demo.jsView on unpkg · L29
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/demo.jsView on unpkg · L29

Findings

4 High3 Medium4 Low
HighChild Processdist/init/scaffold-app.js
HighShell
HighSame File Env Network Executiondist/demo.js
HighCommand Output Exfiltrationdist/demo.js
MediumDynamic Requiredist/resolve/resolve.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings