registry  /  @intentic/cli  /  1.82.0

@intentic/cli@1.82.0

AI Security Review

scanned 17h ago · by lpm-firewall-ai

No confirmed malicious attack surface; risky primitives are user-invoked deployment/demo CLI behavior. The package can create project scaffolds, run Docker/git, and call Cloudflare/Forgejo APIs when corresponding commands are run.

Static reason
One or more suspicious static signals were detected.
Trigger
explicit CLI/demo command invocation
Impact
user-authorized project/demo files, containers, and Cloudflare demo DNS/tunnel changes
Mechanism
deployment scaffolding and demo orchestration
Rationale
Static inspection shows a deployment-oriented CLI with powerful but explicit user-invoked workflows and no lifecycle execution, covert exfiltration, persistence, or foreign AI-agent control-surface mutation. Scanner signals are explained by legitimate demo/scaffold/resolve functionality.
Evidence
package.jsondist/cli.jsdist/demo.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsintent/deploy.config.tsdesired-state/desired-state.jsondesired-state/.env.demo/state.json
Network endpoints6
api.cloudflare.com/client/v4git.${zone}deploy.${zone}app.${zone}127.0.0.1:${forgejoPort}127.0.0.1:${komodoPort}

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/demo.js can run Docker, SSH, Forgejo and Cloudflare operations, including deleting demo tunnels/DNS on explicit clear.
  • dist/resolve/resolve.js dynamically imports a user config path and reads a Cloudflare token from env for zone discovery.
  • dist/init/scaffold-app.js shells out to git clone/init and writes starter app files when init scaffolding is invoked.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks; activation is via bin intentic or direct demo script only.
  • dist/cli.js only dispatches @stricli CLI commands, with no import-time side effects beyond running requested CLI.
  • Network endpoints are product-aligned Cloudflare/demo URLs and localhost services, not covert exfiltration endpoints.
  • No code found writing AI-agent control surfaces, shell startup files, VCS hooks, or persistence outside user-requested project/demo paths.
  • Command execution is tied to explicit scaffold/demo workflows and fixed tools like git/docker, not obfuscated payload execution.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 36 file(s), 90.1 KB of source, external domains: 127.0.0.1, api.cloudflare.com

Source & flagged code

4 flagged · loading source
dist/init/scaffold-app.jsView file
1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/init/scaffold-app.jsView on unpkg · L1
dist/resolve/resolve.jsView file
6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/resolve/resolve.jsView on unpkg · L6
dist/demo.jsView file
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/demo.jsView on unpkg · L29
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/demo.jsView on unpkg · L29

Findings

4 High3 Medium4 Low
HighChild Processdist/init/scaffold-app.js
HighShell
HighSame File Env Network Executiondist/demo.js
HighCommand Output Exfiltrationdist/demo.js
MediumDynamic Requiredist/resolve/resolve.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings