registry  /  @intentic/cli  /  1.88.0

@intentic/cli@1.88.0

AI Security Review

scanned 13h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Risky primitives are aligned with an infrastructure deployment CLI and are activated by explicit commands, not package installation or import.

Static reason
One or more suspicious static signals were detected.
Trigger
User-invoked intentic CLI commands such as init, resolve, apply, adopt, demo.
Impact
Can write project deployment files and operate configured Cloudflare/Forgejo/SSH resources when the user runs the relevant command with credentials.
Mechanism
Deployment scaffolding, local secret storage, SSH/provider reconciliation, and optional webhook notification.
Rationale
Static source inspection shows no install-time execution, credential harvesting/exfiltration, persistence, or AI-agent control hijack. The scanner findings map to explicit deployment/demo functionality expected for this CLI.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/demo.jsdist/secrets/secret-store.jsdist/lib/artifact.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsondesired-state/desired-state.jsondesired-state/.env.exampledesired-state/.secrets.jsondesired-state/status.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfile
Network endpoints4
api.cloudflare.com/client/v4/accounts/${cfZone.accountId}/cfd_tunnel/${tunnel.id}/connections${domain}127.0.0.1:${forgejoPort}reconcileWebhook from result.outcome.outputs.discord.reconcileWebhook

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has bin but no preinstall/install/postinstall/prepare lifecycle hooks.
    • dist/cli.js only dispatches user-invoked @stricli commands.
    • dist/init/init.js writes intent/, desired-state/, and app/ scaffolding and runs git/pnpm only during init command.
    • dist/resolve/resolve.js imports the user config path and uses Cloudflare token only for zone discovery.
    • dist/demo.js Docker/SSH/Cloudflare actions are demo command behavior, not install/import-time execution.
    • Search found no MCP, CLAUDE, Codex, Cursor, or other AI-agent control-surface writes.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 36 file(s), 90.1 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings