registry  /  @intentic/cli  /  1.89.0

@intentic/cli@1.89.0

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky primitives are CLI-aligned deployment/demo behavior requiring explicit user commands and user-provided credentials/config.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit intentic CLI commands such as init, resolve, apply, adopt, demo up, or demo clear.
Impact
Expected project scaffolding, infrastructure reconciliation, demo setup/teardown, and control-plane repo synchronization.
Mechanism
User-invoked deployment automation with git, pnpm, docker, SSH, Cloudflare, Forgejo, and optional webhook calls.
Rationale
Static inspection shows a deployment CLI with no lifecycle execution and no hidden credential harvesting or unsolicited exfiltration. Child process, dynamic import, env access, file writes, and network calls are tied to documented/user-invoked workflows and package-aligned providers.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/demo.jsdist/adopt/adopt.jsdist/adopt/adopt.command.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/desired-state.jsondesired-state/.env.exampledesired-state/.secrets.jsondesired-state/access.mdapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore.demo/state.json
Network endpoints3
api.cloudflare.com/client/v4github.com/actions/checkoutregistry.npmjs.org/

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks; bin is dist/cli.js only.
    • dist/cli.js only dispatches Stricli commands; no import-time payload beyond CLI startup.
    • dist/init/init.js and dist/init/scaffold-app.js run git/pnpm and write project scaffold files only when user invokes init.
    • dist/resolve/resolve.js dynamically imports the user config path and reads Cloudflare token from env for zone discovery.
    • dist/demo.js docker/SSH/Cloudflare actions are gated by explicit demo up/down/clear mode, not install/import.
    • dist/apply/apply.command.js posts only a user-configured Discord reconcile webhook after apply output.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 36 file(s), 90.1 KB of source, external domains: 127.0.0.1, api.cloudflare.com

    Source & flagged code

    4 flagged · loading source
    dist/init/scaffold-app.jsView file
    1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
    High
    Child Process

    Package source references child process execution.

    dist/init/scaffold-app.jsView on unpkg · L1
    dist/resolve/resolve.jsView file
    6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/resolve/resolve.jsView on unpkg · L6
    dist/demo.jsView file
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/demo.jsView on unpkg · L29
    29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/demo.jsView on unpkg · L29

    Findings

    4 High3 Medium4 Low
    HighChild Processdist/init/scaffold-app.js
    HighShell
    HighSame File Env Network Executiondist/demo.js
    HighCommand Output Exfiltrationdist/demo.js
    MediumDynamic Requiredist/resolve/resolve.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings