registry  /  @intentic/cli  /  1.90.0

@intentic/cli@1.90.0

AI Security Review

scanned 37m ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a deployment CLI with user-invoked scaffold, resolve, apply, adopt, demo, and tunnel commands that perform expected filesystem, SSH, Docker, Cloudflare, Forgejo, and webhook operations.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user execution of the intentic CLI command; no install-time trigger
Impact
Can modify local project scaffolds and remote deployment infrastructure when the user invokes commands with credentials, but no stealth exfiltration or unconsented execution was found.
Mechanism
User-directed deployment orchestration and project scaffolding
Rationale
Static inspection found powerful deployment primitives, but they are tied to explicit CLI subcommands and package purpose, with no lifecycle hook, import-time exfiltration, stealth persistence, or AI-agent control hijack. Scanner findings are explained by legitimate scaffolding, demo, resolve, and apply workflows.
Evidence
package.jsondist/cli.jsdist/app.jsdist/init/init.jsdist/init/scaffold-app.jsdist/resolve/resolve.jsdist/apply/apply.command.jsdist/adopt/adopt.command.jsdist/demo.jsintent/deploy.config.tsintent/package.jsonintent/tsconfig.jsonintent/.gitignoredesired-state/.gitignoredesired-state/.envdesired-state/.secrets.json.demo/state.jsonapp/package.jsonapp/server.jsapp/Dockerfileapp/.gitignore
Network endpoints5
api.cloudflare.com/client/v4/accounts/{accountId}/cfd_tunnel/{tunnelId}/connections${domain}127.0.0.1:${forgejoPort}127.0.0.1:${komodoPort}127.0.0.1:${appPort}

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/init/init.js runs git/pnpm and writes scaffold files, but only from explicit init command
  • dist/resolve/resolve.js dynamically imports user config path and reads Cloudflare token env for zone discovery
  • dist/demo.js can run docker/git-like commands, write .demo/desired-state files, and call Cloudflare/Forgejo APIs, but only via demo up/clear
  • dist/apply/apply.command.js posts to a user-supplied Discord webhook from resolved graph outputs
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • dist/cli.js only dispatches explicit CLI commands via @stricli/core
  • No import-time harvesting or outbound request observed in package entrypoints
  • Network endpoints are deployment/product-aligned: Cloudflare API, configured Forgejo/domain, local demo services, optional Discord webhook
  • No AI-agent control-surface writes or persistence outside user-requested deployment/scaffold flows found
  • File writes are scoped to user-selected project dirs, desired-state artifacts, known-hosts/secrets files, demo state, or remote deployment paths
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 36 file(s), 90.1 KB of source, external domains: 127.0.0.1, api.cloudflare.com

Source & flagged code

4 flagged · loading source
dist/init/scaffold-app.jsView file
1import { execFile } from "node:child_process"; L2: import { mkdir, writeFile } from "node:fs/promises";
High
Child Process

Package source references child process execution.

dist/init/scaffold-app.jsView on unpkg · L1
dist/resolve/resolve.jsView file
6export const loadIntent = async (configPath) => { L7: const loaded = (await import(pathToFileURL(resolve(configPath)).href)); L8: if (loaded.intent === undefined) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/resolve/resolve.jsView on unpkg · L6
dist/demo.jsView file
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L38: const cliEnv = { L39: ...process.env, L40: DEMO_DOH_ZONE: zone, ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/demo.jsView on unpkg · L29
29const komodoPort = config.demo.komodoPort; L30: const GIT_URL = `https://git.${zone}`; L31: const KOMODO_URL = `https://deploy.${zone}`; ... L33: const log = (message) => { L34: process.stdout.write(`${message}\n`); L35: }; ... L43: const run = (command, args, env = process.env) => new Promise((resolve, reject) => { L44: const child = spawn(command, args, { cwd: repoRoot, env, stdio: ["ignore", "inherit", "inherit"] }); L45: child.on("error", reject);
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/demo.jsView on unpkg · L29

Findings

4 High3 Medium4 Low
HighChild Processdist/init/scaffold-app.js
HighShell
HighSame File Env Network Executiondist/demo.js
HighCommand Output Exfiltrationdist/demo.js
MediumDynamic Requiredist/resolve/resolve.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings