AI Security Review
scanned 16m ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a deployment CLI with explicit commands that scaffold repos, manage generated secrets, SSH/Docker resources, Forgejo repos, and Cloudflare tunnels/DNS.
Decision evidence
public snapshot- dist/demo.js can run docker/git/CLI commands and write desired-state/.env, .demo/state.json, and Cloudflare DNS/tunnels when invoked as demo up/clear.
- dist/resolve/resolve.js and dist/apply/apply.command.js read env secrets and call provider/network APIs for deployment workflows.
- dist/init/init.js runs git init and pnpm install during explicit intentic init scaffolding.
- package.json has no preinstall/install/postinstall lifecycle scripts; bin only dispatches CLI commands via dist/cli.js.
- dist/app.js exposes deployment-oriented commands; risky primitives are behind explicit user commands, not install/import time.
- dist/demo.js network and command execution are demo infrastructure actions using Docker, local services, Forgejo, SSH, and Cloudflare for package-aligned deployment.
- dist/resolve/resolve.js uses Cloudflare API token only to list zones for configured intent; no exfiltration sink found.
- dist/secrets/* stores generated secrets locally or on configured host paths for deployment state; no broad credential harvesting observed.
- No AI-agent control-surface writes or reviewer prompt manipulation found in inspected package files.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/init/scaffold-app.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/resolve/resolve.jsView on unpkg · L6A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/demo.jsView on unpkg · L29Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/demo.jsView on unpkg · L29