registry  /  @mintlify/cli  /  4.0.1283

@mintlify/cli@4.0.1283

The Mintlify CLI

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Mintlify CLI that performs user-invoked auth, telemetry, docs validation, template download, update, and local preview actions.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs mint/mintlify CLI commands
Impact
Expected CLI behavior; no unauthorized install-time execution or exfiltration identified
Mechanism
User-invoked CLI network/auth/filesystem operations
Rationale
Static source inspection shows a normal Mintlify CLI with package-aligned network/auth/telemetry behavior activated by user commands, while the only lifecycle script is a build-time prepare script. Suspicious primitives are explained by CLI functionality and no concrete malicious chain remains.
Evidence
package.jsonbin/index.jsbin/start.jsbin/cli.jsbin/helpers.jsbin/config.jsbin/keyring.jsbin/authenticatedFetch.jsbin/login.jsbin/tokenRefresh.jsbin/telemetry/client.jsbin/telemetry/track.js~/.config/mintlify/config.jsondocs.jsonmint.jsonstarter.zipexport.zip
Network endpoints7
leaves.mintlify.comapp.mintlify.comapi.stytch.com/v1/public/project-live-731b7a04-9ac3-4923-90b8-0806d4aa29d4/oauth2/tokentest.stytch.com/v1/public/project-test-2d86347b-dfdb-4609-be69-12d8146220bd/oauth2/tokenph.mintlify.comapi.github.com/repos/mintlify/templates/contents/github.com/mintlify/starter/archive/refs/heads/main.zip

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/index.js spawns bin/start.js at CLI runtime with inherited stdio/env
  • bin/helpers.js can run npm view/install helpers for explicit update flow
  • bin/telemetry/track.js records command telemetry including os/arch/node and is_ai_agent
  • bin/keyring.js stores/reads Mintlify OAuth tokens via keytar for login flows
Evidence against
  • package.json has only prepare build script, no install/postinstall hook
  • bin/index.js passes argv as spawn array without shell
  • Network calls are Mintlify/Stytch/PostHog/GitHub endpoints for CLI auth, telemetry, templates, status, update
  • Credential use is scoped to Mintlify login/authenticatedFetch, no broad env/file harvesting found
  • Writes are expected config/docs/template/export files under CLI commands, not stealth persistence
  • No eval/vm/Function, obfuscated payload, reviewer prompt injection, or AI-agent control-surface mutation found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 82 file(s), 307 KB of source, external domains: a.com, api.github.com, api.stytch.com, app.mintlify.com, b.com, c.com, example.com, github.com, leaves.mintlify.com, mintlify.com, petstore3.swagger.io, ph.mintlify.com, swagger.io, tailwindcss.com, test.stytch.com, www.w3.org

Source & flagged code

1 flagged · loading source
bin/helpers.jsView file
18import yaml from 'js-yaml'; L19: import { execFile, execFileSync } from 'node:child_process'; L20: import { readFileSync } from 'node:fs'; ... L26: import { shutdownPostHog } from './telemetry/client.js'; L27: export const CMD_EXEC_PATH = process.cwd(); L28: export const checkPort = (argv) => __awaiter(void 0, void 0, void 0, function* () { ... L125: try { L126: const pkgPath = require.resolve(`${packageName}/package.json`); L127: const pkg = JSON.parse(readFileSync(pkgPath, 'utf8')); L128: return typeof pkg.version === 'string' ? pkg.version : undefined; ... L135: var _a; L136: if (packageName === void 0) { packageName = (_a = process.env.MINTLIFY_PACKAGE_NAME) !== null && _a !== void 0 ? _a : 'mint'; }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/helpers.jsView on unpkg · L18

Findings

1 High3 Medium6 Low
HighSandbox Evasion Gated Capabilitybin/helpers.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings