registry  /  @mintlify/cli  /  4.0.1293

@mintlify/cli@4.0.1293

The Mintlify CLI

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time attack surface. User-invoked CLI commands perform documentation setup, authentication, telemetry, and explicit self-update operations.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs mint/mintlify commands such as new, login, update, or other CLI commands.
Impact
Writes are limited to the selected project directory and ~/.config/mintlify; no foreign AI-agent control-surface mutation was found.
Mechanism
Package-aligned CLI network, keyring, project-file, and self-update operations.
Rationale
Static inspection shows a normal user-invoked Mintlify documentation CLI. The AI-targeted onboarding text is confined to the explicit new workflow and does not write or alter agent configuration.
Evidence
package.jsonbin/index.jssrc/init.tsxsrc/telemetry/track.tssrc/authenticatedFetch.tssrc/update.tsxbin/start.jssrc/templates.tsxsrc/login.tsxsrc/keyring.tssrc/config.tssrc/telemetry/distinctId.ts~/.config/mintlify/config.json~/.config/mintlify/anonymous-id
Network endpoints6
leaves.mintlify.comapp.mintlify.comph.mintlify.comapi.stytch.comapi.github.comgithub.com/mintlify/starter/archive/refs/heads/main.zip

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • src/init.tsx detects AI-like terminals and emits a <system-message> setup prompt.
  • src/telemetry/track.ts sends opt-outable command metadata to PostHog.
  • src/update.tsx can invoke npm/pnpm global update only through the explicit update command.
Evidence against
  • package.json has only a prepare build hook; no preinstall/install/postinstall execution.
  • bin/index.js launches its own start.js with argument-array spawn and no shell on non-Windows.
  • No source writes Claude, Cursor, Copilot, Git hooks, SSH, or other foreign agent-control paths.
  • Credentials are read from keytar or MINTLIFY_SESSION_TOKEN only to authenticate Mintlify API requests.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 82 file(s), 307 KB of source, external domains: a.com, api.github.com, api.stytch.com, app.mintlify.com, b.com, c.com, example.com, github.com, leaves.mintlify.com, mintlify.com, petstore3.swagger.io, ph.mintlify.com, swagger.io, tailwindcss.com, test.stytch.com, www.w3.org

Source & flagged code

1 flagged · loading source
bin/helpers.jsView file
18import yaml from 'js-yaml'; L19: import { execFile, execFileSync } from 'node:child_process'; L20: import { readFileSync } from 'node:fs'; ... L26: import { shutdownPostHog } from './telemetry/client.js'; L27: export const CMD_EXEC_PATH = process.cwd(); L28: export const checkPort = (argv) => __awaiter(void 0, void 0, void 0, function* () { ... L125: try { L126: const pkgPath = require.resolve(`${packageName}/package.json`); L127: const pkg = JSON.parse(readFileSync(pkgPath, 'utf8')); L128: return typeof pkg.version === 'string' ? pkg.version : undefined; ... L135: var _a; L136: if (packageName === void 0) { packageName = (_a = process.env.MINTLIFY_PACKAGE_NAME) !== null && _a !== void 0 ? _a : 'mint'; }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

bin/helpers.jsView on unpkg · L18

Findings

1 High3 Medium6 Low
HighSandbox Evasion Gated Capabilitybin/helpers.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings