registry  /  infinicode  /  2.3.0

infinicode@2.3.0

OpenKernel — provider-agnostic AI execution kernel. Native coding agent + mission-driven execution runtime.

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an AI kernel/CLI with broad user-invoked network, MCP, mesh, browser, and binary-install capabilities, but inspected behavior matches its stated functionality and is not activated at install/import time.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs CLI commands such as infinicode run, install-tui, serve, mcp, or mission run.
Impact
Configured provider keys and tasks may be sent to user-configured providers or peers during normal operation; no unconsented package-time exfiltration or mutation confirmed.
Mechanism
User-invoked AI execution kernel and mesh control CLI
Rationale
Static inspection found powerful but package-aligned CLI/MCP/mesh features and no consumer lifecycle execution, hidden credential harvesting, or unconsented AI-agent control-surface mutation. The scanner's dangerous-delta concern is explained by user-invoked TUI launch and provider routing code rather than concrete malware.
Evidence
package.jsonbin/infinicode.jsdist/cli.jsdist/commands/run.jsdist/commands/install-tui.jsdist/commands/mcp.jsdist/commands/serve.jsdist/kernel/federation/federation.jsdist/kernel/federation/role-context.js.opencode/tui.json.opencode/plugins/routing-mode-display.tsx.openkernel/node-identity.json.openkernel/role.json.openkernel/checkpoints/*.jsonbin/infinicode-tui
Network endpoints8
localhost:11434generativelanguage.googleapis.com/v1betaapi.groq.com/openaiopenrouter.ai/api/v1models.inference.ai.azure.comintegrate.api.nvidia.com/v1router.huggingface.co/v1html.duckduckgo.com/html/

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/commands/install-tui.js can copy/download a TUI binary into package bin when user runs install-tui.
  • dist/commands/run.js spawns a resolved TUI binary and passes OPENCODE_CONFIG_CONTENT including configured provider keys.
  • dist/commands/serve.js and dist/commands/mcp.js expose user-invoked mesh/MCP task dispatch surfaces.
Evidence against
  • package.json has no install/postinstall hook; prepublishOnly is publisher-side only.
  • bin/infinicode.js only imports dist/cli.js; commands run through commander actions, not at import time.
  • Network calls are aligned with configured Ollama/cloud providers, user-supplied TUI URL, mesh peers, or documented plugins.
  • Persistent writes are scoped to config-driven runtime state such as .openkernel identity, role, checkpoints, and optional TUI install.
  • .opencode packaged plugins read config/display UI only; no control-surface writes or hidden reviewer/prompt manipulation found.
  • No credential harvesting or unsolicited exfiltration path found in inspected sources.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 79 file(s), 2.84 MB of source, external domains: aistudio.google.com, api.groq.com, api.telegram.org, build.nvidia.com, console.groq.com, generativelanguage.googleapis.com, github.com, html.duckduckgo.com, huggingface.co, integrate.api.nvidia.com, models.inference.ai.azure.com, opencode.ai, openrouter.ai, router.huggingface.co

Source & flagged code

1 flagged · loading source
dist/commands/run.jsView file
matchType = previous_version_dangerous_delta matchedPackage = infinicode@2.2.3 matchedIdentity = npm:aW5maW5pY29kZQ:2.2.3 similarity = 0.987 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/commands/run.jsView on unpkg

Findings

1 Critical3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/commands/run.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings