registry  /  infinicode  /  2.3.3

infinicode@2.3.3

OpenKernel — provider-agnostic AI execution kernel. Native coding agent + mission-driven execution runtime.

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is an AI kernel/CLI with user-invoked mesh, MCP, provider, verification, and optional TUI install capabilities.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs infinicode commands such as run, mcp, serve, mission, providers, or install-tui.
Impact
User-authorized agent tasks may contact configured providers, run configured verification commands, or write app configuration.
Mechanism
package-aligned AI agent CLI and MCP control surface
Rationale
Static source inspection found powerful but package-aligned AI agent, MCP, network, and command execution features gated behind explicit CLI/API use, with no install-time execution or hidden exfiltration. Scanner concern about recovery-manager.js is noisy: the file implements retry/escalation decisions and does not execute commands or mutate external control surfaces.
Evidence
package.jsonbin/infinicode.jsdist/cli.jsdist/commands/mcp.jsdist/kernel/mcp/mcp-server.jsdist/kernel/recovery-manager.jsdist/kernel/verification-exec.js.opencode/plugins/home-logo-animation.tsxdist/commands/install-tui.jsdist/kernel/checkpoint-engine.jsdist/kernel/federation/node-identity.jsdist/kernel/federation/role-context.js
Network endpoints9
localhost:11434generativelanguage.googleapis.com/v1betaapi.groq.com/openaiopenrouter.ai/api/v1models.inference.ai.azure.comintegrate.api.nvidia.com/v1router.huggingface.co/v1html.duckduckgo.com/html/api.telegram.org

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/kernel/mcp/mcp-server.js exposes user-invoked MCP tools for dispatch, slash commands, persistent role, and autonomy goals.
  • dist/kernel/verification-exec.js can spawn shell commands, but only via kernel verification flows.
  • dist/commands/install-tui.js can download/copy a TUI binary into bin/ when explicitly invoked.
Evidence against
  • package.json has no install/postinstall/prepare hook; only prepublishOnly builds before publishing.
  • bin/infinicode.js only imports dist/cli.js; CLI actions are command-driven.
  • dist/kernel/recovery-manager.js only classifies failures and chooses retry/provider/worker recovery decisions.
  • .opencode/plugins/home-logo-animation.tsx is a Solid UI animation plugin with no network, filesystem writes, or process execution.
  • Network use is aligned with configured Ollama/cloud providers, mesh peers, search/webhook plugins, or user-supplied install URL.
  • No credential harvesting, hidden exfiltration endpoint, persistence outside app config, or AI-agent config hijack found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 82 file(s), 2.89 MB of source, external domains: aistudio.google.com, api.groq.com, api.telegram.org, build.nvidia.com, console.groq.com, docs.sglang.ai, docs.vllm.ai, generativelanguage.googleapis.com, github.com, html.duckduckgo.com, huggingface.co, integrate.api.nvidia.com, lmstudio.ai, models.inference.ai.azure.com, opencode.ai, openrouter.ai, router.huggingface.co

Source & flagged code

1 flagged · loading source
dist/kernel/recovery-manager.jsView file
matchType = previous_version_dangerous_delta matchedPackage = infinicode@2.3.2 matchedIdentity = npm:aW5maW5pY29kZQ:2.3.2 similarity = 0.753 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/kernel/recovery-manager.jsView on unpkg

Findings

1 Critical3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/kernel/recovery-manager.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings