AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface by static inspection. The package is an AI kernel/CLI with user-invoked provider networking, local mesh/MCP control, optional TUI installation, and checkpoint/config writes consistent with its stated functionality.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs CLI commands such as infinicode run, serve, mcp, mission, providers, or install-tui.
Impact
No evidence of unconsented install/import-time execution, credential harvesting, persistence, destructive behavior, or exfiltration.
Mechanism
user-invoked AI provider routing, local mesh/MCP server, optional TUI binary copy/download
Rationale
Static inspection found powerful AI-agent and mesh features, but they are explicit package functionality and require user-invoked CLI/MCP/TUI actions. There is no install-time/import-time payload, hidden credential collection, unauthorized control-surface mutation, or concrete exfiltration path.
Evidence
package.jsonbin/infinicode.jsdist/cli.jsdist/commands/run.jsdist/commands/install-tui.jsdist/kernel/mcp/mcp-server.jsdist/kernel/command-system.jsdist/kernel/verification-exec.js.opencode/plugins/mesh-commands.tsxdist/kernel/checkpoint-engine.jsdist/kernel/federation/node-identity.jsdist/kernel/federation/role-context.js.openkernel/checkpointsbin/infinicode-tui
Network endpoints10
localhost:11434127.0.0.1:47913api.groq.com/openaiopenrouter.ai/api/v1models.inference.ai.azure.comintegrate.api.nvidia.com/v1router.huggingface.co/v1generativelanguage.googleapis.com/v1betahtml.duckduckgo.com/html/api.telegram.org
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/postinstall hooks; prepublishOnly only runs build.
- bin/infinicode.js only imports dist/cli.js; CLI actions are user-invoked.
- dist/commands/run.js starts local mesh/gateway and injects OPENCODE_CONFIG_CONTENT for the TUI, aligned with package purpose.
- dist/commands/install-tui.js only downloads/copies a TUI binary when the explicit install-tui command is run with user-provided URL/path or known local paths.
- MCP/mesh tools in dist/kernel/mcp/mcp-server.js expose agent dispatch/role/goals only when user runs the mcp command.
- Network endpoints are AI/provider/local mesh endpoints used by the advertised AI execution kernel.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
1 flagged · loading sourcedist/commands/run.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = infinicode@2.3.4
matchedIdentity = npm:aW5maW5pY29kZQ:2.3.4
similarity = 0.975
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/commands/run.jsView on unpkgFindings
1 Critical3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/commands/run.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings