registry  /  @wave-ai-os/wave-cli  /  0.1.58

@wave-ai-os/wave-cli@0.1.58

Machine-first CLI used by a Node LangGraph agent to execute semantic Wave operations against the Rails API.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The install hook is a narrowly scoped local-bin symlink helper, while network and credential actions are activated by explicit CLI/auth commands.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or explicit `wave` CLI commands
Impact
No unconsented exfiltration, persistence, AI-agent control-surface mutation, or remote payload execution established.
Mechanism
local development bin symlink plus user-configured authenticated GraphQL CLI
Rationale
Static signals are explained by normal CLI authentication, configurable API requests, and an install-time local-bin helper. Source inspection found no concrete malicious chain or unconsented foreign AI-agent configuration mutation.
Evidence
package.jsonscripts/postinstall-local-bin.mjsdist/index.jsREADME.mdnode_modules/.bin/wavenode_modules/.bin/wave-cli~/.wave/auth-token.json~/.wave/config.json

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `scripts/postinstall-local-bin.mjs` only recreates local `wave`/`wave-cli` symlinks when both `node_modules/.bin` and `dist/index.js` exist.
    • `dist/index.js` sends authenticated GraphQL requests only to an explicit flag/env/config base URL; no fixed covert endpoint is present.
    • Credential storage is tied to explicit `login`/`logout` flows and uses macOS Keychain or `~/.wave` files with mode 0600.
    • Local content reads require an explicit `--file` argument or stdin; no broad filesystem harvesting is present.
    • No eval/vm, dynamic module loading, native payload loading, or arbitrary shell execution was found.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStrings
    Manifest
    NoLicense
    scanned 5 file(s), 1.16 MB of source

    Source & flagged code

    1 flagged · loading source
    package.jsonView file
    scripts.postinstall = node scripts/postinstall-local-bin.mjs
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg

    Findings

    1 High3 Medium4 Low
    HighInstall Time Lifecycle Scriptspackage.json
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowNo License