registry  /  @whalent/agent  /  0.3.198

@whalent/agent@0.3.198

Stable wrapper for Whalent Agent core runtime

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed unconsented install-time or import-time compromise was found. The package exposes a powerful user-invoked agent daemon surface with gateway sync, terminal/process supervision, history import, and update behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm install runs preinstall version check; user invokes whalent CLI/daemon with token or gateway options
Impact
High-privilege runtime behavior if the user configures and runs the daemon, but no concrete malicious action established by source inspection.
Mechanism
obfuscated AI agent CLI/daemon wrapper with package-aligned remote management and update features
Rationale
Static inspection found obfuscation and powerful runtime capabilities, but the lifecycle hook is only a Node version check and the risky runtime behavior is disclosed and aligned with the package's agent daemon purpose. I did not find credential harvesting, persistence, destructive actions, or unconsented AI-agent control-surface mutation at install/import time.
Evidence
package.jsonscripts/preinstall-check.cjsREADME.mddist/index.cjsdist/core.cjs~/.whalent-agent/helpers/sqlite~/.whalent-agent
Network endpoints6
memory.whalent.comwss://memory.whalentregistry.npmjs.orgwss://your-server/gw/sdk/wsapi.openai.capi.anthropi

Decision evidence

public snapshot
AI called this Clean at 76.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/index.cjs and dist/core.cjs are deliberately obfuscated bundled CLI/runtime files.
  • dist/index.cjs runtime can run npm view/install to update wrapper/core and supervises spawned core process.
  • README.md states daemon accepts remote upgrade/restart commands via gateway.
  • dist/core.cjs references Codex/Claude history, sqlite helper, terminal/agent sync, and gateway events.
Evidence against
  • scripts/preinstall-check.cjs only checks Node major version; no network, fs writes, or credential access.
  • No install-time payload execution beyond package.json preinstall Node version guard.
  • Remote gateway, token, history import, helper cache, and auto_restart behavior are disclosed in README.md.
  • Network and process primitives align with declared Whalent AI agent/daemon CLI functionality.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 2 file(s), 303 KB of source, external domains: registry.npmjs.org
Oversized source lightweight scan
dist/core.cjs4.49 MB file, sampled 256 KB
EnvironmentVarsObfuscatedHighEntropyStringsMinified

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.preinstall = node scripts/preinstall-check.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @whalent/agent@0.3.197 matchedIdentity = npm:QHdoYWxlbnQvYWdlbnQ:0.3.197 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/index.cjsView on unpkg
1#!/usr/bin/env node L2: 'use strict';function a0_0x2ba6(){const _0x378597=['ls1Yzxn1Bwu','zM9YrwfJAa','Ahr0Chm6lY9YzwDPC3rYEs5UCg0','ls1Zyw5KyM94','j2vYCM9YjYWGkcKGpt4GzMLUAxm','ls1WBgf0zM9YBs11CMW','ls1O...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';function a0_0x2ba6(){const _0x378597=['ls1Yzxn1Bwu','zM9YrwfJAa','Ahr0Chm6lY9YzwDPC3rYEs5UCg0','ls1Zyw5KyM94','j2vYCM9YjYWGkcKGpt4GzMLUAxm','ls1WBgf0zM9YBs11CMW','ls1O...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjsView on unpkg · L1
dist/core.cjsView file
path = dist/core.cjs kind = oversized_source_file sizeBytes = 4704676 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/core.cjsView on unpkg
path = dist/core.cjs kind = oversized_cli_entrypoint sizeBytes = 4704676 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/core.cjsView on unpkg

Findings

1 Critical4 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderdist/index.cjs
HighObfuscated
HighOversized Source Filedist/core.cjs
MediumDynamic Requiredist/index.cjs
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/core.cjs
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License