AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was established. The package is an obfuscated remote AI-agent/daemon CLI with guarded but powerful runtime capabilities, including worker management, process spawning, state writes, and remote upgrade/restart commands after user configuration.
Decision evidence
public snapshot- dist/index.cjs and dist/core.cjs are heavily obfuscated; core bundle is 4.7 MB.
- Runtime uses child_process spawn/spawnSync to probe registries, locate CLIs, run npm view/install, and manage agent workers.
- Runtime writes state under ~/.whalent-agent, including core-upgrade.json and crash/pid state.
- README says the daemon connects to Whalent Memory, auto-starts configured workers, and accepts remote upgrade/restart commands.
- scripts/preinstall-check.cjs only checks Node major version and exits on unsupported Node <20.
- Network behavior is package-aligned: Whalent gateway/platform, npm registry probing/install, OpenAI/Claude provider support, and helper downloads described in README.
- No install-time credential harvesting, shell curl/wget payload fetch, destructive action, or unconsented AI-agent control-surface mutation was confirmed.
- CLI requires user runtime action such as whalent --token; high-risk behavior is not triggered by import or preinstall.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.cjsView on unpkgSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.cjsView on unpkg · L1Package source references dynamic require/import behavior.
dist/index.cjsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.cjs#virtual:normalized:round1View on unpkg · L1Package contains source files above the static scanner size ceiling.
dist/core.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/core.cjsView on unpkg