registry  /  @whalent/agent  /  0.3.199

@whalent/agent@0.3.199

Stable wrapper for Whalent Agent core runtime

AI Security Review

scanned 9d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was established. The package is an obfuscated remote AI-agent/daemon CLI with guarded but powerful runtime capabilities, including worker management, process spawning, state writes, and remote upgrade/restart commands after user configuration.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs whalent CLI with token or starts daemon; npm install only runs Node version check.
Impact
Potential high-impact agent lifecycle control if misconfigured or if the Whalent gateway/account is compromised, but behavior is disclosed and package-aligned.
Mechanism
Obfuscated remote agent daemon with child_process, network gateway, npm self/core upgrade, and local state management.
Policy narrative
At install, the package only verifies Node version. At runtime, a user-invoked Whalent daemon connects to Whalent Memory using a token, manages configured agent workers, stores local state under ~/.whalent-agent, can spawn local CLIs/helpers, and can accept remote restart/upgrade commands. This is a real control surface but appears central to the package’s stated purpose rather than a hidden malicious payload.
Rationale
Static inspection found dangerous runtime primitives and obfuscation, but the preinstall hook is benign and the powerful behavior is documented, user-invoked, and aligned with a remote AI-agent daemon. The remaining concern is lifecycle/control-surface risk from an obfuscated agent runtime, so warn rather than block.
Evidence
package.jsonscripts/preinstall-check.cjsREADME.mddist/index.cjsdist/core.cjs~/.whalent-agent/profiles~/.whalent-agent/core-upgrade.json~/.whalent-agent/helpers/sqlite
Network endpoints4
memory.whalent.comregistry.npmjs.orgapi.openai.comclaude.ai

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.cjs and dist/core.cjs are heavily obfuscated; core bundle is 4.7 MB.
  • Runtime uses child_process spawn/spawnSync to probe registries, locate CLIs, run npm view/install, and manage agent workers.
  • Runtime writes state under ~/.whalent-agent, including core-upgrade.json and crash/pid state.
  • README says the daemon connects to Whalent Memory, auto-starts configured workers, and accepts remote upgrade/restart commands.
Evidence against
  • scripts/preinstall-check.cjs only checks Node major version and exits on unsupported Node <20.
  • Network behavior is package-aligned: Whalent gateway/platform, npm registry probing/install, OpenAI/Claude provider support, and helper downloads described in README.
  • No install-time credential harvesting, shell curl/wget payload fetch, destructive action, or unconsented AI-agent control-surface mutation was confirmed.
  • CLI requires user runtime action such as whalent --token; high-risk behavior is not triggered by import or preinstall.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 2 file(s), 303 KB of source, external domains: registry.npm, registry.npmjs.org
Oversized source lightweight scan
dist/core.cjs4.49 MB file, sampled 256 KB
EnvironmentVarsDynamicRequireObfuscatedHighEntropyStringsMinified

Source & flagged code

8 flagged · loading source
package.jsonView file
scripts.preinstall = node scripts/preinstall-check.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @whalent/agent@0.3.198 matchedIdentity = npm:QHdoYWxlbnQvYWdlbnQ:0.3.198 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.cjsView on unpkg
1#!/usr/bin/env node L2: 'use strict';const a0_0x1048c=a0_0x3f3c;(function(_0x2d01ff,_0x53d573){const _0x3dc577=a0_0x3f3c,_0x2268cb=_0x2d01ff();while(!![]){try{const _0x18f610=parseInt(_0x3dc577(0x287))/0x...
High
Child Process

Package source references child process execution.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x1048c=a0_0x3f3c;(function(_0x2d01ff,_0x53d573){const _0x3dc577=a0_0x3f3c,_0x2268cb=_0x2d01ff();while(!![]){try{const _0x18f610=parseInt(_0x3dc577(0x287))/0x...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x1048c=a0_0x3f3c;(function(_0x2d01ff,_0x53d573){const _0x3dc577=a0_0x3f3c,_0x2268cb=_0x2d01ff();while(!![]){try{const _0x18f610=parseInt(_0x3dc577(0x287))/0x...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjsView on unpkg · L1
dist/index.cjs#virtual:normalized:round1View file
1#!/usr/bin/env node L2: 'use strict';const a0_0x1048c=a0_0x3f3c;(function(_0x2d01ff,_0x53d573){const _0x3dc577=a0_0x3f3c,_0x2268cb=_0x2d01ff();while(!![]){try{const _0x18f610=parseInt(_0x3dc577(0x287))/0x...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjs#virtual:normalized:round1View on unpkg · L1
dist/core.cjsView file
path = dist/core.cjs kind = oversized_source_file sizeBytes = 4704873 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/core.cjsView on unpkg
path = dist/core.cjs kind = oversized_cli_entrypoint sizeBytes = 4704873 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/core.cjsView on unpkg

Findings

1 Critical6 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/index.cjs
HighSame File Env Network Executiondist/index.cjs#virtual:normalized:round1
HighObfuscated Payload Loaderdist/index.cjs
HighObfuscated
HighOversized Source Filedist/core.cjs
MediumDynamic Requiredist/index.cjs
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/core.cjs
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License