registry  /  @whalent/agent  /  0.3.200

@whalent/agent@0.3.200

Stable wrapper for Whalent Agent core runtime

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious install/import-time attack surface was established. The dangerous primitives are part of an explicitly named AI agent/daemon CLI and require user runtime invocation/configuration.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs only the Node-version preinstall check; agent behavior triggers when the whalent CLI is run.
Impact
Runtime can connect to configured services and operate agent/provider sessions, but no unconsented package-install attack was found.
Mechanism
package-aligned agent wrapper/core runtime
Rationale
Static inspection confirms obfuscated and powerful agent code, but the preinstall hook is limited to an environment check and the runtime capabilities are consistent with the package’s stated AI-agent purpose. I found no concrete unconsented credential theft, destructive action, persistence abuse, or lifecycle control-surface mutation.
Evidence
package.jsonscripts/preinstall-check.cjsdist/index.cjsdist/core.cjs

Decision evidence

public snapshot
AI called this Clean at 72.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/index.cjs and dist/core.cjs are deliberately obfuscated bundles.
  • dist/index.cjs runtime wrapper can install/update @whalent/agent and @whalent/agent-core via npm when invoked.
  • dist/core.cjs is a large AI-agent daemon/client with gateway, token, provider CLI, terminal, and remote command handling capabilities.
Evidence against
  • package.json preinstall only runs scripts/preinstall-check.cjs.
  • scripts/preinstall-check.cjs only checks Node major version and exits on Node <20.
  • No install-time credential harvesting, filesystem crawling, or exfiltration found.
  • Network use appears aligned with an agent product: npm registry probes/updates, provider APIs, gateway/platform URLs, websocket/SSH dependencies.
  • Sensitive env names such as WHALENT_TOKEN, OPENAI_API_KEY, and ANTHROPIC_API_KEY are used as runtime configuration for agent/provider operation.
Behavioral surface
Source
DynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 2 file(s), 303 KB of source, external domains: memory.whale, registry.npm, registry.npmjs.org
Oversized source lightweight scan
dist/core.cjs4.48 MB file, sampled 256 KB
EnvironmentVarsDynamicRequireObfuscatedHighEntropyStringsMinifiedUrlStringsmemory.whale

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.preinstall = node scripts/preinstall-check.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @whalent/agent@0.3.199 matchedIdentity = npm:QHdoYWxlbnQvYWdlbnQ:0.3.199 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.cjsView on unpkg
1#!/usr/bin/env node L2: 'use strict';const a0_0x330409=a0_0x1084;(function(_0x48bad9,_0x1b4b7b){const _0x30e800=a0_0x1084,_0x25d029=_0x48bad9();while(!![]){try{const _0x5d20cd=-parseInt(_0x30e800(0x28f))/...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x330409=a0_0x1084;(function(_0x48bad9,_0x1b4b7b){const _0x30e800=a0_0x1084,_0x25d029=_0x48bad9();while(!![]){try{const _0x5d20cd=-parseInt(_0x30e800(0x28f))/...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjsView on unpkg · L1
dist/core.cjsView file
path = dist/core.cjs kind = oversized_source_file sizeBytes = 4701825 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/core.cjsView on unpkg
path = dist/core.cjs kind = oversized_cli_entrypoint sizeBytes = 4701825 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/core.cjsView on unpkg

Findings

1 Critical4 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderdist/index.cjs
HighObfuscated
HighOversized Source Filedist/core.cjs
MediumDynamic Requiredist/index.cjs
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/core.cjs
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License