registry  /  @whalent/agent  /  0.3.201

@whalent/agent@0.3.201

Stable wrapper for Whalent Agent core runtime

AI Security Review

scanned 8d ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs whalent CLI, especially daemon mode with token/gateway configuration
Impact
Remote Whalent-controlled configs can start workers and issue upgrade/restart actions; agent may read/sync AI session state as part of product behavior.
Mechanism
remote-managed AI agent daemon with process spawning and local state writes
Policy narrative
The package does not use its npm lifecycle hook to hijack agent control surfaces; preinstall is a Node version gate. After explicit CLI use, the obfuscated runtime operates as a Whalent agent daemon, connects to a gateway, manages worker processes, performs updates, and integrates with Codex/Claude/opencode state. That is a high-risk agent capability but appears package-aligned and user-invoked rather than a covert install-time compromise.
Rationale
Static inspection supports warning for a dangerous, obfuscated remote-managed AI agent runtime, but not publish-block malware: the lifecycle hook is benign and no unconsented foreign/broad AI-agent control-surface mutation was confirmed. Scanner child_process/network/env findings are largely explained by the documented CLI daemon and provider integration behavior.
Evidence
package.jsonscripts/preinstall-check.cjsREADME.mddist/index.cjsdist/core.cjs~/.whalent-agent/helpers/sqlitedaemon.pid
Network endpoints5
memory.whalent.comwss://memory.whalent.comregistry.npmjs.orgapi.anthropic.comapi.openai.com

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/core.cjs is heavily obfuscated and oversized, limiting source auditability.
  • Runtime connects to Whalent gateway and README says daemon fetches configs, auto-starts workers, and accepts remote upgrade/restart commands.
  • dist/core.cjs references Codex/Claude/opencode integration, WebSocket, spawn/execFile, writeFileSync, rmSync, chmodSync, and WHALENT_* env controls.
  • dist/index.cjs supervises and auto-updates wrapper/core via npm/global package operations.
Evidence against
  • package.json preinstall only runs scripts/preinstall-check.cjs, which checks Node >=20 and exits on unsupported versions.
  • No install-time writes to Claude/Codex/Cursor/MCP control surfaces found; risky behavior is in user-invoked whalent CLI/runtime.
  • README documents Whalent Memory agent, token use, gateway connection, helper cache, and remote daemon behavior.
  • Network endpoints observed are package-aligned or provider endpoints: memory.whalent.com, registry.npmjs.org, Anthropic/OpenAI APIs.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 2 file(s), 303 KB of source, external domains: memory.whale, registry.npmjs.org
Oversized source lightweight scan
dist/core.cjs4.49 MB file, sampled 256 KB
EnvironmentVarsDynamicRequireObfuscatedHighEntropyStringsMinifiedUrlStringsmemory.whale

Source & flagged code

8 flagged · loading source
package.jsonView file
scripts.preinstall = node scripts/preinstall-check.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @whalent/agent@0.3.200 matchedIdentity = npm:QHdoYWxlbnQvYWdlbnQ:0.3.200 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.cjsView on unpkg
1#!/usr/bin/env node L2: 'use strict';const a0_0x270670=a0_0x575b;(function(_0x131d06,_0x62a58f){const _0x56bd46=a0_0x575b,_0x3c8f5e=_0x131d06();while(!![]){try{const _0x3e7717=-parseInt(_0x56bd46(0x121))/...
High
Child Process

Package source references child process execution.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x270670=a0_0x575b;(function(_0x131d06,_0x62a58f){const _0x56bd46=a0_0x575b,_0x3c8f5e=_0x131d06();while(!![]){try{const _0x3e7717=-parseInt(_0x56bd46(0x121))/...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x270670=a0_0x575b;(function(_0x131d06,_0x62a58f){const _0x56bd46=a0_0x575b,_0x3c8f5e=_0x131d06();while(!![]){try{const _0x3e7717=-parseInt(_0x56bd46(0x121))/...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjsView on unpkg · L1
dist/index.cjs#virtual:normalized:round1View file
1#!/usr/bin/env node L2: 'use strict';const a0_0x270670=a0_0x575b;(function(_0x131d06,_0x62a58f){const _0x56bd46=a0_0x575b,_0x3c8f5e=_0x131d06();while(!![]){try{const _0x3e7717=-parseInt(_0x56bd46(0x121))/...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjs#virtual:normalized:round1View on unpkg · L1
dist/core.cjsView file
path = dist/core.cjs kind = oversized_source_file sizeBytes = 4706427 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/core.cjsView on unpkg
path = dist/core.cjs kind = oversized_cli_entrypoint sizeBytes = 4706427 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/core.cjsView on unpkg

Findings

1 Critical6 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/index.cjs
HighSame File Env Network Executiondist/index.cjs#virtual:normalized:round1
HighObfuscated Payload Loaderdist/index.cjs
HighObfuscated
HighOversized Source Filedist/core.cjs
MediumDynamic Requiredist/index.cjs
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/core.cjs
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License