registry  /  @whalent/desktop-agent  /  0.3.223

@whalent/desktop-agent@0.3.223

Whalent cloud-desktop sidecar daemon (platform cloud image only)

AI Security Review

scanned 2d ago · by lpm-firewall-ai

Explicit CLI execution opens an authenticated WebSocket sidecar to the Whalent gateway. The gateway can request constrained desktop operations, including reading clipboard data and opening terminal/browser helpers.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User or platform entrypoint runs `whalent-desktop-agent` with a token.
Impact
A compromised or unauthorized gateway session could operate the cloud desktop and receive its clipboard contents.
Mechanism
Authenticated remote desktop-control sidecar using fixed local helper commands.
Rationale
No concrete install-time malware or covert payload chain is present, but the obfuscated remote desktop-control and clipboard-return capability is a real dangerous dual-use surface. Flag as warn rather than block because execution is explicit and helpers are constrained.
Evidence
package.jsonREADME.mddist/index.cjs/opt/whalent/desktop-agent
Network endpoints1
wss://memory.whalent.com/gw/sdk/ws

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.cjs` is deliberately obfuscated, hindering auditability.
  • CLI connects to `wss://memory.whalent.com/gw/sdk/ws` with its token in URL query parameters.
  • Gateway messages can invoke desktop actions including terminal, clipboard read/write, browser, and resize.
  • `clip_get` returns up to 256 KiB of clipboard text through command results.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
  • Entry is a user-invoked CLI/bin, not an import-time payload.
  • Local processes use fixed helpers (`whalent-desktop`, `whalent-resize`, `xclip`) with bounded parameters/timeouts.
  • No source evidence of remote payload download, arbitrary shell strings, filesystem harvesting, or persistence.
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTrivial
Manifest
NoLicense
scanned 1 file(s), 112 KB of source

Source & flagged code

3 flagged · loading source
dist/index.cjsView file
1#!/usr/bin/env node L2: 'use strict';const a0_0x441b53=a0_0x54d2;(function(_0x460220,_0x57b299){const _0x420928=a0_0x54d2,_0x14c9d9=_0x460220();while(!![]){try{const _0x7a74ea=-parseInt(_0x420928(0x116))/...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x441b53=a0_0x54d2;(function(_0x460220,_0x57b299){const _0x420928=a0_0x54d2,_0x14c9d9=_0x460220();while(!![]){try{const _0x7a74ea=-parseInt(_0x420928(0x116))/...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x441b53=a0_0x54d2;(function(_0x460220,_0x57b299){const _0x420928=a0_0x54d2,_0x14c9d9=_0x460220();while(!![]){try{const _0x7a74ea=-parseInt(_0x420928(0x116))/...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjsView on unpkg · L1

Findings

1 Critical3 High4 Medium4 Low
CriticalProtestware
HighSame File Env Network Executiondist/index.cjs
HighObfuscated Payload Loaderdist/index.cjs
HighObfuscated
MediumDynamic Requiredist/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowNo License