registry  /  @whalent/desktop-agent  /  0.3.228

@whalent/desktop-agent@0.3.228

Whalent cloud-desktop sidecar daemon (platform cloud image only)

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The CLI is a persistent remote desktop sidecar. A gateway command can invoke limited desktop helpers and retrieve clipboard content. No install-time attack behavior is present.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User or platform starts `whalent-desktop-agent` with `--token` or `WHALENT_TOKEN`.
Impact
A party controlling the configured gateway can operate the hosted desktop helpers and receive clipboard contents.
Mechanism
Authenticated WebSocket-controlled desktop helper and clipboard operations.
Rationale
This is a risky remote-desktop control capability, but its observed network and subprocess behavior is aligned with the documented cloud-desktop sidecar role rather than a concrete malicious chain. Obfuscation and clipboard exfiltration capability warrant a warning instead of a block.
Evidence
dist/index.cjspackage.jsonREADME.md

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/index.cjs` is deliberately obfuscated, impeding audit.
  • Runtime opens a persistent authenticated WebSocket and accepts remote `cmd` messages.
  • `desktop.exec` permits remote browser, terminal, resize, and clipboard actions.
  • Clipboard reads return up to 256 KB through the gateway.
  • `child_process.spawn` launches fixed platform helpers and `xclip`.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • `dist/index.cjs` starts only as the declared CLI entrypoint.
  • Remote commands are restricted to an explicit action allowlist.
  • Spawned programs and resize dimensions are fixed/validated; no shell or eval path found.
  • No package-file harvesting, arbitrary file writes, payload download, or agent-config mutation found.
Behavioral surface
Source
CryptoDynamicRequireEnvironmentVarsNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTrivial
Manifest
NoLicense
scanned 1 file(s), 112 KB of source

Source & flagged code

4 flagged · loading source
dist/index.cjsView file
1#!/usr/bin/env node L2: 'use strict';const a0_0x6402a0=a0_0x1197;(function(_0x54cb31,_0x5b1224){const _0x1de5e6=a0_0x1197,_0x43d55b=_0x54cb31();while(!![]){try{const _0x1f83aa=-parseInt(_0x1de5e6(0x23f))/...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x6402a0=a0_0x1197;(function(_0x54cb31,_0x5b1224){const _0x1de5e6=a0_0x1197,_0x43d55b=_0x54cb31();while(!![]){try{const _0x1f83aa=-parseInt(_0x1de5e6(0x23f))/...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x6402a0=a0_0x1197;(function(_0x54cb31,_0x5b1224){const _0x1de5e6=a0_0x1197,_0x43d55b=_0x54cb31();while(!![]){try{const _0x1f83aa=-parseInt(_0x1de5e6(0x23f))/...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.cjsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const a0_0x6402a0=a0_0x1197;(function(_0x54cb31,_0x5b1224){const _0x1de5e6=a0_0x1197,_0x43d55b=_0x54cb31();while(!![]){try{const _0x1f83aa=-parseInt(_0x1de5e6(0x23f))/...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.cjsView on unpkg · L1

Findings

1 Critical3 High4 Medium5 Low
CriticalProtestware
HighSame File Env Network Executiondist/index.cjs
HighObfuscated Payload Loaderdist/index.cjs
HighObfuscated
MediumDynamic Requiredist/index.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/index.cjs
LowHigh Entropy Strings
LowNo License