registry  /  getwayland  /  0.11.14

getwayland@0.11.14

Self-host Wayland - your always-on AI agent - on any Linux box or VPS. Headless web server, reachable from your phone.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The package has an install-time native payload fetch. It downloads a package-aligned Wayland Core engine from GitHub releases into its own payload tree; no source evidence shows credential exfiltration or foreign AI-agent control-surface mutation.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install postinstall lifecycle; later user-invoked wayland start may run the fetched engine
Impact
Supply-chain risk from install-time remote binary acquisition, but no confirmed malicious behavior in inspected source.
Mechanism
unverified lifecycle download and extraction of native engine
Attack narrative
On install, postinstall.mjs detects the platform, downloads a Wayland Core release tarball from FerroxLabs GitHub, extracts an engine binary, chmods it executable, and stores it under the package payload. The CLI later starts the bundled server with bun and reads ~/.wayland-server/wayland.env. This is a real lifecycle native-binary supply-chain risk, but inspected source does not show exfiltration, destructive behavior, or unconsented mutation of foreign agent config.
Rationale
Source inspection supports a warn-level lifecycle payload risk, not a concrete malicious verdict. The dangerous primitives are mostly package-aligned and user-invoked, except the unverified install-time engine fetch.
Evidence
package.jsonscripts/postinstall.mjsbin/wayland.mjspayload/dist-server/server.mjspayload/dist-server/skills/moltbook/SKILL.mdpayload/.wcore-tmppayload/resources/bundled-wayland-core/<platform-arch>/wayland-core~/.wayland-server/wayland.env/tmp/wayland.service
Network endpoints4
github.com/FerroxLabs/wayland-core/releases/download/v0.12.23/api.fluxrouter.ai/v1fluxrouter.aibun.sh/install

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.mjs
  • scripts/postinstall.mjs downloads wayland-core tar.gz from GitHub releases during npm install
  • scripts/postinstall.mjs extracts and chmods a native engine into payload/resources/bundled-wayland-core/<platform-arch>/wayland-core without hash verification
Evidence against
  • bin/wayland.mjs setup/start/resetpass are explicit CLI subcommands, not import-time actions
  • bin/wayland.mjs stores user-pasted provider keys only in ~/.wayland-server/wayland.env with mode 0600
  • bin/wayland.mjs stages systemd unit only after interactive opt-in and writes /tmp/wayland.service, requiring user sudo commands
  • No lifecycle writes to Claude/Codex/Cursor/MCP foreign control surfaces found
  • Bundled MCP/skills content appears inside package payload and first-party Wayland app resources
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
CopyleftLicense
scanned 550 file(s), 23.4 MB of source, external domains: 100.100.100.200, 127.0.0.1, 169.254, 169.254.169.254, 192.168.1.100, account.box.com, account.mapbox.com, account.microsoft.com, admin.atlassian.com, admin.google.com, admin.typeform.com, ai.todoist.net, airtable.com, aistudio.google.com, api-dashboard.search.brave.com, api.cal.com, api.dashboard.plaid.com, api.fluxrouter.ai, api.githubcopilot.com, api.raindrop.io, api.ref.tools, api.slack.com, api.typeform.com, api.you.com, app.agentmail.to, app.attio.com, app.axiom.co, app.box.com, app.cal.com, app.circleci.com, app.element.io, app.hubspot.com, app.linkup.so, app.netlify.com, app.pagerduty.com, app.pinecone.io, app.raindrop.io, app.snyk.io, app.tavily.com, app.terraform.io, appleid.apple.com, asana.com, attio.com, aws.amazon.com, awslabs.github.io, axiom.co, bfl.ai, bluebubbles.app, brave.com, browser.sentry-cdn.com
Oversized source lightweight scan
payload/dist-server/builtin-mcp-image-gen.js19.6 MB file, sampled 256 KB
FilesystemNetworkEnvironmentVarsHighEntropyStringsUrlStrings100.100.100.200169.254169.254.169.254example.comgetwayland.commetadata.google.internal
payload/dist-server/builtin-mcp-search-skills.js3.54 MB file, sampled 256 KB
FilesystemChildProcessEvalCryptoHighEntropyStringsUrlStringsexample.comgithub.comraw.githubusercontent.com
payload/dist-server/gemini.js28.1 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellHighEntropyStringsUrlStringsaistudio.google.comgithub.comgoo.gle
payload/dist-server/server.mjs69.1 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsShell
payload/out/renderer/assets/index-k1Pwb0sb.js3.97 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsMinified

Source & flagged code

27 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
payload/out/renderer/assets/index-CPqvQHaG.jsView file
10patternName = generic_password severity = medium line = 10 matchedText = Reason: ...ion.
Medium
Secret Pattern

Package contains a possible secret pattern.

payload/out/renderer/assets/index-CPqvQHaG.jsView on unpkg · L10
bin/wayland.mjsView file
15*/ L16: import { spawn, spawnSync } from 'node:child_process'; L17: import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
High
Child Process

Package source references child process execution.

bin/wayland.mjsView on unpkg · L15
111function has(cmd) { L112: return spawnSync(process.platform === 'win32' ? 'where' : 'which', [cmd], { stdio: 'ignore' }).status === 0; L113: } ... L120: /** Resolve the bun executable: PATH first, then ~/.bun/bin. Relying on `which L121: * bun` alone made `wayland setup` report "bun install failed" right after a L122: * clean install, and the systemd service die with "bun runtime not found",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/wayland.mjsView on unpkg · L111
12* an OpenAI-compatible endpoint, so a Flux key is wired as the OpenAI provider L13: * pointed at https://api.fluxrouter.ai/v1 with model flux-auto - no wcore binary L14: * required. (wcore, if present, is fetched by postinstall as an enhancement.) L15: */ L16: import { spawn, spawnSync } from 'node:child_process'; L17: import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'; ... L25: const SERVER = join(PAYLOAD, 'dist-server', 'server.mjs'); L26: const DATA_DIR = process.env.DATA_DIR || join(homedir(), '.wayland-server'); L27: const ENV_FILE = join(DATA_DIR, 'wayland.env'); ... L47: if (!_rl) { L48: _rl = createInterface({ input: process.stdin, output: process.stdout }); L49: _rl.on('close', () => { _stdinEnded = true; });
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/wayland.mjsView on unpkg · L12
payload/out/renderer/assets/vendor-highlight-DCaI2S3e.jsView file
8`?F.useBR?"<br>":w:F.tabReplace?w.replace(/\t/g,F.tabReplace):w):h}function vi(h,w,Q){const oe=w?M[w]:Q;h.classList.add("hljs"),oe&&h.classList.add(oe)}const Ii={"before:highlightE... L9: `))},"after:highlightElement":({result:h})=>{F.useBR&&(h.value=h.value.replace(/\n/g,"<br>"))}},Ai=/^(<[^>]+>|\t)+/gm,yi={"after:highlightElement":({result:h})=>{F.tabReplace&&(h.v... L10: ]`,`[\\[\\]\\.,\\+\\-<> \r
High
Shell

Package source references shell execution.

payload/out/renderer/assets/vendor-highlight-DCaI2S3e.jsView on unpkg · L8
payload/out/renderer/assets/whisperWorker-yk8fSaV0.jsView file
6${F} L7: }`,m=new Function(Object.keys(P),F)(...Object.values(P)),F=`methodCaller<(${b.map(V=>V.name)}) => ${g.name}>`,TI(Object.defineProperty(m,"name",{value:F}))}function PI(u,f){return ... L8: `),r)}p.validationMode&&_r(o,"validationMode",p.validationMode,r)}let _=Se().webgpuRegisterDevice(h);if(_){let[p,w,v]=_;_r(o,"deviceId",p.toString(),r),_r(o,"webgpuInstance",w.toSt...
Low
Eval

Package source references a known benign dynamic code generation pattern.

payload/out/renderer/assets/whisperWorker-yk8fSaV0.jsView on unpkg · L6
payload/dist-server/builtin-mcp-concierge-diag.jsView file
1224// validation function arguments L1225: data: new codegen_1.Name("data"), L1226: // data passed to validation function ... L2251: id = normalizeId(id); L2252: return resolver.resolve(baseId, id); L2253: } ... L3114: for (i = 0; i < input.length; i++) { L3115: code = input[i].charCodeAt(0); L3116: if (code === 48) { ... L26646: var StdioServerTransport = class { L26647: constructor(_stdin = import_node_process.default.stdin, _stdout = import_node_process.default.stdout) { L26648: this._stdin = _stdin;
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L1224
6var __hasOwnProp = Object.prototype.hasOwnProperty; L7: var __commonJS = (cb, mod) => function __require() { L8: return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

payload/dist-server/builtin-mcp-concierge-diag.jsView on unpkg · L6
payload/dist-server/wasm/tree-sitter.wasmView file
path = payload/dist-server/wasm/tree-sitter.wasm kind = wasm_module sizeBytes = 205488 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

payload/dist-server/wasm/tree-sitter.wasmView on unpkg
payload/dist-server/skills/_builtin/skill-creator/scripts/init_skill.pyView file
path = payload/dist-server/skills/_builtin/skill-creator/scripts/init_skill.py kind = build_helper sizeBytes = 10863 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

payload/dist-server/skills/_builtin/skill-creator/scripts/init_skill.pyView on unpkg
payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView file
path = payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptx kind = high_entropy_blob sizeBytes = 13928 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkg
path = payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptx kind = compressed_blob sizeBytes = 13928 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkg
path = payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptx kind = nested_archive_needs_inspection sizeBytes = 13928 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

payload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptxView on unpkg
payload/dist-server/gemini.jsView file
path = payload/dist-server/gemini.js kind = oversized_source_file sizeBytes = 29459435 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

payload/dist-server/gemini.jsView on unpkg
payload/out/renderer/assets/useConversationCommandQueue-DiO_Vox1.jsView file
matchType = previous_version_dangerous_delta matchedPackage = getwayland@0.11.13 matchedIdentity = npm:Z2V0d2F5bGFuZA:0.11.13 similarity = 0.767 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

payload/out/renderer/assets/useConversationCommandQueue-DiO_Vox1.jsView on unpkg
payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.mdView file
107patternName = generic_password severity = medium line = 107 matchedText = query = ...d}'"
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.mdView on unpkg · L107
payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.mdView file
94patternName = generic_password severity = medium line = 94 matchedText = password... USE
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.mdView on unpkg · L94
payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.mdView file
328patternName = generic_password severity = medium line = 328 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.mdView on unpkg · L328
payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.mdView file
167patternName = generic_password severity = medium line = 167 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.mdView on unpkg · L167
payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.mdView file
64patternName = generic_password severity = medium line = 64 matchedText = password...RD}"
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.mdView on unpkg · L64
payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.mdView file
150patternName = generic_password severity = medium line = 150 matchedText = const ch...rd";
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.mdView on unpkg · L150
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView file
78patternName = generic_password severity = medium line = 78 matchedText = password...THIS
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L78
108patternName = generic_password severity = medium line = 108 matchedText = password...THIS
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.mdView on unpkg · L108
payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.mdView file
76patternName = private_key_rsa severity = critical line = 76 matchedText = PRIVATE_...----
Critical
Secret Pattern

RSA private key in payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.mdView on unpkg · L76
payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.mdView file
290patternName = generic_password severity = medium line = 290 matchedText = When the...ext.
Medium
Secret Pattern

Hardcoded password in payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.md

payload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.mdView on unpkg · L290

Findings

2 Critical7 High19 Medium9 Low
CriticalPrevious Version Dangerous Deltapayload/out/renderer/assets/useConversationCommandQueue-DiO_Vox1.js
CriticalSecret Patternpayload/src/process/resources/skills-library/bodies/skills/devops-cloud/env-file-manager/SKILL.md
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/wayland.mjs
HighShellpayload/out/renderer/assets/vendor-highlight-DCaI2S3e.js
HighCloud Metadata Accesspayload/dist-server/builtin-mcp-concierge-diag.js
HighRuntime Package Installbin/wayland.mjs
HighShips High Entropy Blobpayload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptx
HighOversized Source Filepayload/dist-server/gemini.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumSecret Patternpayload/out/renderer/assets/index-CPqvQHaG.js
MediumDynamic Requirepayload/dist-server/builtin-mcp-concierge-diag.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/wayland.mjs
MediumShips Wasm Modulepayload/dist-server/wasm/tree-sitter.wasm
MediumShips Build Helperpayload/dist-server/skills/_builtin/skill-creator/scripts/init_skill.py
MediumShips Compressed Blobpayload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptx
MediumStructural Risk Force Deep Review
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/security/security-auditor/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/security/application-secrets-security/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/backend-systems/supabase-builder/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/testing-quality/load-tester/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/data-engineering/data-catalog-builder/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/hobbies-crafts/electronics-hobbyist/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/devops-cloud/secrets-manager/SKILL.md
MediumSecret Patternpayload/src/process/resources/skills-library/bodies/skills/writing/technical-blog-post/SKILL.md
LowScripts Present
LowEvalpayload/out/renderer/assets/whisperWorker-yk8fSaV0.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNested Archive Needs Inspectionpayload/dist-server/skills/morph-ppt/reference/styles/warm--brand-refresh/warm__brand_refresh.pptx
LowCopyleft License