AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The runtime operates a WhatsApp gateway and optionally calls configured LLM/search services for requested bot features.
Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs the CLI or gateway and invokes WhatsApp, OCR, or search functionality.
Impact
Processes conversation/media data according to enabled bot features; no stealth exfiltration, remote payload execution, or install-time mutation was found.
Mechanism
WhatsApp automation with configured API/LLM HTTP requests and local state persistence.
Rationale
Direct inspection shows a featureful WhatsApp AI gateway with explicit runtime networking and local state/config handling, but no install hook, hidden payload, credential harvesting path, or foreign AI-agent control-surface mutation. Static dynamic-require and network hints correspond to configuration selection and advertised bot integrations.
Evidence
package.jsondist/cli/index.jsdist/gateway/server.jsdist/gateway/auth/store.jsdist/llm/ocr-registry.jsdist/tools/crunchtrova.jsdist/agent-tools/settings.jsconfig/llm.settings.jsonconfig/agent-tools.settings.json
Network endpoints6
api.mrcnpin.comapi.openai.com/v1api.groq.com/openai/v1/audio/transcriptionsapi.anthropic.com/v1/messagesopenrouter.ai/api/v1/chat/completionsgenerativelanguage.googleapis.com/v1beta/models/
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall, install, postinstall, or prepare lifecycle hook.
- dist/cli/index.js only spawns the package's own Node runtime for explicit start/worker/auth commands.
- dist/tools/crunchtrova.js sends user-requested search/fetch inputs only when its configured tool is invoked.
- dist/llm/ocr-registry.js dynamically selects configured provider profiles; it does not dynamically load code.
- dist/gateway/auth/store.js persists WhatsApp auth state locally at the configured auth path.
- dist/agent-tools/settings.js reads a package-local settings file and contains no foreign AI-agent config writes.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
GitDependency
Source & flagged code
3 flagged · loading sourcedist/llm/ocr-registry.jsView file
99}
L100: require(task) {
L101: const selected = this.select(task);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/llm/ocr-registry.jsView on unpkg · L99dist/message-dedupe/engine.jsView file
178}
L179: // ─── Private ────────────────────────────────────────────────────────────
L180: buildDedupeKey(key) {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/message-dedupe/engine.jsView on unpkg · L178package.jsonView file
•dependencies changed=@whiskeysockets/baileys
Critical
Manifest Confusion
Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgFindings
1 Critical4 Medium5 Low
CriticalManifest Confusionpackage.json
MediumDynamic Requiredist/llm/ocr-registry.js
MediumNetwork
MediumEnvironment Vars
MediumGit Dependency
LowScripts Present
LowWeak Cryptodist/message-dedupe/engine.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings