registry  /  nduka  /  1.0.1

nduka@1.0.1

WhatsApp AI Gateway

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The runtime operates a WhatsApp gateway and optionally calls configured LLM/search services for requested bot features.

Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs the CLI or gateway and invokes WhatsApp, OCR, or search functionality.
Impact
Processes conversation/media data according to enabled bot features; no stealth exfiltration, remote payload execution, or install-time mutation was found.
Mechanism
WhatsApp automation with configured API/LLM HTTP requests and local state persistence.
Rationale
Direct inspection shows a featureful WhatsApp AI gateway with explicit runtime networking and local state/config handling, but no install hook, hidden payload, credential harvesting path, or foreign AI-agent control-surface mutation. Static dynamic-require and network hints correspond to configuration selection and advertised bot integrations.
Evidence
package.jsondist/cli/index.jsdist/gateway/server.jsdist/gateway/auth/store.jsdist/llm/ocr-registry.jsdist/tools/crunchtrova.jsdist/agent-tools/settings.jsconfig/llm.settings.jsonconfig/agent-tools.settings.json
Network endpoints6
api.mrcnpin.comapi.openai.com/v1api.groq.com/openai/v1/audio/transcriptionsapi.anthropic.com/v1/messagesopenrouter.ai/api/v1/chat/completionsgenerativelanguage.googleapis.com/v1beta/models/

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall, install, postinstall, or prepare lifecycle hook.
    • dist/cli/index.js only spawns the package's own Node runtime for explicit start/worker/auth commands.
    • dist/tools/crunchtrova.js sends user-requested search/fetch inputs only when its configured tool is invoked.
    • dist/llm/ocr-registry.js dynamically selects configured provider profiles; it does not dynamically load code.
    • dist/gateway/auth/store.js persists WhatsApp auth state locally at the configured auth path.
    • dist/agent-tools/settings.js reads a package-local settings file and contains no foreign AI-agent config writes.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    GitDependency
    scanned 243 file(s), 1.15 MB of source, external domains: api.anthropic.com, api.groq.com, api.mrcnpin.com, api.openai.com, example.com, generativelanguage.googleapis.com, gulfnews.com, openrouter.ai

    Source & flagged code

    3 flagged · loading source
    dist/llm/ocr-registry.jsView file
    99} L100: require(task) { L101: const selected = this.select(task);
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/llm/ocr-registry.jsView on unpkg · L99
    dist/message-dedupe/engine.jsView file
    178} L179: // ─── Private ──────────────────────────────────────────────────────────── L180: buildDedupeKey(key) {
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/message-dedupe/engine.jsView on unpkg · L178
    package.jsonView file
    dependencies changed=@whiskeysockets/baileys
    Critical
    Manifest Confusion

    Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

    package.jsonView on unpkg

    Findings

    1 Critical4 Medium5 Low
    CriticalManifest Confusionpackage.json
    MediumDynamic Requiredist/llm/ocr-registry.js
    MediumNetwork
    MediumEnvironment Vars
    MediumGit Dependency
    LowScripts Present
    LowWeak Cryptodist/message-dedupe/engine.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings