registry  /  nduka  /  1.0.2

nduka@1.0.2

WhatsApp AI Gateway

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Network behavior is package-aligned WhatsApp, LLM, and explicitly configured connector functionality, activated only at runtime or by owner commands.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `nduka`/gateway or an owner explicitly confirms a configured connector command.
Impact
Normal configured bot operation; no unconsented install-time mutation, payload execution, or data-exfiltration chain was found.
Mechanism
WhatsApp AI gateway with configurable LLM and allowlisted HTTPS connector requests.
Rationale
Static inspection shows a featureful WhatsApp AI gateway, not a malicious package. Scanner signals correspond to explicit runtime functionality and guarded, user-configured network/file operations rather than covert behavior.
Evidence
package.jsondist/cli/index.jsdist/gateway/server.jsdist/llm/ocr-registry.jsdist/connectors/executor.jsdist/connectors/url-guard.jsdist/gateway/bootstrap.jsdist/connectors/runner.jsdist/connectors/config.jsdist/conversation/connector-command-controller.jsdist/config/local-env-editor.jsdist/auth/session-admin.jsconfig/llm.settings.jsonconfig/connectors.chatbot.json
Network endpoints6
api.kilo.ai/api/gatewayapi.openai.com/v1api.deepseek.comgenerativelanguage.googleapis.com/v1beta/openaiopenrouter.ai/api/v1localhost:11434/v1

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/gateway/server.js` starts a WhatsApp gateway when its documented runtime entrypoint is executed.
  • `dist/cli/index.js` can spawn only `process.execPath` with the package's gateway scripts.
  • `dist/llm/ocr-registry.js` builds configurable provider endpoints from local settings/env.
  • `dist/connectors/runner.js` can perform configured connector requests at runtime.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hooks.
  • No `eval`, `Function`, shell execution, arbitrary require, or remote-code loader was found in shipped JS.
  • CLI writes are explicit commands for cwd-local config, `.env`, auth, and data files.
  • `dist/conversation/connector-command-controller.js` limits connector execution to owner self-chat with an explicit `confirm`.
  • `dist/connectors/url-guard.js` requires HTTPS allowlisted public DNS hosts; `dist/connectors/executor.js` blocks redirects.
  • No source evidence of credential harvesting, exfiltration, AI-agent config mutation, or destructive foreign-path writes was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
GitDependency
scanned 243 file(s), 1.15 MB of source, external domains: api.anthropic.com, api.groq.com, api.mrcnpin.com, api.openai.com, example.com, generativelanguage.googleapis.com, gulfnews.com, openrouter.ai

Source & flagged code

4 flagged · loading source
dist/llm/ocr-registry.jsView file
99} L100: require(task) { L101: const selected = this.select(task);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/llm/ocr-registry.jsView on unpkg · L99
dist/message-dedupe/engine.jsView file
178} L179: // ─── Private ──────────────────────────────────────────────────────────── L180: buildDedupeKey(key) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/message-dedupe/engine.jsView on unpkg · L178
package.jsonView file
dependencies changed=@whiskeysockets/baileys
Critical
Manifest Confusion

Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

package.jsonView on unpkg
dist/cli/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = nduka@1.0.1 matchedIdentity = npm:bmR1a2E:1.0.1 similarity = 0.992 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli/index.jsView on unpkg

Findings

1 Critical1 High4 Medium5 Low
CriticalManifest Confusionpackage.json
HighPrevious Version Dangerous Deltadist/cli/index.js
MediumDynamic Requiredist/llm/ocr-registry.js
MediumNetwork
MediumEnvironment Vars
MediumGit Dependency
LowScripts Present
LowWeak Cryptodist/message-dedupe/engine.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings