registry  /  nduka  /  1.0.3

nduka@1.0.3

WhatsApp AI Gateway

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Runtime networking implements the advertised WhatsApp AI gateway, configured LLM providers, and explicit tool requests.

Static reason
One or more suspicious static signals were detected.
Trigger
Running dist/gateway/server.js or explicitly invoking nduka CLI commands.
Impact
Processes chat/media content and configured API credentials only for package-aligned gateway features.
Mechanism
WhatsApp automation with configured LLM and HTTP/MCP tool integrations.
Rationale
The package is a feature-rich WhatsApp AI gateway with intentional runtime networking and local state/config handling, but source inspection found no install-time execution or concrete malicious chain. Static signals are explained by package-aligned provider/tool integrations and explicit CLI administration.
Evidence
package.jsondist/cli/index.jsdist/gateway/server.jsdist/llm/ocr-registry.jsdist/tools/crunchtrova.jsdist/tool-runtime/http-executor.jsdist/gateway/auth/store.jsconfig/llm.settings.jsonconfig/tools.chatbot.json./data/auth_state.json./data./data/media./.env./config/chatbot.config.json./config/tools.chatbot.json./config/prompts.chatbot.json./config/llm.settings.json
Network endpoints6
api.mrcnpin.comapi.openai.com/v1api.deepseek.comopenrouter.ai/api/v1generativelanguage.googleapis.com/v1beta/openailocalhost:11434/v1

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks.
    • dist/cli/index.js only spawns the package's own Node worker after an explicit CLI command.
    • dist/llm/ocr-registry.js uses static ES imports; the dynamic-require hint is not supported by source.
    • dist/tools/crunchtrova.js sends configured search/fetch requests to its documented service endpoint.
    • dist/tool-runtime/http-executor.js validates configured URLs and allowed hosts before requests.
    • No eval, VM, shell execution, credential harvesting, or foreign AI-agent config mutation was found in inspected package code.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    GitDependency
    scanned 243 file(s), 1.15 MB of source, external domains: api.anthropic.com, api.groq.com, api.mrcnpin.com, api.openai.com, example.com, generativelanguage.googleapis.com, gulfnews.com, openrouter.ai

    Source & flagged code

    3 flagged · loading source
    dist/llm/ocr-registry.jsView file
    99} L100: require(task) { L101: const selected = this.select(task);
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/llm/ocr-registry.jsView on unpkg · L99
    dist/message-dedupe/engine.jsView file
    178} L179: // ─── Private ──────────────────────────────────────────────────────────── L180: buildDedupeKey(key) {
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/message-dedupe/engine.jsView on unpkg · L178
    package.jsonView file
    dependencies changed=@whiskeysockets/baileys
    Critical
    Manifest Confusion

    Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

    package.jsonView on unpkg

    Findings

    1 Critical4 Medium5 Low
    CriticalManifest Confusionpackage.json
    MediumDynamic Requiredist/llm/ocr-registry.js
    MediumNetwork
    MediumEnvironment Vars
    MediumGit Dependency
    LowScripts Present
    LowWeak Cryptodist/message-dedupe/engine.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings