AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Runtime networking implements the advertised WhatsApp AI gateway, configured LLM providers, and explicit tool requests.
Static reason
One or more suspicious static signals were detected.
Trigger
Running dist/gateway/server.js or explicitly invoking nduka CLI commands.
Impact
Processes chat/media content and configured API credentials only for package-aligned gateway features.
Mechanism
WhatsApp automation with configured LLM and HTTP/MCP tool integrations.
Rationale
The package is a feature-rich WhatsApp AI gateway with intentional runtime networking and local state/config handling, but source inspection found no install-time execution or concrete malicious chain. Static signals are explained by package-aligned provider/tool integrations and explicit CLI administration.
Evidence
package.jsondist/cli/index.jsdist/gateway/server.jsdist/llm/ocr-registry.jsdist/tools/crunchtrova.jsdist/tool-runtime/http-executor.jsdist/gateway/auth/store.jsconfig/llm.settings.jsonconfig/tools.chatbot.json./data/auth_state.json./data./data/media./.env./config/chatbot.config.json./config/tools.chatbot.json./config/prompts.chatbot.json./config/llm.settings.json
Network endpoints6
api.mrcnpin.comapi.openai.com/v1api.deepseek.comopenrouter.ai/api/v1generativelanguage.googleapis.com/v1beta/openailocalhost:11434/v1
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/cli/index.js only spawns the package's own Node worker after an explicit CLI command.
- dist/llm/ocr-registry.js uses static ES imports; the dynamic-require hint is not supported by source.
- dist/tools/crunchtrova.js sends configured search/fetch requests to its documented service endpoint.
- dist/tool-runtime/http-executor.js validates configured URLs and allowed hosts before requests.
- No eval, VM, shell execution, credential harvesting, or foreign AI-agent config mutation was found in inspected package code.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
GitDependency
Source & flagged code
3 flagged · loading sourcedist/llm/ocr-registry.jsView file
99}
L100: require(task) {
L101: const selected = this.select(task);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/llm/ocr-registry.jsView on unpkg · L99dist/message-dedupe/engine.jsView file
178}
L179: // ─── Private ────────────────────────────────────────────────────────────
L180: buildDedupeKey(key) {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/message-dedupe/engine.jsView on unpkg · L178package.jsonView file
•dependencies changed=@whiskeysockets/baileys
Critical
Manifest Confusion
Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgFindings
1 Critical4 Medium5 Low
CriticalManifest Confusionpackage.json
MediumDynamic Requiredist/llm/ocr-registry.js
MediumNetwork
MediumEnvironment Vars
MediumGit Dependency
LowScripts Present
LowWeak Cryptodist/message-dedupe/engine.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings