registry  /  nduka  /  1.0.4

nduka@1.0.4

WhatsApp AI Gateway

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a runtime WhatsApp/LLM gateway whose network and local-state behavior is activated through explicit start or CLI commands, not installation or import.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the gateway or invokes an explicit CLI command.
Impact
Expected application behavior; no stealth persistence, payload execution, or unconsented control-surface mutation was identified.
Mechanism
Configured WhatsApp, LLM, and optional tool-service integration.
Rationale
Source inspection shows a WhatsApp AI gateway with explicit runtime networking and local configuration management, but no install-time execution or concrete malicious chain. Scanner signals are explained by ordinary CLI spawning, configured providers, and a non-dynamic method named require.
Evidence
package.jsondist/cli/index.jsdist/gateway/server.jsdist/gateway/bootstrap.jsdist/llm/ocr-registry.jsdist/tool-runtime/mcp-executor.jsdist/connectors/config.jsdist/tools/input-guard.jsconfig/connectors.chatbot.jsonconfig/llm.settings.json

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall, install, or postinstall lifecycle hook.
    • dist/cli/index.js only spawns the package gateway after an explicit CLI start/login command.
    • dist/llm/ocr-registry.js uses a method named require; it performs no module loading.
    • dist/tool-runtime/mcp-executor.js sends requests only to configured, allowlisted MCP endpoints.
    • config/connectors.chatbot.json ships disabled with no connectors.
    • No eval, vm, shell execution, foreign AI-agent config paths, or credential-harvesting path was found.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    GitDependency
    scanned 243 file(s), 1.16 MB of source, external domains: api.anthropic.com, api.groq.com, api.mrcnpin.com, api.openai.com, example.com, generativelanguage.googleapis.com, gulfnews.com, openrouter.ai

    Source & flagged code

    3 flagged · loading source
    dist/llm/ocr-registry.jsView file
    99} L100: require(task) { L101: const selected = this.select(task);
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/llm/ocr-registry.jsView on unpkg · L99
    dist/message-dedupe/engine.jsView file
    178} L179: // ─── Private ──────────────────────────────────────────────────────────── L180: buildDedupeKey(key) {
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/message-dedupe/engine.jsView on unpkg · L178
    package.jsonView file
    dependencies changed=@whiskeysockets/baileys
    Critical
    Manifest Confusion

    Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.

    package.jsonView on unpkg

    Findings

    1 Critical4 Medium5 Low
    CriticalManifest Confusionpackage.json
    MediumDynamic Requiredist/llm/ocr-registry.js
    MediumNetwork
    MediumEnvironment Vars
    MediumGit Dependency
    LowScripts Present
    LowWeak Cryptodist/message-dedupe/engine.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings