AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a runtime WhatsApp/LLM gateway whose network and local-state behavior is activated through explicit start or CLI commands, not installation or import.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the gateway or invokes an explicit CLI command.
Impact
Expected application behavior; no stealth persistence, payload execution, or unconsented control-surface mutation was identified.
Mechanism
Configured WhatsApp, LLM, and optional tool-service integration.
Rationale
Source inspection shows a WhatsApp AI gateway with explicit runtime networking and local configuration management, but no install-time execution or concrete malicious chain. Scanner signals are explained by ordinary CLI spawning, configured providers, and a non-dynamic method named require.
Evidence
package.jsondist/cli/index.jsdist/gateway/server.jsdist/gateway/bootstrap.jsdist/llm/ocr-registry.jsdist/tool-runtime/mcp-executor.jsdist/connectors/config.jsdist/tools/input-guard.jsconfig/connectors.chatbot.jsonconfig/llm.settings.json
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall, install, or postinstall lifecycle hook.
- dist/cli/index.js only spawns the package gateway after an explicit CLI start/login command.
- dist/llm/ocr-registry.js uses a method named require; it performs no module loading.
- dist/tool-runtime/mcp-executor.js sends requests only to configured, allowlisted MCP endpoints.
- config/connectors.chatbot.json ships disabled with no connectors.
- No eval, vm, shell execution, foreign AI-agent config paths, or credential-harvesting path was found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
GitDependency
Source & flagged code
3 flagged · loading sourcedist/llm/ocr-registry.jsView file
99}
L100: require(task) {
L101: const selected = this.select(task);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/llm/ocr-registry.jsView on unpkg · L99dist/message-dedupe/engine.jsView file
178}
L179: // ─── Private ────────────────────────────────────────────────────────────
L180: buildDedupeKey(key) {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/message-dedupe/engine.jsView on unpkg · L178package.jsonView file
•dependencies changed=@whiskeysockets/baileys
Critical
Manifest Confusion
Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkgFindings
1 Critical4 Medium5 Low
CriticalManifest Confusionpackage.json
MediumDynamic Requiredist/llm/ocr-registry.js
MediumNetwork
MediumEnvironment Vars
MediumGit Dependency
LowScripts Present
LowWeak Cryptodist/message-dedupe/engine.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings