AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package uses an install-time native binary downloader for a package-aligned MCP server, then run.js invokes that binary on user command.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user runs wenlan-mcp bin
Impact
Installs and runs the wenlan-mcp native binary; no source evidence of exfiltration or unauthorized mutation in the npm wrapper
Mechanism
platform-specific GitHub release binary download and CLI wrapper spawn
Rationale
The suspicious primitives are a lifecycle downloader and child_process wrapper, but they are consistent with distributing a native MCP binary and point only to the package's versioned GitHub releases. Static inspection found no concrete malicious behavior in the shipped npm source.
Evidence
package.jsoninstall.jsrun.jsREADME.mdbin/wenlan-mcpbin/wenlan-mcp.exeOS temp archive path
Network endpoints4
github.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-darwin-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-linux-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-linux-x64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-windows-x64.zip
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node install.js
- install.js downloads a platform archive from GitHub releases and extracts wenlan-mcp
- run.js spawns the installed bin/wenlan-mcp with user CLI args
Evidence against
- install.js download URL is versioned and package-aligned to github.com/7xuanlu/wenlan
- No credential/env harvesting, home-directory scanning, persistence, or destructive file operations found
- No install-time writes outside package bin/ and OS temp archive cleanup
- README describes a local MCP memory server matching the binary wrapper behavior
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings