registry  /  wenlan-mcp  /  0.10.0

wenlan-mcp@0.10.0

Local-first memory layer for AI agents - MCP server

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package uses an install-time native binary downloader for a package-aligned MCP server, then run.js invokes that binary on user command.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user runs wenlan-mcp bin
Impact
Installs and runs the wenlan-mcp native binary; no source evidence of exfiltration or unauthorized mutation in the npm wrapper
Mechanism
platform-specific GitHub release binary download and CLI wrapper spawn
Rationale
The suspicious primitives are a lifecycle downloader and child_process wrapper, but they are consistent with distributing a native MCP binary and point only to the package's versioned GitHub releases. Static inspection found no concrete malicious behavior in the shipped npm source.
Evidence
package.jsoninstall.jsrun.jsREADME.mdbin/wenlan-mcpbin/wenlan-mcp.exeOS temp archive path
Network endpoints4
github.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-darwin-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-linux-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-linux-x64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.10.0/wenlan-windows-x64.zip

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall: node install.js
  • install.js downloads a platform archive from GitHub releases and extracts wenlan-mcp
  • run.js spawns the installed bin/wenlan-mcp with user CLI args
Evidence against
  • install.js download URL is versioned and package-aligned to github.com/7xuanlu/wenlan
  • No credential/env harvesting, home-directory scanning, persistence, or destructive file operations found
  • No install-time writes outside package bin/ and OS temp archive cleanup
  • README describes a local MCP memory server matching the binary wrapper behavior
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 4.41 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings