AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package uses an install-time downloader for its native MCP binary, which is a supply-chain risk but matches the documented package purpose.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invokes wenlan-mcp CLI
Impact
Installs and runs wenlan-mcp binary from the project's GitHub release; no confirmed exfiltration or unauthorized mutation in inspected source.
Mechanism
download and execute package-aligned native binary wrapper
Rationale
Static inspection shows a conventional native-binary npm wrapper that downloads its own GitHub release asset during postinstall and forwards CLI execution. There is no source evidence of malware behavior beyond package-aligned install-time network and child-process use.
Evidence
package.jsoninstall.jsrun.jsREADME.mdbin/wenlan-mcpbin/wenlan-mcp.exe
Network endpoints4
github.com/7xuanlu/wenlan/releases/download/v0.9.4/wenlan-darwin-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.4/wenlan-linux-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.4/wenlan-linux-x64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.4/wenlan-windows-x64.zip
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall: node install.js
- install.js downloads a platform-specific release archive from GitHub at install time
- install.js invokes system tar to extract wenlan-mcp binary and chmods it executable
- run.js spawns ./bin/wenlan-mcp with inherited stdio when CLI is invoked
Evidence against
- install.js is package-aligned: selects OS/CPU asset for 7xuanlu/wenlan v0.9.4 release
- No credential/env harvesting, home-directory scanning, persistence, destructive behavior, or obfuscation found
- Network use is limited to GitHub release download and README/documentation links
- No package files write AI-agent config or control surfaces
- Extracted package contains only package.json, install.js, run.js, README.md, LICENSE
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings