AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a native binary wrapper that downloads a GitHub release asset during postinstall and later launches the installed MCP binary.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user runs wenlan-mcp bin
Impact
Installs and executes package-aligned native MCP server binary; no source evidence of exfiltration or system tampering
Mechanism
GitHub release binary downloader and runtime process wrapper
Rationale
Static source inspection shows install-time network download and child_process use, but both are direct native-wrapper behavior for the documented MCP server and no concrete malicious behavior appears in the package source. The unresolved risk is the remote binary supply chain, not source-level malware in this npm package.
Evidence
package.jsoninstall.jsrun.jsREADME.mdbin/wenlan-mcpbin/wenlan-mcp.exe
Network endpoints4
github.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-darwin-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-linux-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-linux-x64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-windows-x64.zip
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node install.js
- install.js downloads a platform release archive from github.com and extracts wenlan-mcp into bin/
- run.js spawns the downloaded bin/wenlan-mcp with inherited stdio
Evidence against
- install.js download URL is package-aligned to 7xuanlu/wenlan release v0.9.6
- No credential/env harvesting, persistence, destructive actions, eval/vm, or obfuscated strings found
- README describes wenlan-mcp as a native MCP server wrapper and documents the prebuilt binary install model
- Only package files present are package.json, install.js, run.js, README.md, and LICENSE
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings