registry  /  wenlan-mcp  /  0.9.6

wenlan-mcp@0.9.6

Local-first memory layer for AI agents - MCP server

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a native binary wrapper that downloads a GitHub release asset during postinstall and later launches the installed MCP binary.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user runs wenlan-mcp bin
Impact
Installs and executes package-aligned native MCP server binary; no source evidence of exfiltration or system tampering
Mechanism
GitHub release binary downloader and runtime process wrapper
Rationale
Static source inspection shows install-time network download and child_process use, but both are direct native-wrapper behavior for the documented MCP server and no concrete malicious behavior appears in the package source. The unresolved risk is the remote binary supply chain, not source-level malware in this npm package.
Evidence
package.jsoninstall.jsrun.jsREADME.mdbin/wenlan-mcpbin/wenlan-mcp.exe
Network endpoints4
github.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-darwin-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-linux-arm64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-linux-x64.tar.gzgithub.com/7xuanlu/wenlan/releases/download/v0.9.6/wenlan-windows-x64.zip

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall: node install.js
  • install.js downloads a platform release archive from github.com and extracts wenlan-mcp into bin/
  • run.js spawns the downloaded bin/wenlan-mcp with inherited stdio
Evidence against
  • install.js download URL is package-aligned to 7xuanlu/wenlan release v0.9.6
  • No credential/env harvesting, persistence, destructive actions, eval/vm, or obfuscated strings found
  • README describes wenlan-mcp as a native MCP server wrapper and documents the prebuilt binary install model
  • Only package files present are package.json, install.js, run.js, README.md, and LICENSE
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 4.41 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings