AI Security Review
scanned 2h ago · by lpm-firewall-aiA user-invoked CLI installs package files, fetches and executes an unverified release binary, and can configure selected AI-tool integrations. No install-time execution or confirmed malicious behavior was found.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the wisp-deck command on macOS.
Impact
A compromised release asset could execute with the invoking user's permissions; selected setup modifies Claude/OpenCode integration files.
Mechanism
Remote binary download plus explicit AI-tool configuration setup.
Rationale
No lifecycle hook or source-level exfiltration/malicious chain was found. Flag as warn because user execution retrieves an executable without integrity verification and the package can modify AI-tool integration configuration during explicit setup.
Evidence
package.jsonbin/npx-wisp-deck.jsbin/wisp-decktemplates/opencode-plugin.tslib/statusline-setup.sh~/.local/share/wisp-deck~/.local/bin/wisp-deck-tui~/.claude/settings.json~/.config/opencode/plugins/wisp-deck.ts
Network endpoints1
github.com/JackUait/wisp-deck/releases/download/v${version}/wisp-deck-tui-darwin-${arch}
Decision evidence
public snapshotAI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- bin/npx-wisp-deck.js downloads a versioned macOS binary with curl and executes it on later runs.
- The downloaded TUI binary has no checksum, signature, or pinned digest verification.
- bin/wisp-deck copies a Claude status-line wrapper into ~/.claude/settings.json setup flow.
- bin/wisp-deck installs templates/opencode-plugin.ts into the user's OpenCode plugin directory when OpenCode is selected.
Evidence against
- package.json contains no preinstall, install, or postinstall lifecycle hook.
- The download, local distribution copy, and bash execution occur only after the user invokes the wisp-deck CLI.
- The GitHub Releases URL is package-repository aligned and version-derived.
- Reviewed sources show no credential harvesting, secret exfiltration, stealth network endpoint, or destructive payload.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
Source & flagged code
2 flagged · loading sourcewrapper.shView file
•path = wrapper.sh
kind = build_helper
sizeBytes = 27300
magicHex = [redacted]
Medium
bin/npx-wisp-deck.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = wisp-deck@2.22.0
matchedIdentity = npm:d2lzcC1kZWNr:2.22.0
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/npx-wisp-deck.jsView on unpkgFindings
1 High2 Medium2 Low
HighPrevious Version Dangerous Deltabin/npx-wisp-deck.js
MediumEnvironment Vars
MediumShips Build Helperwrapper.sh
LowFilesystem
LowUrl Strings