AI Security Review
scanned 20h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. On explicit `wisp-deck` execution, the package installs its own distribution and fetches its matching GitHub-release TUI binary; it also configures selected AI-tool UI integrations.
Static reason
No blocking static signals were detected.
Trigger
User runs the `wisp-deck` npm bin and selects an AI tool.
Impact
Writes under user config/local-bin paths and may install first-party OpenCode/Claude UI configuration; no evidence of credential exfiltration, stealth persistence, or foreign control-surface mutation.
Mechanism
User-invoked local setup plus package-aligned GitHub release binary download.
Rationale
The observed writes and network download are package-aligned, explicitly user-invoked setup behavior, with no install-time execution or concrete malicious chain. The unauthenticated release-binary download is a supply-chain hardening concern but does not establish malicious intent or behavior in this package source.
Evidence
package.jsonbin/npx-wisp-deck.jsbin/wisp-decklib/install.shlib/statusline-setup.shlib/settings-json.shtemplates/opencode-plugin.ts~/.local/share/wisp-deck~/.local/bin/wisp-deck-tui~/.claude/settings.json~/.config/opencode/plugins/wisp-deck.ts
Network endpoints2
github.com/JackUait/wisp-deck/releases/download/v${version}/wisp-deck-tui-darwin-${arch}claude.ai/install.sh
Decision evidence
public snapshotAI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
- `bin/npx-wisp-deck.js` downloads and chmods a release TUI binary on explicit CLI use.
- `bin/wisp-deck` explicitly installs Claude statusline/OpenCode plugin files after tool selection.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `bin/npx-wisp-deck.js` only runs through the declared user-invoked `wisp-deck` bin.
- Release download is fixed to `github.com/JackUait/wisp-deck` and version/architecture path.
- Inspected agent integrations are statusline/idle UI helpers, not credential collection or exfiltration.
- No source path sends environment variables, Claude data, or local files to a remote endpoint.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
Source & flagged code
1 flagged · loading sourcewrapper.shView file
•path = wrapper.sh
kind = build_helper
sizeBytes = 27036
magicHex = [redacted]
Medium
Findings
2 Medium2 Low
MediumEnvironment Vars
MediumShips Build Helperwrapper.sh
LowFilesystem
LowUrl Strings