registry  /  wisp-deck  /  2.23.0

wisp-deck@2.23.0

Terminal + tmux wrapper for AI coding tools (Claude Code, OpenCode)

AI Security Review

scanned 2h ago · by lpm-firewall-ai

A user-invoked CLI installs package files, fetches and executes an unverified release binary, and can configure selected AI-tool integrations. No install-time execution or confirmed malicious behavior was found.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the wisp-deck command on macOS.
Impact
A compromised release asset could execute with the invoking user's permissions; selected setup modifies Claude/OpenCode integration files.
Mechanism
Remote binary download plus explicit AI-tool configuration setup.
Rationale
No lifecycle hook or source-level exfiltration/malicious chain was found. Flag as warn because user execution retrieves an executable without integrity verification and the package can modify AI-tool integration configuration during explicit setup.
Evidence
package.jsonbin/npx-wisp-deck.jsbin/wisp-decktemplates/opencode-plugin.tslib/statusline-setup.sh~/.local/share/wisp-deck~/.local/bin/wisp-deck-tui~/.claude/settings.json~/.config/opencode/plugins/wisp-deck.ts
Network endpoints1
github.com/JackUait/wisp-deck/releases/download/v${version}/wisp-deck-tui-darwin-${arch}

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/npx-wisp-deck.js downloads a versioned macOS binary with curl and executes it on later runs.
  • The downloaded TUI binary has no checksum, signature, or pinned digest verification.
  • bin/wisp-deck copies a Claude status-line wrapper into ~/.claude/settings.json setup flow.
  • bin/wisp-deck installs templates/opencode-plugin.ts into the user's OpenCode plugin directory when OpenCode is selected.
Evidence against
  • package.json contains no preinstall, install, or postinstall lifecycle hook.
  • The download, local distribution copy, and bash execution occur only after the user invokes the wisp-deck CLI.
  • The GitHub Releases URL is package-repository aligned and version-derived.
  • Reviewed sources show no credential harvesting, secret exfiltration, stealth network endpoint, or destructive payload.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 8.14 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
wrapper.shView file
path = wrapper.sh kind = build_helper sizeBytes = 27300 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

wrapper.shView on unpkg
bin/npx-wisp-deck.jsView file
matchType = previous_version_dangerous_delta matchedPackage = wisp-deck@2.22.0 matchedIdentity = npm:d2lzcC1kZWNr:2.22.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/npx-wisp-deck.jsView on unpkg

Findings

1 High2 Medium2 Low
HighPrevious Version Dangerous Deltabin/npx-wisp-deck.js
MediumEnvironment Vars
MediumShips Build Helperwrapper.sh
LowFilesystem
LowUrl Strings