registry  /  wookledger  /  0.2.0

wookledger@0.2.0

Durable, verified, crash-proof state for AI coding agents. The wook CLI: autonomous, drift-checked builds on your own model key.

AI Security Review

scanned 6h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `wook setup`, `wook gate --install`, `wook build/run/plan/watch`, or related CLI commands.
Impact
Can install a Claude Code Stop hook, persist local Wook config/state, send prompts/license metadata to configured services, and write project files during requested build workflows.
Mechanism
Explicit-user-command AI agent setup, model-driven project edits, license/model/network calls, and optional notifications.
Rationale
The risky primitives are real but are activated by explicit CLI commands and align with the advertised AI coding-agent workflow. Because it mutates an AI-agent control surface only through user-command setup and no concrete exfiltration or stealth execution chain is present, warn rather than block.
Evidence
package.jsonREADME.mddist/wook.mjs~/.wook/config.json~/.wook/device.json~/.wook/notify.json~/.wook/projects.json.claude/settings.json.wook-demo/ledger.jsonl.wook-demo/manifest.jsonbuild-root files named by agent/task plan
Network endpoints4
engine.wookvisory.comapi.anthropic.comntfy.sh/user-configured Slack/webhook endpoints

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/wook.mjs has explicit `wook setup` and `wook gate --install` paths that write `.claude/settings.json` Stop hook config.
  • dist/wook.mjs writes and reads persistent user state under `~/.wook` and build state such as ledgers/manifests.
  • dist/wook.mjs sends license/device data to `https://engine.wookvisory.com` and model prompts to `https://api.anthropic.com` when user invokes CLI workflows.
  • dist/wook.mjs can run user/task verification commands via child_process and can write model-produced edits into project files.
Evidence against
  • package.json defines only a `bin` entry and no preinstall/install/postinstall lifecycle scripts.
  • AI-agent control-surface mutation is tied to explicit user commands (`setup` or `gate --install`), not install-time execution.
  • Network use is package-aligned for license/engine, Anthropic model calls using user's key, and user-configured notifications.
  • No source evidence of credential harvesting, stealth persistence, remote payload download/execution, or destructive behavior outside CLI build workflows.
Behavioral surface
Source
EnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 140 KB of source, external domains: 127.0.0.1, api.anthropic.com, engine.wookvisory.com, hooks.slack.com, wookledger.com, www.w3.org, x.example

Source & flagged code

2 flagged · loading source
dist/wook.mjsView file
1#!/usr/bin/env node L2: import{request as qt,createServer as Yt}from"node:http";import{request as Qt}from"node:https";import{spawnSync as st,spawn as Xt}from"node:child_process";import{createHash as Zt,ra... L3: `)}catch{}return o}var at=_t();function Nt(){let e=process.env.WOOK_SEAT_NAME?.trim();return e&&e.length?e:at}var N=process.env.WOOK_DEMO_ROOT??k(process.cwd(),".wook-demo"),dn=k(N...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/wook.mjsView on unpkg · L1
1#!/usr/bin/env node L2: import{request as qt,createServer as Yt}from"node:http";import{request as Qt}from"node:https";import{spawnSync as st,spawn as Xt}from"node:child_process";import{createHash as Zt,ra... L3: `)}catch{}return o}var at=_t();function Nt(){let e=process.env.WOOK_SEAT_NAME?.trim();return e&&e.length?e:at}var N=process.env.WOOK_DEMO_ROOT??k(process.cwd(),".wook-demo"),dn=k(N... L4: `)}async function vn(e){try{let t=await be();return t.valid||(console.error(`wook build: license ${t.reason??"not valid"}. the build loop runs on a valid license. run 'wook license...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/wook.mjsView on unpkg · L1

Findings

2 High2 Medium4 Low
HighSame File Env Network Executiondist/wook.mjs
HighCommand Output Exfiltrationdist/wook.mjs
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License