I'm afraid I've installed a scam npm package: how to analyse a Wasm?

I've installed and executed (with nodejs) a package from npm: https://www.npmjs.com/package/openssl.js

Somehow I didn't realize that it hasn't a good reputation (almost no activity/stars on twitter, github). Now I'm afraid that it is a scam. The worst case would be that is stealing/encrypting my data or something like that.

I've checked the processes, I/O and network in the activity monitor but nothing interesting. But I would like to have more confidence that everything is okay.

Since it is a Wasm file I cannot just check the source code. I've tried to decompile with this tool: https://github.com/WebAssembly/wabt but it gives me for all binaries in that project this error: error: @0x00000004: bad magic value.

Maybe because in the README of the openssl.js package they claim it is build with wasienv toolchain?

Another idea would be install a honeypot and run the same commands in the honeypot. But which honeypot is suitable for this?

// edit

I was able to run wasm2c on this file: src/raw-wasm/openssl.wasm. But how can I ensure there was no network interactivity?
Here are the first lines of the output: https://pastebin.com/YYHecFAC