AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface was found. The main risk is explicit CLI/runtime integration with a Roy agent EventSource and prompt hook, plus insecure defaults for TLS and server auth.
Decision evidence
public snapshot- src/cli/cli.ts auto-registers bounty-im EventSource when BOUNTY_IM_ADDRESS is set and notes persistence to event-sources.json.
- src/cli/hooks/bounty-prompt-hook.ts appends BOUNTY_CAPABILITIES to the default agent prompt.
- src/cli/lib/fetch-helper.ts disables TLS verification by default via NODE_TLS_REJECT_UNAUTHORIZED=0.
- src/server/http/index.ts defaults BOUNTY_TOKEN_CHECK_ENABLED off, leaving /api routes unauthenticated in default server mode.
- src/cli/commands/server/start.ts spawns bun run server only for explicit bounty server start command.
- package.json has only prepublishOnly lifecycle; no install/preinstall/postinstall execution.
- src/bin/bounty.ts only loads dotenv and runs the explicit CLI entrypoint.
- Network activity is CLI/server functionality for bounty API, IM WebSocket, SMTP, or user-provided server URLs.
- Credential handling is local auth token storage/read under ~/.config/bounty/token and SMTP/JWT env use, with no exfiltration sink found.
- No hidden downloader, remote payload execution, broad AI-agent config mutation at npm install time, or destructive import-time behavior found.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/bin/bounty.jsView on unpkg · L6659Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/bin/bounty.jsView on unpkg · L75Package source references dynamic require/import behavior.
dist/bin/bounty.jsView on unpkg · L51Source writes installer persistence such as shell profile or service configuration.
dist/bin/bounty.jsView on unpkg · L75This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/cli/commands/server/start.tsView on unpkg