registry  /  @circuit-llm/wallet  /  0.2.2

@circuit-llm/wallet@0.2.2

Circuit SDK wallet — SOL/CIRC balances, transfers, and Jupiter swaps. Implements @circuit-llm/x402's PaymentWallet.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. This is a self-custody Solana wallet whose signing and transfer paths are explicit runtime API calls, not install- or import-time behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Caller invokes `sendCirc`, `sendSol`, or `swap` with a configured keypair.
Impact
The caller's wallet can transfer or swap funds only through the package's documented, explicitly invoked methods.
Mechanism
Constructs, signs, and broadcasts user-requested Solana transfers or Jupiter swap transactions.
Rationale
The flagged cryptocurrency operations are the package's stated wallet functionality and are gated by explicit caller methods plus a supplied/environment keypair. Source inspection found no automatic transfer, persistence, payload execution, local harvesting, or exfiltration chain.
Evidence
package.jsondist/index.jsdist/index.d.tsREADME.md
Network endpoints4
lite-api.jup.ag/swap/v1api.jup.ag/swap/v1api.mainnet-beta.solana.comrpc.ankr.com/solana

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no lifecycle install hooks.
    • `dist/index.js` only loads `CIRCUIT_WALLET` when `makeWallet` is called.
    • Transfers require explicit `sendCirc` or `sendSol` calls and a signing keypair.
    • Swaps require an explicit `swap` call; it signs the returned transaction then broadcasts it.
    • No filesystem writes, shell/process execution, dynamic evaluation, or credential exfiltration found.
    • Network calls target documented Solana RPC and Jupiter swap endpoints.
    Behavioral surface
    Source
    EnvironmentVarsNetwork
    Supply chain
    UrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 12.8 KB of source, external domains: api.jup.ag, api.mainnet-beta.solana.com, lite-api.jup.ag, rpc.ankr.com

    Source & flagged code

    2 flagged · loading source
    dist/index.jsView file
    4function keypairFromSecret(input) { L5: if (input instanceof Uint8Array) return Keypair.fromSecretKey(input); L6: if (Array.isArray(input)) return Keypair.fromSecretKey(Uint8Array.from(input)); L7: const s = String(input).trim(); L8: if (s.startsWith("[")) return Keypair.fromSecretKey(Uint8Array.from(JSON.parse(s))); L9: return Keypair.fromSecretKey(bs58.decode(s)); L10: } L11: function loadKeypairFromEnv(env = process.env) { L12: const v = env.CIRCUIT_WALLET; ... L86: if (!usesDefaultPublicRpc(opts)) return; L87: if (process.env.CIRCUIT_SUPPRESS_RPC_WARNING === "1") return; L88: warned = true;
    Critical
    Wallet Drain

    Source uses private key material to transfer cryptocurrency funds.

    dist/index.jsView on unpkg · L4
    4Trigger-reachable chain: manifest.main -> dist/index.js L4: function keypairFromSecret(input) { L5: if (input instanceof Uint8Array) return Keypair.fromSecretKey(input); L6: if (Array.isArray(input)) return Keypair.fromSecretKey(Uint8Array.from(input)); L7: const s = String(input).trim(); L8: if (s.startsWith("[")) return Keypair.fromSecretKey(Uint8Array.from(JSON.parse(s))); L9: return Keypair.fromSecretKey(bs58.decode(s)); L10: } L11: function loadKeypairFromEnv(env = process.env) { L12: const v = env.CIRCUIT_WALLET; ... L86: if (!usesDefaultPublicRpc(opts)) return; L87: if (process.env.CIRCUIT_SUPPRESS_RPC_WARNING === "1") return; L88: warned = true;
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    dist/index.jsView on unpkg · L4

    Findings

    2 Critical2 Medium2 Low
    CriticalWallet Draindist/index.js
    CriticalTrigger Reachable Dangerous Capabilitydist/index.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowUrl Strings