registry  /  bobbytools  /  3.0.0

bobbytools@3.0.0

AI Provider Manager & CLI Launcher — manage multiple AI providers, accounts, and models, then launch any CLI tool with the right environment variables

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is an explicitly invoked AI-provider CLI and localhost router; its credential forwarding and OpenCode configuration write are package-aligned user actions.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `bobby`, selects a launch flow, or starts `bobby serve`.
Impact
No unconsented install-time behavior, external persistence, or credential exfiltration established.
Mechanism
Interactive credential manager, local proxy, and selected-CLI launcher.
Rationale
Static inspection shows a user-invoked provider manager that intentionally stores supplied credentials, injects them into selected CLI sessions, and proxies localhost requests to configured providers. Although it has sensitive capabilities, there is no lifecycle-triggered mutation, stealthy persistence, payload execution, or concrete exfiltration chain.
Evidence
package.jsonbin/bobby.jssrc/config.jssrc/index.jssrc/launcher.jssrc/server.js~/.bobbytools/config.json~/.config/opencode/opencode.json

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `src/launcher.js` can write `~/.config/opencode/opencode.json` with a selected account's API key.
  • `src/server.js` proxies local requests to user-configured provider URLs using stored credentials.
  • `src/launcher.js` launches a user-selected CLI through `spawn(..., { shell: true })`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • `bin/bobby.js` only invokes the CLI `main()` entrypoint.
  • Credential/config writes occur through explicit interactive launch or dashboard actions.
  • The router binds to `127.0.0.1`, not an external listener.
  • No source reads unrelated credential stores, exfiltrates data, downloads payloads, or uses eval/VM/native loading.
  • Network forwarding is the documented provider-manager function and targets configured providers.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 90.4 KB of source, external domains: 127.0.0.1, ai.genfity.com, api-inference.huggingface.co, api.anthropic.com, api.cerebras.ai, api.cf.com, api.chutes.ai, api.cloudflare.com, api.cohere.com, api.deepinfra.com, api.deepseek.com, api.endpoints.anyscale.com, api.fireworks.ai, api.groq.com, api.lepton.ai, api.mistral.ai, api.moonshot.cn, api.novita.ai, api.openai.com, api.perplexity.ai, api.sambanova.ai, api.siliconflow.cn, api.studio.nebius.ai, api.together.xyz, api.upstage.ai, api.x.ai, dashscope-intl.aliyuncs.com, generativelanguage.googleapis.com, integrate.api.nvidia.com, models.inference.ai.azure.com, open.bigmodel.cn, openrouter.ai

Source & flagged code

1 flagged · loading source
src/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = bobbytools@2.1.4 matchedIdentity = npm:Ym9iYnl0b29scw:2.1.4 similarity = 0.364 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/index.jsView on unpkg

Findings

1 High2 Medium4 Low
HighPrevious Version Dangerous Deltasrc/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings