AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an explicitly invoked AI-provider CLI and localhost router; its credential forwarding and OpenCode configuration write are package-aligned user actions.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `bobby`, selects a launch flow, or starts `bobby serve`.
Impact
No unconsented install-time behavior, external persistence, or credential exfiltration established.
Mechanism
Interactive credential manager, local proxy, and selected-CLI launcher.
Rationale
Static inspection shows a user-invoked provider manager that intentionally stores supplied credentials, injects them into selected CLI sessions, and proxies localhost requests to configured providers. Although it has sensitive capabilities, there is no lifecycle-triggered mutation, stealthy persistence, payload execution, or concrete exfiltration chain.
Evidence
package.jsonbin/bobby.jssrc/config.jssrc/index.jssrc/launcher.jssrc/server.js~/.bobbytools/config.json~/.config/opencode/opencode.json
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- `src/launcher.js` can write `~/.config/opencode/opencode.json` with a selected account's API key.
- `src/server.js` proxies local requests to user-configured provider URLs using stored credentials.
- `src/launcher.js` launches a user-selected CLI through `spawn(..., { shell: true })`.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `bin/bobby.js` only invokes the CLI `main()` entrypoint.
- Credential/config writes occur through explicit interactive launch or dashboard actions.
- The router binds to `127.0.0.1`, not an external listener.
- No source reads unrelated credential stores, exfiltrates data, downloads payloads, or uses eval/VM/native loading.
- Network forwarding is the documented provider-manager function and targets configured providers.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcesrc/index.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = bobbytools@2.1.4
matchedIdentity = npm:Ym9iYnl0b29scw:2.1.4
similarity = 0.364
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/index.jsView on unpkgFindings
1 High2 Medium4 Low
HighPrevious Version Dangerous Deltasrc/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings