AI Security Review
scanned 8d ago · by lpm-firewall-aiUser-invoked CLI creates local demo wallets and can move crypto funds through x402/payment demo flows. The risky behavior is explicit crypto transfer capability to hardcoded demo/receiver addresses, not install-time execution or confirmed secret exfiltration.
Decision evidence
public snapshot- cli.js creates local agent private keys at startup in ~/.botpay/agent-wallets.json if env key is absent
- cli.js has user-invoked flows that transfer native tokens/USDC from agent wallets to hardcoded receivers
- Multi-agent flow sends user-funded USDC through generated agent wallets to final receiver 0xcC1984E79726E7a0ae2b9Df2ac9e79Fb4983930e
- Network calls go to package/demo endpoints and public RPCs, including x402 payment APIs
- package.json has no npm lifecycle scripts; execution is via bin cli.js
- No evidence that private keys or environment variables are sent directly to a remote endpoint
- Wallet funding requires WalletConnect/MetaMask approval and CLI prompts show recipient/amount context
- No AI-agent control-surface writes, persistence hooks, eval/vm, native binary loading, or remote code execution found
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
cli.jsView on unpkg · L20Source uses private key material to transfer cryptocurrency funds.
cli.jsView on unpkg · L20A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
cli.jsView on unpkg · L20