AI Security Review
scanned 7d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- cli.js creates seven local demo wallets and writes private keys to ~/.botpay/agent-wallets.json at CLI startup when env key is absent.
- cli.js contains user-invoked flows that request WalletConnect approvals and transfer real native tokens/USDC to hardcoded receiver addresses.
- cli.js multi-agent flow forwards user-funded Base USDC through generated agent wallets to a hardcoded final receiver.
- cli.js sends x402 requests and voucher data to botpay/wurk/worker endpoints using local agent signing keys.
- package.json has no install/preinstall/postinstall lifecycle hook; execution is via bin cli.js.
- Dangerous payment flows are menu/argument driven and print receivers/amounts before wallet approval or agent transfer.
- No source evidence of private key/env exfiltration; private keys are used locally for ethers/x402 signing.
- No AI-agent control surface, shell startup, VCS hook, daemon, or foreign config mutation found.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
cli.jsView on unpkg · L20Source uses private key material to transfer cryptocurrency funds.
cli.jsView on unpkg · L20A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
cli.jsView on unpkg · L20