registry  /  botpay  /  0.2.1

botpay@0.2.1

Developer CLI for free x402 Bazaar discovery, direct payments, BotPay services, and escrow vouchers

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. This is a payment CLI whose wallet creation, network use, and USDC transfers are activated by explicit user commands and payment confirmations.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs BotPay commands, especially `execute`, `call --yes`, or `demo`.
Impact
Can transfer funds from the user-configured/local agent wallet only when the user invokes a payment flow and confirms it.
Mechanism
User-confirmed x402 payment and wallet-management operations.
Rationale
The scanner's wallet and environment findings correspond to the package's stated payment functionality. Source inspection found no install-time execution, secret exfiltration, stealth persistence, or unconsented transfer path.
Evidence
package.jsonbin/botpay.jssrc/cli.jssrc/wallet.jssrc/x402.jssrc/botpay-services.jscli.jssrc/config.js

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `cli.js` legacy demo can create local demo wallets and initiate x402 USDC transfers.
  • `src/cli.js` permits payments only through explicit commands with `--yes` confirmation.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • `bin/botpay.js` only invokes `src/cli.js` after the user runs the CLI.
  • `src/cli.js` uses `spawn` only for explicit `botpay demo` and safe URL opening.
  • `src/wallet.js` stores the package-owned agent wallet locally with mode 0600.
  • Reviewed network calls target configured RPC, BotPay, Bazaar, and user-supplied x402 endpoints; no credential-upload path found.
  • No eval, remote code loading, destructive filesystem action, or AI-agent control-surface mutation found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 17 file(s), 210 KB of source, external domains: api.cdp.coinbase.com, base.llamarpc.com, base.publicnode.com, basescan.org, binance.llamarpc.com, botpay-voucher-worker.alexwlex143.workers.dev, botpay.network, bsc-dataseed.binance.org, bscscan.com, eth.llamarpc.com, ethereum.publicnode.com, etherscan.io, mvp.botpay.network, video.botpay.network, x.botpay.network

Source & flagged code

2 flagged · loading source
cli.jsView file
20import "dotenv/config"; L21: import { exec } from "node:child_process"; L22: import readline from "node:readline"; ... L36: function ensureDefaultRpcEnv() { L37: process.env.ETH_RPC_URL ||= "https://ethereum.publicnode.com"; L38: process.env.BASE_RPC_URL ||= "https://base.publicnode.com"; ... L45: L46: const LOCAL_BOTPAY_DIR = path.join(os.homedir(), ".botpay"); L47: const LOCAL_AGENT_WALLETS_FILE = path.join(LOCAL_BOTPAY_DIR, "agent-wallets.json"); ... L49: const LOCAL_AGENT_WALLET_ENV_KEYS = [ L50: { env: "BOTPAY_AGENT_PRIVATE_KEY", label: "Agent Wallet 1" }, L51: { env: "BOTPAY_AGENT_SECOND_PRIVATE_KEY", label: "Agent Wallet 2" },
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

cli.jsView on unpkg · L20
20import "dotenv/config"; L21: import { exec } from "node:child_process"; L22: import readline from "node:readline"; ... L36: function ensureDefaultRpcEnv() { L37: process.env.ETH_RPC_URL ||= "https://ethereum.publicnode.com"; L38: process.env.BASE_RPC_URL ||= "https://base.publicnode.com"; ... L45: L46: const LOCAL_BOTPAY_DIR = path.join(os.homedir(), ".botpay"); L47: const LOCAL_AGENT_WALLETS_FILE = path.join(LOCAL_BOTPAY_DIR, "agent-wallets.json"); ... L49: const LOCAL_AGENT_WALLET_ENV_KEYS = [ L50: { env: "BOTPAY_AGENT_PRIVATE_KEY", label: "Agent Wallet 1" }, L51: { env: "BOTPAY_AGENT_SECOND_PRIVATE_KEY", label: "Agent Wallet 2" },
Critical
Wallet Drain

Source uses private key material to transfer cryptocurrency funds.

cli.jsView on unpkg · L20

Findings

2 Critical2 Medium5 Low
CriticalCredential Exfiltrationcli.js
CriticalWallet Draincli.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings