registry  /  vuln-monkey  /  0.3.0

vuln-monkey@0.3.0

AI-powered API security fuzzer that uses LLMs to discover logic flaws in your endpoints

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `vuln-monkey` with a curl command or `--spec`; requests fire unless `--dry-run` is selected.
Impact
Can generate and send test requests to user-supplied targets; this is a dual-use security-testing capability rather than a confirmed malicious chain.
Mechanism
User-directed API fuzzing, optional LLM analysis, and report generation.
Rationale
The package is not concretely malicious, but its intentional API-fuzzing and optional local-agent invocation are dangerous dual-use capabilities. Flag as warn rather than block because activation is explicit and source includes meaningful target, environment, and reporting safeguards.
Evidence
package.jsondist/cli.jsdist/executor/runner.jsdist/executor/public-target.jsdist/analyzer/cli-provider.jsdist/analyzer/openai-compat.jsdist/security/redaction.jsdist/executor/public-http.jsdist/parser/openapi.jsdist/analyzer/claude.jsdist/analyzer/gemini.jsdist/analyzer/provider.jsdist/analyzer/prompts.jsdist/cli-options.jsdist/reporter/json.jsdist/reporter/markdown.js
Network endpoints3
api.openai.com/v1localhost:11434/v1localhost:1234/v1

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.js` explicitly accepts a curl target or OpenAPI URL and executes generated payloads.
  • `dist/executor/runner.js` sends HTTP requests with supplied endpoint headers/body.
  • `dist/analyzer/cli-provider.js` invokes installed Claude, Gemini, or Codex CLIs via `execFile`.
  • `dist/analyzer/openai-compat.js` uses configured OpenAI-compatible API access.
Evidence against
  • `package.json` has no install, postinstall, or preinstall lifecycle hook.
  • `dist/cli.js` requires an explicit user CLI invocation and target input.
  • `dist/executor/public-target.js` rejects private/non-global targets unless `--allow-private` is supplied.
  • `dist/analyzer/cli-provider.js` uses temporary directories, filtered environment variables, and cleanup; Codex is read-only/ephemeral with tools disabled.
  • `dist/reporter/json.js` and `dist/security/redaction.js` redact report values before writing.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 27 file(s), 99.3 KB of source, external domains: api.example.com, api.openai.com

Source & flagged code

4 flagged · loading source
dist/cli.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/cli.js` explicitly accepts a curl target or OpenAPI URL and executes generated payloads.

dist/cli.jsView on unpkg
dist/executor/runner.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/executor/runner.js` sends HTTP requests with supplied endpoint headers/body.

dist/executor/runner.jsView on unpkg
dist/analyzer/cli-provider.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/analyzer/cli-provider.js` invokes installed Claude, Gemini, or Codex CLIs via `execFile`.

dist/analyzer/cli-provider.jsView on unpkg
dist/analyzer/openai-compat.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/analyzer/openai-compat.js` uses configured OpenAI-compatible API access.

dist/analyzer/openai-compat.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/cli.js
MediumAi Review Evidencedist/executor/runner.js
MediumAi Review Evidencedist/analyzer/cli-provider.js
MediumAi Review Evidencedist/analyzer/openai-compat.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings