birdeye-plugin
Warn
Audited by Socket on Jun 16, 2026
1 alert found:
AnomalyAnomalyruntime/src/signer-host.ts
LOWAnomalyLOW
runtime/src/signer-host.ts
This code is consistent with a legitimate constrained Solana transaction signing child process: it loads a private key from disk (with mode checks), enforces a daily spending limit via persisted state updates, signs transaction message bytes received over IPC, and returns signatures to the parent. There are no clear malware/exfiltration/backdoor indicators in the snippet. The main security risks are (1) missing authentication/authorization for IPC requests and (2) lack of explicit bounds on IPC payload sizes/tx counts/base64 lengths, which can enable abuse or denial-of-service; additionally, correctness of spend enforcement depends on the imported helper module.
Confidence: 100%Severity: 60%
Audit Metadata