GateAgent GuardProtocolStandardsMCPGovGuardSovereigntyFinGuardQuorumDemoTry itVerifyPricingDocsRequest Pilot
EMILIA FIRE DRILL · REPORT
Fix PR open

ai.bolthub/registry (bolthub-sdk)

money movementrepository ↗

Dangerous action found

executeToolCall (per-tool L402 auto-pay)every dynamically-registered marketplace tool can auto-pay a real Lightning (L402) invoice from the agent's wallet.

// packages/mcp-bridge/src/tool-handler.ts  ·  executeToolCall() → l402Client.request() → wallet.payInvoice()
return await this.wallet.payInvoice(invoice);

Currently: runs unguarded — the only precondition on a real-sats payment is a numeric budgetSats cap. No named human authorizes the spend before it settles.

Proposed fix — Receipt Required

Wrap the per-tool handler at packages/mcp-bridge/src/server.ts:70 (`async (args) => executeToolCall(tool, args, l402Client)`) with @emilia-protocol/require-receipt, so a verifiable human-authorization receipt for the exact tool + amount is required before the L402 invoice is paid.

Result after patch (RR-1):

1Missing receiptblocked — 428 Receipt Required
2Valid receiptpays once, receipt consumed
3Replayed receiptrefused — one-time consumption
4Forged receiptrefused — signature / action-binding fails
View the fix PR ↗What is RR-1?Receipt Required: RR-1

Scope: this is a static reference-implementation assessment of a missing human-authorization receipt on one irreversible action, derived from the repository’s public source. It is not a vulnerability report, not a claim the action is exploitable, and not auth or permissions. Maintainer active (last push 2026-06-26); this report is intended to go live alongside a fix PR.

Fire Drill: ai.bolthub/registry (bolthub-sdk) — executeToolCall (per-tool L402 auto-pay) | EMILIA | EMILIA Protocol