Is bunbox.co legit?

40
/ 100
Use Caution
Industry: SaaS

You should exercise caution when using Bunbox. While the infrastructure is technically secure, the total lack of corporate transparency and legal documentation makes it difficult to hold the developers accountable for a tool that integrates deeply into your software development workflow.

SaaS average: 66/100 · based on 105 sites

Checked: May 21, 2026 at 2:40 PM UTC ·

Is bunbox.co a scam? Here's what we found.

Security 85/100

The site employs industry-standard encryption and presents no signs of malicious threat activity, making it technically secure for browsing and interaction.

Identity 50/100

While the domain has a long archival history, the absence of clear corporate entity information or verifiable team details makes it difficult to ascertain the human operators behind the project.

Reputation 60/100

The presence of a digital footprint dating back to 2019 suggests long-term stability, though the lack of public discourse or community verification limits objective reputation assessment.

Transparency 30/100

The site lacks critical transparency markers such as a dedicated contact page, an 'About' section, or identifiable leadership, which is problematic for a tool intended for software development.

Compliance 25/100

The complete absence of a privacy policy or terms of service is a significant oversight for any software-related entity handling package management and code-level operations.

Infrastructure 55/100

The hosting setup is functional but lacks basic professional standard configuration, such as MX records for email communication and organized site structure files like sitemaps.

Signals Detected

[?]
Tranco Rank: Not ranked

This site is not in the top 1 million most visited websites — this is normal for small or new businesses

[?]
Structured Data: None found

No structured data markup found

[?]
Page Title: Bunbox — Secure Package Manager for AI Agents

Bunbox — Secure Package Manager for AI Agents

[?]
Page Description: Bunbox is a next-generation package manager and Model Context Protocol runtime built for autonomous coding assistants. I...

Bunbox is a next-generation package manager and Model Context Protocol runtime built for autonomous coding assistants. It combines DID-based provenance, capability auditing, and sandboxed installs in one CLI.

[?]
Page Language: en

HTML declares lang="en"

[?]
Page Heading: Secure softwarefor AI agents.

Secure softwarefor AI agents.

[?]
whois: check failed

connect to whois.nic.co: dial tcp: lookup whois.nic.co on 127.0.0.53:53: no such host

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[+]
DNS Resolution: 1 IP(s)

Resolves to: 206.81.14.209

[?]
Email (MX Records): None

No MX records found — domain may not handle email

[?]
Name Servers: 4 server(s)

DNS providers: curitiba.ns.porkbun.com., fortaleza.ns.porkbun.com., maceio.ns.porkbun.com., salvador.ns.porkbun.com.

[+]
SSL Certificate: Valid

Valid certificate, expires in 89 days

[?]
Certificate Issuer: Let's Encrypt

Certificate issued by Let's Encrypt

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[?]
Branding: Basic

Site has a favicon but no social sharing metadata

[?]
Server: nginx/1.24.0 (Ubuntu)

Web server: nginx/1.24.0 (Ubuntu)

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
robots.txt: Not found

No robots.txt file — common for small sites

[?]
Sitemap: Not found

No sitemap found — common for smaller sites

[+]
Website Status: Online

Website is live and responding

[~]
Contact Info: Not found

No obvious contact information found on homepage

[-]
Legal Pages: Missing

No privacy policy or terms of service found

[?]
Business Disclosure: Not found

No dedicated legal-entity disclosure page detected — common and expected outside the EU, but required for commercial sites in Germany, France, Spain, Italy, and other EU jurisdictions.

[?]
About Page: Not found

No About / Team / Company page detected.

[+]
Social Media Presence: 1 platforms

Website links to multiple social media platforms

[?]
Certificate Transparency: 3 certificates

3 certificates found for 3 unique names

[+]
Web Archive History: 6 years

Earliest archive snapshot from 20191211

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[+]
Page Load Time: 369ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for bunbox.co
<a href="https://verified.fyi/review/bunbox.co"><img src="https://verified.fyi/badge/bunbox.co?size=medium&style=full&theme=dark" alt="bunbox.co trust score — verified.fyi" /></a>
[![bunbox.co trust score](https://verified.fyi/badge/bunbox.co?size=medium&style=full&theme=dark)](https://verified.fyi/review/bunbox.co)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating sensitive development tools like Bunbox, the standard for legitimacy shifts away from simple page load speeds toward deep trust in the code and the entity behind it. A project claiming to handle 'secure package management' for autonomous AI agents is requesting a high level of trust; it effectively asks to sit in the middle of your software supply chain. In our professional assessment, established software companies providing this type of infrastructure typically feature transparent documentation, visible leadership, and clear legal terms governing your data usage and liability. Searching for bunbox.co reviews provides little insight, as the community footprint for this project is remarkably quiet. This 'invisible' operation style is a common point of contention. While it is not inherently a sign that bunbox.co is fake, the lack of a privacy policy or a verifiable team is a red flag for any developer planning to integrate this into a production environment. If a tool intends to touch your codebase, you should be able to identify who is maintaining the dependencies it fetches. Before deciding if you should use this tool, ask yourself if the utility provided outweighs the shadow-like nature of the brand. We often see early-stage developer tools launch with minimal infrastructure, but the omission of even basic legal contact points suggests that the project may not yet be mature enough for serious enterprise or sensitive project use. If you choose to explore this, treat it as experimental software and avoid using it on any mission-critical systems until the operators provide clearer disclosures regarding their security practices and data handling policies.