Go modules · proxy.golang.org

github.com/smartcontractkit/chainlink-evm

Shell Credential File Read, Obfuscation Density

Why PkgRadar flagged v0.0.0-20260623170329-4577ef4ba0ae

Severity	Signal	Evidence
high	Shell Credential File Read	github.com/smartcontractkit/[email protected]/pkg/keys/v2/core_keystore.go
high	Shell Credential File Read	github.com/smartcontractkit/[email protected]/pkg/relay/evm.go
high	Shell Credential File Read	github.com/smartcontractkit/[email protected]/pkg/txm/clientwrappers/dualbroadcast/meta_client.go
high	Shell Credential File Read	github.com/smartcontractkit/[email protected]/pkg/txm/dummy_keystore.go
high	Shell Credential File Read	github.com/smartcontractkit/[email protected]/pkg/txm/txm.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260623170329-4577ef4ba0ae`	High risk	100	2026-06-24
`v0.3.4-0.20260618132327-105433c1ac66`	Low risk	0	2026-06-19
`v0.0.0-20260618132327-105433c1ac66`	Low risk	0	2026-06-19
`v0.3.4-0.20260611122911-7bfcb004633f`	Low risk	0	2026-06-13
`v0.0.0-20260611122911-7bfcb004633f`	Low risk	0	2026-06-12
`v0.3.4-0.20260609161557-8ceae53b8ab1`	Low risk	0	2026-06-10
`v0.3.4-0.20260527153347-4f96c2f51c93`	Low risk	0	2026-05-30

Block this in CI

PkgRadar gates github.com/smartcontractkit/chainlink-evm (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/smartcontractkit/[email protected]