PkgRadar

npm · registry.npmjs.org

@a5c-ai/agent-runtime

Credential file access: matched ".Ssh"

Why PkgRadar flagged 5.0.1-staging.04ca6ab00d21

SeveritySignalEvidence
highCredential file accessmatched ".Ssh" · package/dist/execution/modes/ssh.js

Scanned versions

VersionVerdictScoreScanned (UTC)
5.0.1-staging.70c61e4c7b4dLow risk02026-06-02
5.0.1-staging.3edc9d7b8d6fLow risk02026-06-02
5.0.1-staging.daf8e165bc4aLow risk02026-06-02
5.0.1-staging.19033314d476Low risk02026-05-31
5.0.1-staging.e195a4980892Low risk02026-05-31
5.0.1-staging.4b92bc7a3e3bLow risk02026-05-31
5.0.1-staging.a2865ee1a2daLow risk02026-05-31
5.0.1-staging.40aef9d16aaeLow risk02026-05-31
5.0.1-staging.4946105f536eLow risk02026-05-31
5.0.1-staging.458d565d7120Low risk02026-05-31
5.0.1-staging.40a93c240e7bLow risk02026-05-30
5.0.1-staging.cdf798a9f097Low risk02026-05-28
5.0.1-staging.d8bdfcceaf4aLow risk02026-05-27
5.0.1-staging.4422159e935eLow risk02026-05-27
5.0.1-staging.ffad3b46492eLow risk02026-05-26
5.0.1-staging.016f0b0e8119Low risk02026-05-26
5.0.1-staging.5cf62d0e9d44Low risk02026-05-25
5.0.1-staging.af82b26593a7Low risk02026-05-25
5.0.1-staging.85bf9b9b2a27Low risk02026-05-25
5.0.1-staging.07d877d5a3d1Low risk02026-05-25
5.0.1-staging.f888f721bccbLow risk02026-05-25
5.0.1-staging.6ab464ce4307Low risk02026-05-25
5.0.1-staging.04ca6ab00d21Review402026-05-25
5.0.1-staging.7495ef6c9fa0Review402026-05-25

Block this in CI

PkgRadar gates @a5c-ai/agent-runtime (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @a5c-ai/[email protected]
Start free — 25 scans / moView full evidence