npm · registry.npmjs.org
@agenit/cli
Credential file access: matched "aws_access_key"
Why PkgRadar flagged 3.2.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "aws_access_key" · package/.flow/tools/pii_scan.py |
| high | Credential file access | matched "GITHUB_TOKEN" · package/.flow/tools/skill_audit.py |
| high | Credential file access | matched "aws_access_key" · package/.flow/tools/tests/test_pii_scan.py |
| high | Credential file access | matched "aws_access_key" · package/config/flow.toml |
| medium | Remote Payload | matched "curl " · package/.flow/tools/arduino_tool.py |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/.flow/tools/marketplace.py |
| medium | Remote Payload | matched "curl " · package/.flow/tools/skill_audit.py |
| medium | Remote Payload | matched "curl " · package/.flow/hooks/tests/test_before_squad_dispatch.py |
| medium | Remote Payload | matched "curl " · package/.flow/tools/tests/test_skill_audit.py |
| medium | Remote Payload | matched "curl " · package/.flow/hooks/tests/test_slopsquatting.py |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/config/flow.toml |
| medium | Large Javascript Payload | 18615395 bytes · package/cli.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.2.3 | Review | 126 | 2026-05-25 |
4.0.1-beta.1 | Review | 40 | 2026-05-25 |
Related campaigns
- mohamedeldabaa — 2 releases, max score 173
Block this in CI
pkgradar gate --ecosystem npm @agenit/[email protected]