npm · registry.npmjs.org
@agentai2027/openclaw-zh
Webhook Exfil Endpoint: matched "ngrok.app"
Why PkgRadar flagged 2026.6.5-zh
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/dist/dist-C-tiotRe.js |
| high | Webhook Exfil Endpoint | matched "ngrok-free.app" · package/dist/guarded-json-api-DCG_wTUQ.js |
| high | Webhook Exfil Endpoint | matched "api.telegram.org/bot" · package/dist/i18n-BSDj5DiS.js |
| medium | Credential file access | matched ".npmrc" · package/dist/install-package-dir-CujWGwKN.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-install-env-CSqfL5Dl.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-managed-root-dL3ZYqX8.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2026.6.5-zh | High risk | 142 | 2026-06-10 |
2026.4.23-zh | High risk | 98 | 2026-06-10 |
2026.4.24-zh | High risk | 101 | 2026-06-10 |
2026.4.25-zh | High risk | 101 | 2026-06-10 |
2026.4.26-zh | High risk | 105 | 2026-06-10 |
2026.4.27-zh | High risk | 105 | 2026-06-10 |
2026.6.1-zh | High risk | 142 | 2026-06-10 |
2026.4.29-zh | High risk | 107 | 2026-06-10 |
2026.5.2-zh | High risk | 114 | 2026-06-10 |
2026.5.4-zh | High risk | 86 | 2026-06-10 |
2026.5.5-zh | High risk | 86 | 2026-06-10 |
2026.5.6-zh | High risk | 86 | 2026-06-10 |
2026.5.7-zh | High risk | 86 | 2026-06-10 |
2026.5.12-zh | High risk | 114 | 2026-06-10 |
2026.5.18-zh | High risk | 131 | 2026-06-10 |
2026.5.19-zh | High risk | 138 | 2026-06-10 |
2026.5.20-zh | High risk | 138 | 2026-06-10 |
2026.5.22-zh | High risk | 138 | 2026-06-10 |
2026.5.26-zh | High risk | 138 | 2026-06-10 |
2026.5.27-zh | High risk | 138 | 2026-06-10 |
2026.5.28-zh | High risk | 142 | 2026-06-10 |
2026.5.3-zh | Review | 51 | 2026-06-03 |
Block this in CI
pkgradar gate --ecosystem npm @agentai2027/[email protected]