npm · registry.npmjs.org
@agenticmail/enterprise
Webhook Exfil Endpoint: matched "api.telegram.org/bot"
Why PkgRadar flagged 0.5.615
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "api.telegram.org/bot" · package/dist/chunk-VWIDJRD4.js |
| high | New Lifecycle Script Vs Previous | postinstall added in 0.5.615 vs 0.5.614: "node scripts/ensure-pm2-startup.cjs --quiet || true" · package.json |
| high | Install Lifecycle Suppresses Failure | postinstall="node scripts/ensure-pm2-startup.cjs --quiet || true" · package.json |
| medium | Remote Payload | matched "curl " · package/bin/agenticmail-enterprise.cjs |
| medium | Remote Payload | matched "curl " · package/dist/agent-tools-5LLIXV6A.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/chunk-GC77MDKW.js |
| medium | Remote Payload | matched "curl " · package/dist/chunk-IXAWHXMY.js |
| medium | Remote Payload | matched "curl " · package/dist/chunk-MVD2DMAY.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/chunk-T26AVIAQ.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/chunk-VWIDJRD4.js |
| medium | Remote Payload | matched "wget " · package/dist/cli-agent-DOLO7OCU.js |
| medium | Remote Payload | matched "curl " · package/dist/cli-recover-OXRLXXCB.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.5.615 | High risk | 246 | 2026-06-10 |
0.5.614 | High risk | 126 | 2026-06-10 |
0.5.613 | High risk | 126 | 2026-06-10 |
0.5.612 | High risk | 126 | 2026-06-10 |
0.5.611 | High risk | 126 | 2026-06-10 |
Campaign attribution
Related campaigns
- ope-olatunji — 7 releases, max score 246
Block this in CI
pkgradar gate --ecosystem npm @agenticmail/[email protected]