npm · registry.npmjs.org
@bitseek/claw
Webhook Exfil Endpoint: matched "ngrok.app"
Why PkgRadar flagged 1.4.3-beta.5
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/extensions/voice-call/src/providers/twilio.test.ts |
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/extensions/voice-call/src/providers/twilio/twiml-policy.test.ts |
| high | Webhook Exfil Endpoint | matched "ngrok-free.app" · package/extensions/voice-call/src/webhook-security.test.ts |
| high | Webhook Exfil Endpoint | matched "ngrok-free.app" · package/extensions/voice-call/src/webhook-security.ts |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/api-CRdLvaOQ.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/api-CzfBiQzt.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/plugin-sdk/index.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.4.3-beta.5 | High risk | 186 | 2026-06-10 |
1.4.3-beta.6 | High risk | 186 | 2026-06-10 |
1.4.3-beta.4 | High risk | 186 | 2026-06-10 |
1.4.3-beta.3 | High risk | 186 | 2026-06-10 |
1.4.3-beta.1 | High risk | 186 | 2026-06-10 |
1.4.3-beta.2 | High risk | 186 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem npm @bitseek/[email protected]