npm · registry.npmjs.org

@curie-agent/core

Credential file access: matched ".ssh"

Why PkgRadar flagged 0.2.4

Severity	Signal	Evidence
high	Credential file access	matched ".ssh" · package/dist/src/safety/command-guard.js
medium	Remote Payload	matched "curl " · package/dist/src/safety/command-guard.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.2.3`	Low risk	0	2026-06-10
`0.3.0`	Low risk	0	2026-06-10
`0.2.4`	Review	42	2026-05-24
`0.2.5`	Review	54	2026-05-24

Related campaigns

Block this in CI

PkgRadar gates @curie-agent/core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @curie-agent/[email protected]