npm · registry.npmjs.org
@gakr-gakr/autobot
Webhook Exfil Endpoint: matched "ngrok.app"
Why PkgRadar flagged 0.1.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/dist/dist-8LASmT1Y.js |
| high | Webhook Exfil Endpoint | matched "ngrok-free.app" · package/dist/guarded-json-api-vVCgGKts.js |
| high | DNS / OAST exfiltration | matched "dns.lookup" · package/dist/fetch-DxVVai_w.js |
| high | DNS / OAST exfiltration | matched "dns.lookup" · package/dist/provider-CxWE2uui.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/dist/crypto-runtime-B-eP01Rh.js |
| medium | Remote Payload | matched "curl " · package/skills/openai-whisper-api/scripts/transcribe.sh |
| medium | Credential file access | matched ".npmrc" · package/dist/install-package-dir-BdTJ6veU.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-install-env-DLHFd1ZY.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-managed-root-Cb2-5NYd.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.1.0 | High risk | 264 | 2026-05-25 |
Related campaigns
- dns_or_oast_exfil:matched "dns.lookup" — 38 releases, max score 264
- install_lifecycle_script:preinstall="node scripts/preinstall-package-manager-warning.mjs" — 51 releases, max score 446
- install_lifecycle_script:postinstall="node scripts/postinstall-bundled-plugins.mjs" — 46 releases, max score 446
- gakr — 3 releases, max score 422
- install_lifecycle_suppresses_failure:prepare="command -v git >/dev/null 2>&1 && git rev-parse --is-inside-work-tree >/dev/null 2>&1 && git config core.hooksPath git-hooks || exit 0" — 17 releases, max score 2904
Block this in CI
pkgradar gate --ecosystem npm @gakr-gakr/[email protected]