npm · registry.npmjs.org
@kokorolx/ai-sandbox-wrapper
Credential file access: matched ".ssh"
Why PkgRadar flagged 4.0.2
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh" · package/lib/ssh-key-selector.sh |
| medium | Remote Payload | matched "wget " · package/lib/install-base.sh |
| medium | Remote Payload | matched "curl " · package/lib/install-claude.sh |
| medium | Remote Payload | matched "wget " · package/lib/install-codeserver.sh |
| medium | Remote Payload | matched "curl " · package/lib/install-droid.sh |
| medium | Remote Payload | matched "curl " · package/lib/install-kilo.sh |
| medium | Remote Payload | matched "curl " · package/lib/install-opencode.sh |
| medium | Remote Payload | matched "curl " · package/lib/install-shai.sh |
| medium | Remote Payload | matched "wget " · package/lib/install-vscode.sh |
| medium | Remote Payload | matched "curl " · package/lib/playwright-mcp-config.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.0.2 | Review | 116 | 2026-05-25 |
4.0.3 | Review | 116 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm @kokorolx/[email protected]