npm · registry.npmjs.org
@lobu/worker
Credential file access: matched ".ssh"
Why PkgRadar flagged 9.1.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh" · package/dist/embedded/exec-sandbox.js |
| high | Credential file access | matched ".ssh" · package/src/__tests__/exec-sandbox.test.ts |
| high | Credential file access | matched ".ssh" · package/src/embedded/exec-sandbox.ts |
| medium | Remote Payload | matched "curl " · package/dist/openclaw/tools.js |
| medium | Remote Payload | matched "curl " · package/src/__tests__/embedded-tools.test.ts |
| medium | Remote Payload | matched "curl " · package/src/__tests__/sandbox-leak-harden.test.ts |
| medium | Remote Payload | matched "curl " · package/src/__tests__/tool-policy.test.ts |
| medium | Remote Payload | matched "curl " · package/src/openclaw/tools.ts |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
11.3.0 | Low risk | 0 | 2026-06-12 |
11.1.0 | Low risk | 0 | 2026-06-12 |
11.2.0 | Low risk | 0 | 2026-06-12 |
11.0.0 | Low risk | 0 | 2026-05-30 |
10.1.0 | Low risk | 0 | 2026-05-28 |
10.2.0 | Low risk | 0 | 2026-05-28 |
10.0.0 | Low risk | 0 | 2026-05-26 |
9.4.1 | Low risk | 0 | 2026-05-25 |
9.4.0 | Low risk | 0 | 2026-05-25 |
9.1.1 | Review | 74 | 2026-05-24 |
9.3.0 | Review | 74 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm @lobu/[email protected]