npm · registry.npmjs.org
@mc-and-his-agents/loom
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 0.13.7
| Severity | Signal | Evidence |
|---|---|---|
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-adopt/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-build/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-handoff/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-init/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-pre-review/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-resume/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-retire/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-review/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-spec-review/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/loom-story/.loom-runtime/shared/scripts/loom_flow.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · package/skills/shared/scripts/loom_flow.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.13.10 | Low risk | 0 | 2026-06-03 |
0.13.9 | Low risk | 0 | 2026-06-02 |
0.13.8 | Low risk | 0 | 2026-06-02 |
0.13.7 | Review | 55 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem npm @mc-and-his-agents/[email protected]