npm · registry.npmjs.org
@mcp-use/cli
Credential file access: matched ".SSH"
Why PkgRadar flagged 3.2.1-canary.16
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".SSH" · package/dist/index.cjs |
| high | Credential file access | matched ".SSH" · package/dist/index.js |
| medium | Remote Payload | matched "cUrl " · package/dist/index.cjs |
| medium | Obfuscation Density | high encoded/escaped-token density · package/dist/index.cjs |
| medium | Remote Payload | matched "cUrl " · package/dist/index.js |
| medium | Obfuscation Density | high encoded/escaped-token density · package/dist/index.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.5.3-canary.4 | Low risk | 0 | 2026-06-16 |
3.5.3-canary.3 | Low risk | 0 | 2026-06-16 |
3.5.3-canary.2 | Low risk | 0 | 2026-06-16 |
3.5.3-canary.1 | Low risk | 0 | 2026-06-16 |
3.5.3-canary.0 | Low risk | 0 | 2026-06-16 |
3.5.2-canary.14 | Low risk | 0 | 2026-06-16 |
3.5.2 | Low risk | 0 | 2026-06-16 |
3.5.2-canary.12 | Low risk | 0 | 2026-06-16 |
3.5.2-canary.13 | Low risk | 0 | 2026-06-16 |
3.5.2-canary.11 | Low risk | 0 | 2026-06-16 |
3.5.2-canary.9 | Low risk | 0 | 2026-06-16 |
3.5.2-canary.10 | Low risk | 0 | 2026-06-16 |
3.5.2-canary.8 | Low risk | 0 | 2026-06-15 |
3.5.2-canary.7 | Low risk | 0 | 2026-06-15 |
3.5.2-canary.6 | Low risk | 0 | 2026-06-15 |
3.5.2-canary.4 | Low risk | 0 | 2026-06-15 |
3.5.2-canary.5 | Low risk | 0 | 2026-06-15 |
3.5.2-canary.3 | Low risk | 0 | 2026-06-15 |
3.5.2-canary.2 | Low risk | 0 | 2026-06-12 |
3.5.2-canary.1 | Low risk | 0 | 2026-06-11 |
3.5.2-canary.0 | Low risk | 0 | 2026-06-11 |
3.5.1 | Low risk | 0 | 2026-06-11 |
3.5.0 | Low risk | 0 | 2026-06-11 |
3.5.1-canary.0 | Low risk | 0 | 2026-06-11 |
3.5.0-canary.0 | Low risk | 0 | 2026-06-11 |
3.4.2 | Low risk | 0 | 2026-06-10 |
3.4.2-canary.1 | Low risk | 0 | 2026-06-10 |
3.4.2-canary.0 | Low risk | 0 | 2026-06-10 |
3.4.1 | Low risk | 0 | 2026-06-10 |
3.4.1-canary.0 | Low risk | 0 | 2026-06-10 |
3.4.0 | Low risk | 0 | 2026-06-10 |
3.4.0-canary.3 | Low risk | 0 | 2026-06-10 |
3.4.0-canary.2 | Low risk | 0 | 2026-06-10 |
3.4.0-canary.1 | Low risk | 0 | 2026-06-10 |
1.0.18 | Low risk | 0 | 2026-06-10 |
1.0.20 | Low risk | 0 | 2026-06-10 |
1.0.19 | Low risk | 0 | 2026-06-10 |
3.4.0-canary.0 | Low risk | 0 | 2026-06-10 |
3.3.2 | Low risk | 0 | 2026-06-10 |
3.3.2-canary.6 | Low risk | 0 | 2026-06-08 |
3.3.2-canary.5 | Low risk | 0 | 2026-06-08 |
3.3.2-canary.4 | Low risk | 0 | 2026-06-07 |
3.3.2-canary.3 | Low risk | 0 | 2026-06-05 |
3.3.2-canary.1 | Low risk | 0 | 2026-06-05 |
3.3.2-canary.2 | Low risk | 0 | 2026-06-05 |
3.3.2-canary.0 | Low risk | 0 | 2026-06-05 |
3.3.1 | Low risk | 0 | 2026-06-04 |
3.3.1-canary.2 | Low risk | 0 | 2026-06-04 |
3.3.1-canary.1 | Low risk | 0 | 2026-06-04 |
3.3.1-canary.0 | Low risk | 0 | 2026-06-03 |
3.3.0 | Low risk | 0 | 2026-06-03 |
3.3.0-canary.23 | Low risk | 0 | 2026-06-03 |
3.3.0-canary.22 | Low risk | 0 | 2026-06-03 |
3.3.0-canary.21 | Low risk | 0 | 2026-05-27 |
3.3.0-canary.20 | Low risk | 0 | 2026-05-27 |
3.3.0-canary.19 | Low risk | 0 | 2026-05-27 |
3.2.1-canary.18 | Low risk | 0 | 2026-05-26 |
3.2.1-canary.16 | Review | 74 | 2026-05-24 |
3.2.1-canary.17 | Review | 74 | 2026-05-24 |
Related campaigns
- credential_paths:matched ".SSH" — 84 releases, max score 6453
Block this in CI
pkgradar gate --ecosystem npm @mcp-use/[email protected]