npm · registry.npmjs.org
@optima-chat/dev-skills
Credential file access: matched ".ssh/"
Why PkgRadar flagged 0.7.41
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".ssh/" · package/bin/helpers/db-utils.ts |
| medium | Remote Payload | matched "curl " · package/bin/helpers/billing-http.ts |
| medium | Remote Payload | matched "curl " · package/bin/helpers/db-utils.ts |
| medium | Remote Payload | matched "curl " · package/bin/helpers/infisical-secrets.ts |
| medium | Remote Payload | matched "curl " · package/bin/helpers/show-env.ts |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.7.41 | High risk | 61 | 2026-06-12 |
0.7.40 | High risk | 61 | 2026-06-12 |
0.7.37 | High risk | 73 | 2026-06-10 |
0.7.38 | High risk | 63 | 2026-06-10 |
0.7.36 | High risk | 73 | 2026-06-10 |
0.7.33 | High risk | 63 | 2026-06-10 |
0.7.35 | High risk | 73 | 2026-06-10 |
Related campaigns
- credential_paths:matched ".ssh/" — 805 releases, max score 310
Block this in CI
pkgradar gate --ecosystem npm @optima-chat/[email protected]