npm · registry.npmjs.org
@qqbrowser/openclaw-qbot
Credential File Packaged: package/node_modules/bottleneck/.env
Why PkgRadar flagged 0.10.18
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential File Packaged | package/node_modules/bottleneck/.env · package/node_modules/bottleneck/.env |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/plugin-sdk/compat.cjs |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/plugin-sdk/index.cjs |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/plugin-sdk/telegram.cjs |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/api-BeG0ObSq.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/api-Dx8x1KTs.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/plugin-sdk/compat.js |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/node_modules/@whiskeysockets/baileys/lib/Utils/generics.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/plugin-sdk/index.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/plugin-sdk/telegram.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.10.18 | High risk | 247 | 2026-06-10 |
0.10.13 | High risk | 247 | 2026-06-10 |
0.11.61 | High risk | 247 | 2026-06-10 |
0.10.17 | High risk | 247 | 2026-06-10 |
0.10.12 | High risk | 247 | 2026-06-10 |
0.10.16 | High risk | 247 | 2026-06-10 |
0.10.15 | High risk | 247 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem npm @qqbrowser/[email protected]