npm · registry.npmjs.org

@synapsion/openclaw

Webhook Exfil Endpoint: matched "ngrok.app"

Why PkgRadar flagged 2026.5.4-beta.6

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "ngrok.app" · package/dist/dist-oMnEB_PK.js
medium	Credential file access	matched ".npmrc" · package/dist/install-package-dir-BeiZJb0W.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2026.5.4-beta.6`	High risk	123	2026-06-04
`2026.5.4-beta.7`	High risk	123	2026-06-04

Block this in CI

PkgRadar gates @synapsion/openclaw (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @synapsion/[email protected]