npm · registry.npmjs.org
agora-agent-server-sdk
Credential file access: matched ".Azure"
Why PkgRadar flagged 1.4.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched ".Azure" · package/dist/cjs/agentkit/index.js |
| high | DNS / OAST exfiltration | matched "dns.lookup" · package/dist/cjs/core/domain/index.js |
| high | Credential file access | matched ".Azure" · package/dist/cjs/index.js |
| high | Credential file access | matched ".Azure" · package/dist/cjs/agentkit/vendors/llm.js |
| high | Credential file access | matched ".AZURE" · package/dist/cjs/agentkit/vendors/stt.js |
| high | Credential file access | matched ".AZURE" · package/dist/cjs/agentkit/vendors/tts.js |
| high | DNS / OAST exfiltration | matched "dns.lookup" · package/dist/esm/core/domain/index.mjs |
| high | Credential file access | matched ".AZURE" · package/dist/esm/agentkit/vendors/llm.mjs |
| high | Credential file access | matched ".AZURE" · package/dist/esm/agentkit/vendors/stt.mjs |
| high | Credential file access | matched ".AZURE" · package/dist/esm/agentkit/vendors/tts.mjs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.3.1 | Low risk | 0 | 2026-06-17 |
2.2.0 | Low risk | 0 | 2026-06-05 |
2.1.1 | Low risk | 0 | 2026-06-03 |
2.1.0 | Low risk | 0 | 2026-06-03 |
1.3.2 | Low risk | 0 | 2026-05-30 |
1.4.0 | Low risk | 0 | 2026-05-30 |
2.0.0 | Low risk | 0 | 2026-05-28 |
2.0.1 | Low risk | 0 | 2026-05-28 |
1.4.1 | Review | 150 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]