PkgRadar

npm · registry.npmjs.org

cclaw-cli

Remote Payload: matched "curl "

Why PkgRadar flagged 8.112.0

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · package/dist/content/artifact-templates.js
mediumRemote Payloadmatched "curl " · package/dist/content/devex-quality-rubric.js

Scanned versions

VersionVerdictScoreScanned (UTC)
8.122.0Low risk02026-05-31
8.121.0Low risk02026-05-31
8.120.0Low risk02026-05-31
8.119.0Low risk02026-05-31
8.112.0Review242026-05-24
8.113.0Review242026-05-24

Block this in CI

PkgRadar gates cclaw-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence