npm · registry.npmjs.org
cue-ai
Webhook Exfil Endpoint: matched "requestbin.com"
Why PkgRadar flagged 0.9.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "requestbin.com" · package/resources/skills/skills/gstack/browse/src/content-security.ts |
| high | DNS / OAST exfiltration | matched "burpcollaborator.net" · package/resources/skills/skills/gstack/browse/src/content-security.ts |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-media/create-music.sh |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-edit/enhance-image.sh |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-media/generate-image.sh |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-media/generate-video.sh |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-media/image-to-video.sh |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-edit/lipsync.sh |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-media/upload.sh |
| medium | Remote Payload | matched "curl " · package/resources/skills/skills/media/core-edit/video-effects.sh |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/src/commands/import-profile.ts |
| medium | New Account With Lifecycle Hook | package first published 20 day(s) ago, 10 total version(s), has lifecycle hook · package.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.9.3 | High risk | 182 | 2026-06-12 |
0.9.2 | High risk | 127 | 2026-06-10 |
0.9.1 | High risk | 127 | 2026-06-10 |
0.9.0 | High risk | 114 | 2026-06-10 |
0.7.0 | Review | 174 | 2026-05-24 |
0.5.0 | Review | 174 | 2026-05-24 |
0.6.0 | Review | 174 | 2026-05-24 |
Related campaigns
- imdeadpool — 6 releases, max score 182
Block this in CI
pkgradar gate --ecosystem npm [email protected]