npm · registry.npmjs.org
machinaos
Remote Payload: matched "Invoke-WebRequest"
Why PkgRadar flagged 0.0.86
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "Invoke-WebRequest" · package/.machina/workflows/AI Employee_example_workflow-1779102911870-cbc76c82.json |
| medium | Obfuscation Density | high encoded/escaped-token density · package/server/package-lock.json |
| medium | Remote Payload | matched "github.com/stripe/stripe-cli/releases/download" · package/server/nodes/stripe/_install.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.0.90 | Low risk | 0 | 2026-06-16 |
0.0.8 | Low risk | 0 | 2026-06-16 |
0.0.7 | Low risk | 0 | 2026-06-16 |
0.0.9 | Low risk | 0 | 2026-06-16 |
0.0.89 | Low risk | 0 | 2026-06-16 |
0.0.88 | Low risk | 0 | 2026-06-08 |
0.0.86 | Review | 41 | 2026-05-27 |
0.0.87 | Review | 41 | 2026-05-27 |
0.0.84 | Review | 41 | 2026-05-27 |
0.0.85 | Review | 41 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]