npm · registry.npmjs.org
oh-my-ashclaw
New Account With Lifecycle Hook: package first published 0 day(s) ago, 1 total version(s), has lifecycle hook
Why PkgRadar flagged 4.11.2
| Severity | Signal | Evidence |
|---|---|---|
| high | New Account With Lifecycle Hook | package first published 0 day(s) ago, 1 total version(s), has lifecycle hook · package.json |
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/features/auto-update.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/hooks/session-end/callbacks.js |
| medium | Remote Payload | matched "curl " · package/skills/project-session-manager/lib/providers/bitbucket.sh |
| medium | Remote Payload | matched "curl " · package/skills/project-session-manager/lib/providers/gitea.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.11.2 | High risk | 73 | 2026-06-13 |
Related campaigns
- gagesgr — 10 releases, max score 73
Block this in CI
pkgradar gate --ecosystem npm [email protected]