npm · registry.npmjs.org
oh-my-claude-sisyphus
Remote Payload: matched "raw.githubusercontent.com"
Why PkgRadar flagged 4.14.6
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "raw.githubusercontent.com" · package/dist/features/auto-update.js |
| medium | Remote Payload | matched "api.telegram.org/bot" · package/dist/hooks/session-end/callbacks.js |
| medium | Remote Payload | matched "curl " · package/skills/project-session-manager/lib/providers/bitbucket.sh |
| medium | Remote Payload | matched "curl " · package/skills/project-session-manager/lib/providers/gitea.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.14.6 | Review | 51 | 2026-06-09 |
4.14.5 | Review | 73 | 2026-06-04 |
4.14.4 | Review | 72 | 2026-05-26 |
4.14.3 | Review | 72 | 2026-05-26 |
4.14.1 | Review | 146 | 2026-05-25 |
4.14.2 | Review | 146 | 2026-05-25 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]