npm · registry.npmjs.org
openclaw
Webhook Exfil Endpoint: matched "ngrok.app"
Why PkgRadar flagged 2026.6.8-beta.2
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "ngrok.app" · package/dist/dist-C66-RP37.js |
| high | Webhook Exfil Endpoint | matched "ngrok-free.app" · package/dist/guarded-json-api-BjMF75Lf.js |
| high | Webhook Exfil Endpoint | matched "api.telegram.org/bot" · package/dist/i18n-C0k1rM_n.js |
| medium | Credential file access | matched ".npmrc" · package/dist/install-package-dir-S4rLRTkN.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-install-env-CSqfL5Dl.js |
| medium | Credential file access | matched ".npmrc" · package/dist/npm-managed-root-DLQZyFtc.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2026.6.8-beta.2 | High risk | 62 | 2026-06-16 |
2026.6.8-beta.1 | High risk | 62 | 2026-06-14 |
2026.6.7-beta.1 | High risk | 62 | 2026-06-13 |
2026.6.6 | High risk | 62 | 2026-06-12 |
2026.6.6-beta.2 | High risk | 62 | 2026-06-12 |
2026.6.5 | Review | 60 | 2026-06-09 |
2026.6.5-beta.6 | Review | 60 | 2026-06-09 |
2026.6.5-beta.5 | Review | 60 | 2026-06-08 |
2026.6.5-beta.3 | Review | 60 | 2026-06-08 |
2026.6.5-beta.2 | Review | 60 | 2026-06-07 |
2026.6.5-beta.1 | Review | 60 | 2026-06-06 |
2026.6.2-beta.1 | Review | 60 | 2026-06-04 |
2026.6.1 | Review | 60 | 2026-06-03 |
2026.6.1-beta.3 | Review | 60 | 2026-06-03 |
2026.6.1-beta.2 | Review | 60 | 2026-06-02 |
2026.6.1-beta.1 | Review | 60 | 2026-06-01 |
2026.5.31-beta.4 | Review | 60 | 2026-06-01 |
2026.5.31-beta.3 | Review | 60 | 2026-05-31 |
2026.5.31-beta.2 | Review | 60 | 2026-05-31 |
2026.5.31-beta.1 | Review | 60 | 2026-05-31 |
2026.5.30-beta.1 | Review | 75 | 2026-05-31 |
2026.5.28 | Review | 75 | 2026-05-30 |
2026.5.28-beta.4 | Review | 75 | 2026-05-29 |
2026.5.28-beta.3 | Review | 75 | 2026-05-29 |
2026.5.28-beta.1 | Review | 91 | 2026-05-29 |
2026.5.27 | Review | 107 | 2026-05-28 |
2026.5.27-beta.1 | Review | 107 | 2026-05-28 |
2026.5.26 | Review | 90 | 2026-05-27 |
2026.5.26-beta.2 | Review | 90 | 2026-05-27 |
2026.5.26-beta.1 | Review | 90 | 2026-05-27 |
2026.5.25-beta.1 | Review | 90 | 2026-05-26 |
2026.5.24-beta.2 | Review | 260 | 2026-05-25 |
2026.5.24-beta.1 | Review | 260 | 2026-05-24 |
2026.5.22-beta.1 | Review | 280 | 2026-05-24 |
2026.5.22 | Review | 280 | 2026-05-24 |
Block this in CI
pkgradar gate --ecosystem npm [email protected]