PkgRadar

npm · registry.npmjs.org

roblox-mcp-pro

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 1.0.27

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · package/dist/services/apidump.js

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.27Review122026-06-11
1.0.25Low risk02026-06-11
1.0.26Low risk02026-06-11
1.0.24Low risk02026-06-11
1.0.23Low risk02026-06-11
1.0.22Review122026-06-11
1.0.21Low risk02026-06-10
1.0.20Low risk02026-06-10
1.0.18Low risk02026-06-10
1.0.19Low risk02026-06-10
1.0.17Low risk02026-06-10
1.0.16Low risk02026-06-08
1.0.15Low risk02026-06-08
1.0.14Low risk02026-06-08
1.0.13Low risk02026-06-08
1.0.12Low risk02026-06-08
1.0.11Low risk02026-06-08
1.0.9Low risk02026-06-08
1.0.10Low risk02026-06-08
1.0.8Low risk02026-06-08
1.0.7Low risk02026-06-08
1.0.5Low risk02026-06-08
1.0.6Low risk02026-06-08
1.0.4Low risk02026-06-08
1.0.3Low risk02026-06-08
1.0.2Low risk02026-06-07
1.0.1Low risk02026-06-06
1.0.0Low risk02026-06-06
0.2.6Low risk02026-06-06
0.2.5Low risk02026-06-06
0.2.4Low risk02026-06-06
0.2.3Low risk02026-06-06
0.2.2Low risk02026-06-06
0.2.1Low risk02026-06-06
0.2.0Low risk02026-06-06
0.1.13Low risk02026-06-05
0.1.12Low risk02026-06-05
0.1.11Low risk02026-06-05
0.1.10Low risk02026-06-05
0.1.9Low risk02026-06-05
0.1.8Low risk02026-06-05
0.1.7Low risk02026-06-04
0.1.6Low risk02026-06-04
0.1.5Low risk02026-06-04
0.1.4Low risk02026-06-04
0.1.3Low risk02026-06-04
0.1.2Low risk02026-06-04
0.1.1Low risk02026-06-04

Block this in CI

PkgRadar gates roblox-mcp-pro (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm [email protected]
Start free — 25 scans / moView full evidence