PkgRadar

PyPI · pypi.org

tunnel-manager

Credential file access: matched ".ssh/"

Why PkgRadar flagged 1.30.0

SeveritySignalEvidence
mediumCredential file accessmatched ".ssh/" · tunnel_manager-1.30.0/tunnel_manager/mcp/mcp_inventory.py
mediumCredential file accessmatched ".ssh/" · tunnel_manager-1.30.0/tunnel_manager/mcp/mcp_remote.py
mediumCredential file accessmatched ".ssh/" · tunnel_manager-1.30.0/tunnel_manager/mcp_server.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.30.0Review242026-06-13
1.29.0Review242026-06-10
1.28.0Review242026-06-06
1.26.0Review242026-06-04
1.24.0Review242026-06-01
1.23.2Review242026-05-31
1.23.0Review242026-05-31
1.21.0Review242026-05-29
1.19.0Review242026-05-29

Block this in CI

PkgRadar gates tunnel-manager (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi tunnel-manager==1.30.0
Start free — 25 scans / moView full evidence