Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,307Niche · −30% score
- Versions published
- 22
- First published
- Jun 2026
- Publisher
- agentai2027
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@agentai2027/[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@agentai2027/[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Webhook Exfil Endpoint: matched "ngrok.app"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk high · score 107 · status changed
Evidence
Static findings
18 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/dist-Cs6rXAkk.js | matched "ngrok.app" | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-CVES0wd5.js | matched "ngrok-free.app" | 40 |
| medium | Credential file access | package/dist/install-package-dir-DaVGzPFF.js | matched ".npmrc" | 10 |
Show all 18 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/dist-Cs6rXAkk.js | matched "ngrok.app" | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-CVES0wd5.js | matched "ngrok-free.app" | 40 |
| medium | Credential file access | package/dist/install-package-dir-DaVGzPFF.js | matched ".npmrc" | 10 |
| low | Messenger Bot Endpoint | package/dist/extensions/telegram/channel.setup-npxZ9anN.js | matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler) | 5 |
| low | Credential file access | package/dist/extensions/amazon-bedrock/embedding-provider.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/host-env-security-DZcto3_u.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Credential file access | package/dist/extensions/amazon-bedrock/memory-embedding-adapter.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/model-auth-j3VPN_VQ.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/model-auth-markers-CkvLxe22.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/model-auth-runtime-shared-DaczCMDH.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/extensions/google/provider-contract-api.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Credential file access | package/dist/extensions/anthropic-vertex/region.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Credential file access | package/dist/extensions/google/vertex-adc.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Install-time lifecycle script | package.json | preinstall="node scripts/preinstall-package-manager-warning.mjs" | 5 |
| low | Install-time lifecycle script | package.json | postinstall="node scripts/postinstall-bundled-plugins.mjs" | 5 |
| low | Credential file access | package/dist/extensions/google/openclaw.plugin.json | matched "GOOGLE_APPLICATION_CREDENTIALS" | 3 |
| low | Large Javascript Payload | package/dist/extensions/diagnostics-otel/index.js | 2321380 bytes | 0 |
| low | Large Javascript Payload | package/dist/extensions/diffs/assets/viewer-runtime.js | 9820374 bytes | 0 |
Manifest
Package metadata
Scripts361
android:assemblecd apps/android && ./gradlew :app:assemblePlayDebugandroid:assemble:third-partycd apps/android && ./gradlew :app:assembleThirdPartyDebugandroid:bundle:releasebun apps/android/scripts/build-release-aab.tsandroid:formatcd apps/android && ./gradlew :app:ktlintFormat :benchmark:ktlintFormatandroid:installcd apps/android && ./gradlew :app:installPlayDebugandroid:install:third-partycd apps/android && ./gradlew :app:installThirdPartyDebugandroid:lintcd apps/android && ./gradlew :app:ktlintCheck :benchmark:ktlintCheckandroid:lint:androidcd apps/android && ./gradlew :app:lintDebugandroid:runcd apps/android && ./gradlew :app:installPlayDebug && adb shell am start -n ai.openclaw.app/.MainActivityandroid:run:third-partycd apps/android && ./gradlew :app:installThirdPartyDebug && adb shell am start -n ai.openclaw.app/.MainActivityandroid:testcd apps/android && ./gradlew :app:testPlayDebugUnitTestandroid:test:integrationOPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_ANDROID_NODE=1 node scripts/run-vitest.mjs run --config test/vitest/vitest.live.config.ts src/gateway/android-node.capabilities.live.test.tsandroid:test:third-partycd apps/android && ./gradlew :app:testThirdPartyDebugUnitTestaudit:seamsnode scripts/audit-seams.mjsbuildnode scripts/build-all.mjsbuild:ci-artifactsnode scripts/build-all.mjs ciArtifactsbuild:dockernode scripts/tsdown-build.mjs && node scripts/check-cli-bootstrap-imports.mjs && node scripts/runtime-postbuild.mjs && node scripts/build-stamp.mjs && node scripts/runtime-postbuild-stamp.mjs && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/copy-export-html-templates.ts && node --import tsx scripts/write-build-info.ts && node --experimental-strip-types scripts/write-cli-startup-metadata.ts && node --import tsx scripts/write-cli-compat.tsbuild:plugin-sdk:dtsnode scripts/run-tsgo.mjs -p tsconfig.plugin-sdk.dts.json --declaration truebuild:plugin-sdk:strict-smokepnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.tsbuild:strict-smokepnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/check-cli-bootstrap-imports.mjs && node scripts/runtime-postbuild.mjs && node scripts/build-stamp.mjs && node scripts/runtime-postbuild-stamp.mjs && pnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts && node scripts/check-plugin-sdk-exports.mjscanon:checknode scripts/canon.mjs checkcanon:check:jsonnode scripts/canon.mjs check --jsoncanon:enforcenode scripts/canon.mjs enforce --jsoncanvas:a2ui:bundlenode scripts/bundle-a2ui.mjschanged:lanesnode scripts/changed-lanes.mjschecknode scripts/check.mjscheck:architecturepnpm check:import-cycles && pnpm check:madge-import-cycles && pnpm check:deprecated-internal-config-api && pnpm check:deprecated-jsdoccheck:base-config-schemanode --import tsx scripts/generate-base-config-schema.ts --checkcheck:bundled-channel-config-metadatanode --import tsx scripts/generate-bundled-channel-config-metadata.ts --checkcheck:changednode scripts/check-changed.mjs- …and 331 more.
Dependencies35
@agentclientprotocol/sdk0.21.0@clack/prompts^1.2.0@lydell/node-pty1.2.0-beta.12@mariozechner/pi-agent-core0.70.6@mariozechner/pi-ai0.70.6@mariozechner/pi-coding-agent0.70.6@mariozechner/pi-tui0.70.6@modelcontextprotocol/sdk1.29.0ajv^8.20.0chalk^5.6.2chokidar^5.0.0commander^14.0.3croner^10.0.1dotenv^17.4.2file-type22.0.1global-agent^4.1.3https-proxy-agent^9.0.0ipaddr.js^2.3.0jiti^2.6.1json5^2.2.3jszip^3.10.1markdown-it14.1.1openai^6.34.0proxy-agent^8.0.1qrcode1.5.4semver7.7.4sqlite-vec0.1.9tar7.5.13tslog^4.10.2typebox1.1.34- …and 5 more.