PkgRadar

Package evidence

@agentai2027/[email protected]

Webhook Exfil Endpoint: matched "ngrok.app"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads
1,307Niche · −30% score
Versions published
22
First published
Jun 2026
Publisher
agentai2027

Effective trust discount applied: 30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@agentai2027/[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@agentai2027/[email protected]"],"fail_on":"high"}'
Publisheragentai2027
Artifact bytes24,388,257
Previous version2026.5.4-zh
Published2026-06-03T01:50:22.130Z
SHA-256f4f3d57e54d7735a5cc5add5f068a274d76229eed21c5d5a6c0f09ff54508d4e

Why flagged

What the scanner saw

Webhook Exfil Endpoint: matched "ngrok.app"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high
Last checked
highRisk
86Score
2026.5.5-zhVersion
Status history (2 events)
  1. availableavailable · risk high · score 86 · status available -> available, risk high -> high, score 123 -> 86
  2. newavailable · risk high · score 123 · status changed

Evidence

Static findings

19 static · 0 from release diff · showing high-signal first.

SeverityKindPathDetailPoints
highWebhook Exfil Endpointpackage/dist/dist-eYnl7MWl.jsmatched "ngrok.app"40
mediumCredential file accesspackage/dist/install-package-dir-6g9uOG7V.jsmatched ".npmrc"10
Show all 19 findings (low-signal and informational)
SeverityKindPathDetailPoints
highWebhook Exfil Endpointpackage/dist/dist-eYnl7MWl.jsmatched "ngrok.app"40
mediumCredential file accesspackage/dist/install-package-dir-6g9uOG7V.jsmatched ".npmrc"10
lowMessenger Bot Endpointpackage/dist/channel.setup-DBzLKIW9.jsmatched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler)5
lowCredential file accesspackage/dist/embedding-provider-QSlNaLMp.jsmatched "AWS_ACCESS_KEY"5
lowCredential file accesspackage/dist/host-env-security-CXDv4ev5.jsmatched "GOOGLE_APPLICATION_CREDENTIALS"5
lowCredential file accesspackage/dist/memory-embedding-adapter-DZh7_ESD.jsmatched "AWS_ACCESS_KEY"5
lowCredential file accesspackage/dist/model-auth-CwSqRKhg.jsmatched "AWS_ACCESS_KEY"5
lowCredential file accesspackage/dist/model-auth-markers-B6LJwvUd.jsmatched "AWS_ACCESS_KEY"5
lowCredential file accesspackage/dist/model-auth-runtime-shared-j3AW6b7t.jsmatched "AWS_ACCESS_KEY"5
lowCredential file accesspackage/dist/provider-contract-api-CRP_t3NU.jsmatched "GOOGLE_APPLICATION_CREDENTIALS"5
lowCredential file accesspackage/dist/region-CPn-GAXP.jsmatched "GOOGLE_APPLICATION_CREDENTIALS"5
lowCredential file accesspackage/dist/src-vKqjVOAu.jsmatched "AWS_ACCESS_KEY"5
lowCredential file accesspackage/dist/ssh-config-mK_p5cTG.jsmatched ".ssh/"5
lowCredential file accesspackage/dist/vertex-adc-DWYFI2AJ.jsmatched "GOOGLE_APPLICATION_CREDENTIALS"5
lowInstall-time lifecycle scriptpackage.jsonpreinstall="node scripts/preinstall-package-manager-warning.mjs"5
lowInstall-time lifecycle scriptpackage.jsonpostinstall="node scripts/postinstall-bundled-plugins.mjs"5
lowCredential file accesspackage/dist/extensions/google/openclaw.plugin.jsonmatched "GOOGLE_APPLICATION_CREDENTIALS"3
lowObfuscation Densitypackage/dist/crypto-runtime-DMpL1pfe.jshigh encoded/escaped-token density0
lowLarge Javascript Payloadpackage/dist/opus-ml-Djxg7ZTP.js4101363 bytes0

Manifest

Package metadata

Scripts385
  • android:assemblecd apps/android && ./gradlew :app:assemblePlayDebug
  • android:assemble:third-partycd apps/android && ./gradlew :app:assembleThirdPartyDebug
  • android:bundle:releasebun apps/android/scripts/build-release-aab.ts
  • android:formatcd apps/android && ./gradlew :app:ktlintFormat :benchmark:ktlintFormat
  • android:installcd apps/android && ./gradlew :app:installPlayDebug
  • android:install:third-partycd apps/android && ./gradlew :app:installThirdPartyDebug
  • android:lintcd apps/android && ./gradlew :app:ktlintCheck :benchmark:ktlintCheck
  • android:lint:androidcd apps/android && ./gradlew :app:lintDebug
  • android:runcd apps/android && ./gradlew :app:installPlayDebug && adb shell am start -n ai.openclaw.app/.MainActivity
  • android:run:third-partycd apps/android && ./gradlew :app:installThirdPartyDebug && adb shell am start -n ai.openclaw.app/.MainActivity
  • android:testcd apps/android && ./gradlew :app:testPlayDebugUnitTest
  • android:test:integrationOPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_ANDROID_NODE=1 node scripts/run-vitest.mjs run --config test/vitest/vitest.live.config.ts src/gateway/android-node.capabilities.live.test.ts
  • android:test:third-partycd apps/android && ./gradlew :app:testThirdPartyDebugUnitTest
  • audit:seamsnode scripts/audit-seams.mjs
  • buildnode scripts/build-all.mjs
  • build:ci-artifactsnode scripts/build-all.mjs ciArtifacts
  • build:dockernode scripts/tsdown-build.mjs && node scripts/check-cli-bootstrap-imports.mjs && node scripts/runtime-postbuild.mjs && node scripts/build-stamp.mjs && node scripts/runtime-postbuild-stamp.mjs && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/copy-export-html-templates.ts && node --import tsx scripts/write-build-info.ts && node --experimental-strip-types scripts/write-cli-startup-metadata.ts && node --import tsx scripts/write-cli-compat.ts
  • build:plugin-sdk:dtsnode scripts/run-tsgo.mjs -p tsconfig.plugin-sdk.dts.json --declaration true
  • build:plugin-sdk:strict-smokepnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts
  • build:strict-smokepnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/check-cli-bootstrap-imports.mjs && node scripts/runtime-postbuild.mjs && node scripts/build-stamp.mjs && node scripts/runtime-postbuild-stamp.mjs && pnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts && node scripts/check-plugin-sdk-exports.mjs
  • canon:checknode scripts/canon.mjs check
  • canon:check:jsonnode scripts/canon.mjs check --json
  • canon:enforcenode scripts/canon.mjs enforce --json
  • canvas:a2ui:bundlenode scripts/bundle-a2ui.mjs
  • changed:lanesnode scripts/changed-lanes.mjs
  • checknode scripts/check.mjs
  • check:architecturepnpm check:import-cycles && pnpm check:madge-import-cycles && pnpm check:deprecated-internal-config-api && pnpm check:deprecated-jsdoc
  • check:base-config-schemanode --import tsx scripts/generate-base-config-schema.ts --check
  • check:bundled-channel-config-metadatanode --import tsx scripts/generate-bundled-channel-config-metadata.ts --check
  • check:changednode scripts/check-changed.mjs
  • …and 355 more.
Dependencies58
  • @agentclientprotocol/sdk0.21.0
  • @anthropic-ai/sdk0.93.0
  • @anthropic-ai/vertex-sdk^0.16.0
  • @aws-sdk/client-bedrock3.1042.0
  • @aws-sdk/client-bedrock-runtime3.1042.0
  • @aws-sdk/credential-provider-node3.972.39
  • @aws/bedrock-token-generator^1.1.0
  • @clack/prompts^1.3.0
  • @google/genai^1.51.0
  • @grammyjs/runner^2.0.3
  • @grammyjs/transformer-throttler^1.2.1
  • @homebridge/ciao^1.3.8
  • @lydell/node-pty1.2.0-beta.12
  • @mariozechner/pi-agent-core0.73.0
  • @mariozechner/pi-ai0.73.0
  • @mariozechner/pi-coding-agent0.73.0
  • @mariozechner/pi-tui0.73.0
  • @modelcontextprotocol/sdk1.29.0
  • @mozilla/readability^0.6.0
  • @slack/bolt^4.7.2
  • @slack/types^2.21.0
  • @slack/web-api^7.15.2
  • ajv^8.20.0
  • chalk^5.6.2
  • chokidar^5.0.0
  • commander^14.0.3
  • croner^10.0.1
  • dotenv^17.4.2
  • express5.2.1
  • file-type22.0.1
  • …and 28 more.
Optional dependencies1
  • sqlite-vec0.1.9