Package evidence
@agenticmail/[email protected]
Webhook Exfil Endpoint: matched "api.telegram.org/bot"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 1,498Niche · −30% score
- Versions published
- 620
- First published
- Feb 2026
- Publisher
- ope-olatunji
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@agenticmail/[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@agenticmail/[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Webhook Exfil Endpoint: matched "api.telegram.org/bot"
1 candidate cluster(s) currently reference this release.
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (2 events)
- available → available · risk high · score 126 · status available -> available, risk high -> high, score 124 -> 126
- new → available · risk high · score 124 · status changed
Related candidates
Linked campaigns and clusters
ope-olatunji
6 members · evidence strength 78ope-olatunji
6 members · max score 246Evidence
Static findings
19 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/chunk-KQ5EU4IA.js | matched "api.telegram.org/bot" | 40 |
| medium | Remote Payload | package/bin/agenticmail-enterprise.cjs | matched "curl " | 12 |
| medium | Remote Payload | package/dist/agent-tools-KRMDJOCK.js | matched "curl " | 12 |
| medium | Remote Payload | package/dist/chunk-5EMB2S53.js | matched "curl " | 12 |
| medium | Remote Payload | package/dist/chunk-I2T4HESC.js | matched "curl " | 12 |
| medium | Remote Payload | package/dist/chunk-KQ5EU4IA.js | matched "raw.githubusercontent.com" | 12 |
| medium | Remote Payload | package/dist/chunk-NMMTMHTA.js | matched "api.telegram.org/bot" | 12 |
| medium | Remote Payload | package/dist/chunk-REAJCMQE.js | matched "api.telegram.org/bot" | 12 |
| medium | Remote Payload | package/dist/cli-agent-V7K6HZAG.js | matched "wget " | 12 |
| medium | Remote Payload | package/dist/cli-recover-OXRLXXCB.js | matched "curl " | 12 |
Show all 19 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/chunk-KQ5EU4IA.js | matched "api.telegram.org/bot" | 40 |
| medium | Remote Payload | package/bin/agenticmail-enterprise.cjs | matched "curl " | 12 |
| medium | Remote Payload | package/dist/agent-tools-KRMDJOCK.js | matched "curl " | 12 |
| medium | Remote Payload | package/dist/chunk-5EMB2S53.js | matched "curl " | 12 |
| medium | Remote Payload | package/dist/chunk-I2T4HESC.js | matched "curl " | 12 |
| medium | Remote Payload | package/dist/chunk-KQ5EU4IA.js | matched "raw.githubusercontent.com" | 12 |
| medium | Remote Payload | package/dist/chunk-NMMTMHTA.js | matched "api.telegram.org/bot" | 12 |
| medium | Remote Payload | package/dist/chunk-REAJCMQE.js | matched "api.telegram.org/bot" | 12 |
| medium | Remote Payload | package/dist/cli-agent-V7K6HZAG.js | matched "wget " | 12 |
| medium | Remote Payload | package/dist/cli-recover-OXRLXXCB.js | matched "curl " | 12 |
| low | Credential file access | package/dist/agent-tools-KRMDJOCK.js | matched "id_rsa" | 5 |
| low | Credential file access | package/dist/chunk-KQ5EU4IA.js | matched "aws_secret_access_key" | 5 |
| low | Messenger Bot Endpoint | package/dist/chunk-NMMTMHTA.js | matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler) | 5 |
| low | Messenger Bot Endpoint | package/dist/chunk-REAJCMQE.js | matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler) | 5 |
| low | Messenger Bot Endpoint | package/dist/cli-agent-V7K6HZAG.js | matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler) | 5 |
| low | Credential file access | package/dist/dashboard/pages/cluster.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/dashboard/pages/agent-detail/deployment.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/dashboard/pages/polymarket.js | matched ".ssh/" | 5 |
| low | Credential file access | package/community-skills/aws-services/agenticmail-skill.json | matched "AWS_ACCESS_KEY" | 3 |
Manifest
Package metadata
Scripts4
buildtsup src/index.ts src/cli.ts src/registry/cli.ts src/watchdog.ts --format esm --external better-sqlite3 --external mongodb --external mysql2 --external @libsql/client --external @aws-sdk/client-dynamodb --external @aws-sdk/lib-dynamodb --external @aws-sdk/client-s3 --external @aws-sdk/s3-request-presigner --external @google-cloud/storage --external @azure/storage-blob --external @mozilla/readability --external imapflow --external nodemailer --external linkedom --external postgres --external playwright-core --external ws --external express && mkdir -p dist/dashboard/components dist/dashboard/pages dist/dashboard/vendor dist/dashboard/assets dist/registry && cp src/dashboard/index.html dist/dashboard/ && cp src/dashboard/app.js dist/dashboard/ && cp src/dashboard/components/*.js dist/dashboard/components/ && cp src/dashboard/pages/*.js dist/dashboard/pages/ && rm -rf dist/dashboard/pages/agent-detail && cp -r src/dashboard/pages/agent-detail dist/dashboard/pages/agent-detail && cp src/dashboard/vendor/*.js dist/dashboard/vendor/ && cp -r src/dashboard/assets/* dist/dashboard/assets/ && mkdir -p dist/dashboard/data && cp src/dashboard/data/*.js dist/dashboard/data/ && mkdir -p dist/dashboard/docs && cp src/dashboard/docs/*.html dist/dashboard/docs/ && cp src/dashboard/docs/*.css dist/dashboard/docs/ && mkdir -p dist/assets && cp src/engine/assets/* dist/assets/ && cp src/engine/soul-templates.json dist/devnpm run build && node --watch start-live.mjspreuninstallnode scripts/preuninstall.jsrebuildnpm run build && pm2 restart enterprise
Dependencies21
@anthropic-ai/sdk^0.73.0@hono/node-server^1.19.9@modelcontextprotocol/sdk^1.26.0@sinclair/typebox^0.34.48@whiskeysockets/baileys^7.0.0-rc.9bcryptjs^2.4.3chalk^5.0.0ethers^6.16.0hono^4.0.0imapflow^1.2.10inquirer^9.0.0jose^5.0.0nanoid^5.0.0nodemailer^8.0.1openai^4.77.0ora^8.0.0playwright^1.58.2qrcode-terminal^0.12.0sharp^0.34.5socks-proxy-agent^8.0.5ssh2^1.17.0
Optional dependencies6
@libsql/client^0.6.0better-sqlite3^11.0.0mongodb^6.3.0mysql2^3.9.0pg^8.13.0postgres^3.4.0