PkgRadar

Package evidence

@ai-agencee/[email protected]

Credential file access

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
2
First published
Mar 2026
Publisher
formular.dev

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@ai-agencee/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@ai-agencee/[email protected]"],"fail_on":"review"}'
Publisherformular.dev
Artifact bytes1,306,439
Previous version1.1.0
Published2026-05-07T09:26:03.889Z
SHA-256f316aaafa1fb5db19738f7edfb3763958fbe2fa37e419f89a72b77725ca489ed

Why flagged

What the scanner saw

Credential file access

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
40Score
1.1.4Version
Status history (1 event)
  1. newavailable · risk review · score 40 · status changed

Evidence

Static findings

8 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 8 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5
lowCredential file accessmanifest5

Manifest

Package metadata

Dependencies7
  • @ai-agencee/coreworkspace:^
  • @ai-agencee/tech-registryworkspace:^
  • @sqlite.org/sqlite-wasm3.49.2-build1
  • @xenova/transformers^2.17.2
  • cosmiconfig^9.0.1
  • glob^10.5.0
  • ignore^6.0.2