Package evidence
@mjansrud/[email protected]
Webhook Exfil Endpoint, New Account With Lifecycle Hook, Tls Verification Disabled +4 more
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 2
- First published
- Jun 2026
- Publisher
- mjansrud
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["@mjansrud/[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["@mjansrud/[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Webhook Exfil Endpoint
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (2 events)
- scan_error → available · risk review · score 232 · status scan_error -> available, risk none -> review, score none -> 232
- new → scan_error · risk none · score — · error decoding response body
Evidence
Static findings
30 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/dist-C66-RP37.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-DVqNSAqh.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/i18n-C0k1rM_n.js | — | 40 |
| high | New Account With Lifecycle Hook | package.json | — | 25 |
| medium | Tls Verification Disabled | package/dist/agent-bundle-mcp-runtime-BY7thXTb.js | — | 12 |
| medium | Credential file access | package/dist/install-package-dir-CtS1Q27D.js | — | 10 |
| medium | Credential file access | package/dist/npm-install-env-AjCsQNK5.js | — | 10 |
| medium | Credential file access | package/dist/npm-managed-root-Dyr4yHCp.js | — | 10 |
| medium | Suspicious Publish Context | manifest | — | 10 |
Show all 30 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/dist-C66-RP37.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-DVqNSAqh.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/i18n-C0k1rM_n.js | — | 40 |
| high | New Account With Lifecycle Hook | package.json | — | 25 |
| medium | Tls Verification Disabled | package/dist/agent-bundle-mcp-runtime-BY7thXTb.js | — | 12 |
| medium | Credential file access | package/dist/install-package-dir-CtS1Q27D.js | — | 10 |
| medium | Credential file access | package/dist/npm-install-env-AjCsQNK5.js | — | 10 |
| medium | Credential file access | package/dist/npm-managed-root-Dyr4yHCp.js | — | 10 |
| medium | Suspicious Publish Context | manifest | — | 10 |
| low | Credential file access | package/dist/channel.runtime-CmuKyNz1.js | — | 5 |
| low | Credential file access | package/dist/extensions/google/cli-backend-auth.runtime.js | — | 5 |
| low | Credential file access | package/dist/dist-cjs-BS-8215S.js | — | 5 |
| low | Credential file access | package/dist/dist-cjs-Dh2ipDBw2.js | — | 5 |
| low | Credential file access | package/dist/env-api-keys-8q9bEA0v.js | — | 5 |
| low | Credential file access | package/dist/host-env-security-CmrI0DLD.js | — | 5 |
| low | Credential file access | package/dist/mcp-stdio-BSQOal0o.js | — | 5 |
| low | Credential file access | package/dist/model-auth-Bs76rk62.js | — | 5 |
| low | Credential file access | package/dist/model-auth-markers-CcSjzdgd.js | — | 5 |
| low | Credential file access | package/dist/model-auth-runtime-shared-D8fFlbsz.js | — | 5 |
| low | Credential file access | package/dist/provider-contract-api-B5_Torho.js | — | 5 |
| low | Credential file access | package/dist/src-Cp7ODFk2.js | — | 5 |
| low | Credential file access | package/dist/ssh-config-DXFPABYp.js | — | 5 |
| low | Credential file access | package/dist/vertex-adc-DSgn0Wyp.js | — | 5 |
| low | Install-time lifecycle script | package.json | — | 5 |
| low | Install-time lifecycle script | package.json | — | 5 |
| low | Credential file access | package/dist/extensions/google/openclaw.plugin.json | — | 3 |
| low | Obfuscation Density | package/dist/control-ui/assets/config-runtime-Chws_C6h.js | — | 0 |
| low | Obfuscation Density | package/dist/idb-persistence-CwR3n2v9.js | — | 0 |
| low | Obfuscation Density | package/dist/manager.runtime-jwEtUru8.js | — | 0 |
| low | Obfuscation Density | package/npm-shrinkwrap.json | — | 0 |
Manifest
Package metadata
Scripts 472
Sign in to view install / lifecycle script contents.
Dependencies54
@agentclientprotocol/sdk0.22.1@anthropic-ai/sdk0.100.1@clack/core1.3.1@clack/prompts1.4.0@earendil-works/pi-tui0.78.0@google/genai2.7.0@grammyjs/runner2.0.3@grammyjs/transformer-throttler1.2.1@homebridge/ciao1.3.9@lydell/node-pty1.2.0-beta.12@mistralai/mistralai2.2.5@modelcontextprotocol/sdk1.29.0@mozilla/readability0.6.0@openclaw/fs-safe0.3.0@openclaw/proxyline0.3.3chalk5.6.2chokidar5.0.0clawpdf0.3.0commander14.0.3croner10.0.1diff9.0.0dotenv17.4.2express5.2.1file-type22.0.1glob13.0.6grammy1.43.0highlight.js11.11.1hosted-git-info10.1.1ignore7.0.5jiti2.7.0- …and 24 more.
Optional dependencies1
sqlite-vec0.1.9