PkgRadar

Package evidence

@useagentrail/[email protected]

Credential file access: matched "aws_access_key"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published
3
First published
Jun 2026
Publisher
bensigo

Recommended action

Review before promoting

Mixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.

Inspect tarballAdd to CI gate
Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["@useagentrail/[email protected]"],"fail_on":"review"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["@useagentrail/[email protected]"],"fail_on":"review"}'
Publisherbensigo
Artifact bytes242,292
Previous version0.1.1
Published2026-06-08T12:12:54.342Z
SHA-2566423b58d9db5d2ed3ae414355ef838f5fd1fc925005acf555dc066be67457293

Why flagged

What the scanner saw

Credential file access: matched "aws_access_key"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

review
Last checked
reviewRisk
5Score
0.1.2Version
Status history (1 event)
  1. newavailable · risk review · score 5 · status changed

Evidence

Static findings

1 static · 0 from release diff · showing high-signal first.

No high-signal findings — see all findings below.

Show all 1 findings (low-signal and informational)
SeverityKindPathDetailPoints
lowCredential file accesspackage/agentrail/context/redaction.pymatched "aws_access_key"5

Manifest

Package metadata

Scripts15
  • buildpnpm --filter @agentrail/console build
  • db:generatepnpm --filter @agentrail/db-postgres db:generate
  • db:migratepnpm --filter @agentrail/db-postgres db:migrate && pnpm --filter @agentrail/db-clickhouse db:migrate
  • db:migrate:chpnpm --filter @agentrail/db-clickhouse db:migrate
  • db:migrate:pgpnpm --filter @agentrail/db-postgres db:migrate
  • db:seedpnpm --filter @agentrail/db-postgres db:seed && pnpm --filter @agentrail/db-clickhouse db:seed
  • db:seed:chpnpm --filter @agentrail/db-clickhouse db:seed
  • db:seed:pgpnpm --filter @agentrail/db-postgres db:seed
  • devpnpm --filter @agentrail/console dev
  • lintpnpm --filter @agentrail/console lint
  • postpublishmv README.project.bak README.md
  • prepublishOnlycp README.md README.project.bak && cp npm-README.md README.md
  • testbash scripts/test-install && bash scripts/test-skill-registry-validation && bash scripts/test-skill-resolution && bash scripts/test-promote-unblocked-issues && bash scripts/test-doctor && bash scripts/test-upgrade && bash scripts/test-public-positioning && bash scripts/test-cli-first-docs && bash scripts/test-prompt-generation && bash scripts/test-runner-adapter && bash scripts/test-resume-handoff && bash scripts/test-label-sync && bash scripts/test-codex-desktop-docs && bash scripts/test-source-afk-dogfood && bash scripts/test-review-memory-suggestions && bash scripts/test-afk-merge-reviewed-pr && bash scripts/test-worktree-cleanup && bash scripts/test-python && bash scripts/test-context-sources && bash scripts/test-context-index && bash scripts/test-context-privacy && bash scripts/test-context-embeddings && bash scripts/test-context-query && bash scripts/test-context-packs && bash scripts/test-context-evaluation
  • typecheckpnpm --filter @agentrail/console typecheck
  • typecheck:pythonbash scripts/typecheck-python