Package evidence

[email protected]

Webhook Exfil Endpoint: matched "ngrok.app"

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 480
Versions published: 8
First published: May 2026
Publisher: enclawed

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'

Publisherenclawed

Artifact bytes13,175,591

Previous version1.0.0

Published2026-05-25T16:05:05.170Z

SHA-256b3ad59f2363686cedf276b8a356a25622fc84a9470a0c8b61a4ab3c2337779ab

Why flagged

What the scanner saw

Webhook Exfil Endpoint: matched "ngrok.app"

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

3d agoLast checked

highRisk

158Score

1.0.1Version

Status history (4 events)

available → available9d ago · risk high · score 158 · status available -> available, risk high -> high, score 110 -> 158
available → available13d ago · risk high · score 110 · status available -> available, risk high -> high, score 138 -> 110
available → available13d ago · risk high · score 138 · status available -> available, risk high -> high, score 252 -> 138
new → available18d ago · risk high · score 252 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burststale

enclawed

5 members · evidence strength 84

Evidence

Static findings

20 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Webhook Exfil Endpoint	package/dist/dist-DQo8HPuu.js	matched "ngrok.app"	40
high	Webhook Exfil Endpoint	package/dist/guarded-json-api-DbjHdDAf.js	matched "ngrok-free.app"	40
medium	Credential file access	package/dist/install-package-dir-zKT4_Ly4.js	matched ".npmrc"	10
medium	New Account With Lifecycle Hook	package.json	package first published 26 day(s) ago, 8 total version(s), has lifecycle hook	10

Show all 20 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Webhook Exfil Endpoint	package/dist/dist-DQo8HPuu.js	matched "ngrok.app"	40
high	Webhook Exfil Endpoint	package/dist/guarded-json-api-DbjHdDAf.js	matched "ngrok-free.app"	40
medium	Credential file access	package/dist/install-package-dir-zKT4_Ly4.js	matched ".npmrc"	10
medium	New Account With Lifecycle Hook	package.json	package first published 26 day(s) ago, 8 total version(s), has lifecycle hook	10
low	Messenger Bot Endpoint	package/dist/channel.setup-B2HCiVyl.js	matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler)	5
low	Credential file access	package/dist/embedding-provider-SYmObZ5O.js	matched "AWS_ACCESS_KEY"	5
low	Credential file access	package/dist/host-env-security-BH6b27fI.js	matched "GOOGLE_APPLICATION_CREDENTIALS"	5
low	Credential file access	package/dist/memory-embedding-adapter-DRwI2w_s.js	matched "AWS_ACCESS_KEY"	5
low	Credential file access	package/dist/model-auth-BLYXhWGF.js	matched "AWS_ACCESS_KEY"	5
low	Credential file access	package/dist/model-auth-env-BTPZLM9t.js	matched "GOOGLE_APPLICATION_CREDENTIALS"	5
low	Credential file access	package/dist/model-auth-markers-B-e-6YET.js	matched "AWS_ACCESS_KEY"	5
low	Credential file access	package/dist/model-auth-runtime-shared-DpfHkVu8.js	matched "AWS_ACCESS_KEY"	5
low	Credential file access	package/dist/provider-contract-api-BagY8isV.js	matched "GOOGLE_APPLICATION_CREDENTIALS"	5
low	Credential file access	package/dist/region-1S6h1pvN.js	matched "GOOGLE_APPLICATION_CREDENTIALS"	5
low	Credential file access	package/dist/vertex-adc-DvRvErrT.js	matched "GOOGLE_APPLICATION_CREDENTIALS"	5
low	Install-time lifecycle script	package.json	preinstall="node scripts/preinstall-package-manager-warning.mjs"	5
low	Install-time lifecycle script	package.json	postinstall="node scripts/postinstall-bundled-plugins.mjs"	5
low	Credential file access	package/dist/extensions/google/enclawed.plugin.json	matched "GOOGLE_APPLICATION_CREDENTIALS"	3
low	Large Javascript Payload	package/dist/extensions/diagnostics-otel/index.js	2614383 bytes	0
low	Large Javascript Payload	package/dist/extensions/diffs/assets/viewer-runtime.js	9820374 bytes	0

Manifest

Package metadata

Scripts265

android:assemblecd apps/android && ./gradlew :app:assemblePlayDebug
android:assemble:third-partycd apps/android && ./gradlew :app:assembleThirdPartyDebug
android:bundle:releasebun apps/android/scripts/build-release-aab.ts
android:formatcd apps/android && ./gradlew :app:ktlintFormat :benchmark:ktlintFormat
android:installcd apps/android && ./gradlew :app:installPlayDebug
android:install:third-partycd apps/android && ./gradlew :app:installThirdPartyDebug
android:lintcd apps/android && ./gradlew :app:ktlintCheck :benchmark:ktlintCheck
android:lint:androidcd apps/android && ./gradlew :app:lintDebug
android:runcd apps/android && ./gradlew :app:installPlayDebug && adb shell am start -n ai.enclawed.app/.MainActivity
android:run:third-partycd apps/android && ./gradlew :app:installThirdPartyDebug && adb shell am start -n ai.enclawed.app/.MainActivity
android:testcd apps/android && ./gradlew :app:testPlayDebugUnitTest
android:test:integrationENCLAWED_LIVE_TEST=1 ENCLAWED_LIVE_ANDROID_NODE=1 node scripts/run-vitest.mjs run --config test/vitest/vitest.live.config.ts src/gateway/android-node.capabilities.live.test.ts
android:test:third-partycd apps/android && ./gradlew :app:testThirdPartyDebugUnitTest
audit:seamsnode scripts/audit-seams.mjs
buildnode scripts/build-all.mjs
build:ci-artifactsnode scripts/build-all.mjs ciArtifacts
build:dockernode scripts/tsdown-build.mjs && node scripts/runtime-postbuild.mjs && node --import tsx scripts/write-npm-update-compat-sidecars.ts && node scripts/build-stamp.mjs && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/copy-export-html-templates.ts && node --import tsx scripts/write-build-info.ts && node --experimental-strip-types scripts/write-cli-startup-metadata.ts && node --import tsx scripts/write-cli-compat.ts
build:plugin-sdk:dtstsc -p tsconfig.plugin-sdk.dts.json
build:strict-smokepnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/runtime-postbuild.mjs && node scripts/build-stamp.mjs && pnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts && node scripts/check-plugin-sdk-exports.mjs
canon:checknode scripts/canon.mjs check
canon:check:jsonnode scripts/canon.mjs check --json
canon:enforcenode scripts/canon.mjs enforce --json
canvas:a2ui:bundlenode scripts/bundle-a2ui.mjs
checkpnpm check:no-conflict-markers && pnpm tool-display:check && pnpm check:host-env-policy:swift && pnpm tsgo && pnpm lint && pnpm lint:webhook:no-low-level-body-read && pnpm lint:auth:no-pairing-store-group && pnpm lint:auth:pairing-account-scope && pnpm check:import-cycles && pnpm check:madge-import-cycles
check-publish-treenode scripts/check-publish-tree.mjs
check:base-config-schemanode --import tsx scripts/generate-base-config-schema.ts --check
check:bundled-channel-config-metadatanode --import tsx scripts/generate-bundled-channel-config-metadata.ts --check
check:docspnpm format:docs:check && pnpm lint:docs && pnpm docs:check-i18n-glossary && pnpm docs:check-links
check:host-env-policy:swiftnode scripts/generate-host-env-security-policy-swift.mjs --check
check:import-cyclesnode --import tsx scripts/check-import-cycles.ts
…and 235 more.

Dependencies67

@agentclientprotocol/sdk0.18.2
@aws-sdk/client-bedrock3.1028.0
@aws-sdk/client-bedrock-runtime3.1028.0
@aws-sdk/credential-provider-node3.972.30
@aws/bedrock-token-generator^1.1.0
@clack/prompts^1.2.0
@google/genai^1.49.0
@grammyjs/runner^2.0.3
@grammyjs/transformer-throttler^1.2.1
@homebridge/ciao^1.3.6
@lancedb/lancedb^0.27.2
@lydell/node-pty1.2.0-beta.12
@mariozechner/pi-agent-core0.66.1
@mariozechner/pi-ai0.66.1
@mariozechner/pi-coding-agent0.66.1
@mariozechner/pi-tui0.66.1
@matrix-org/matrix-sdk-crypto-wasm18.0.0
@modelcontextprotocol/sdk1.29.0
@mozilla/readability^0.6.0
@pierre/diffs1.1.13
@sinclair/typebox0.34.49
@slack/bolt^4.7.0
@slack/web-api^7.15.0
@whiskeysockets/baileys7.0.0-rc13
ajv^8.18.0
chalk^5.6.2
chokidar^5.0.0
cli-highlight^2.1.11
commander^14.0.3
croner^10.0.1
…and 37 more.

Optional dependencies4

@matrix-org/matrix-sdk-crypto-nodejs^0.4.0
fake-indexeddb^6.2.5
music-metadata^11.12.3
qrcode^1.5.4