Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 7,145Niche · −30% score
- Versions published
- 134
- First published
- May 2026
- Publisher
- funanvvv
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"high"}'Why flagged
What the scanner saw
Webhook Exfil Endpoint: matched "ngrok.app"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (7 events)
- available → available · risk high · score 117 · status available -> available, risk high -> high, score 168 -> 117
- available → available · risk high · score 168 · status available -> available, risk high -> high, score 104 -> 168
- available → available · risk high · score 104 · status available -> available, risk high -> high, score 268 -> 104
- available → available · risk high · score 268 · status available -> available, risk high -> high, score 274 -> 268
- available → available · risk high · score 274 · status available -> available, risk high -> high, score 442 -> 274
- available → available · risk high · score 442 · status available -> available, risk high -> high, score 2666 -> 442
- new → available · risk high · score 2666 · status changed
Related candidates
Linked campaigns and clusters
funanvvv
21 members · evidence strength 84Install-time lifecycle script — preinstall="node scripts/preinstall-package-manager-warning.mjs"
51 members · evidence strength 90Install-time lifecycle script — postinstall="node scripts/postinstall-bundled-plugins.mjs"
46 members · evidence strength 90Install-time lifecycle script — postinstall="node scripts/postinstall-bundled-plugins.mjs && node scripts/postinstall-patch-pi-ai.mjs"
6 members · evidence strength 90Credential file access — matched "KUBECONFIG"
30 members · evidence strength 90Install Lifecycle Suppresses Failure — prepare="command -v git >/dev/null 2>&1 && git rev-parse --is-inside-work-tree >/dev/null 2>&1 && git config core.hooksPath git-hooks || exit 0"
17 members · evidence strength 90Evidence
Static findings
22 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/dist-ygTw8Wxg.js | matched "ngrok.app" | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-F3vdY9hv.js | matched "ngrok-free.app" | 40 |
| medium | Credential file access | package/dist/install-package-dir-C9fjgAM1.js | matched ".npmrc" | 10 |
Show all 22 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/dist-ygTw8Wxg.js | matched "ngrok.app" | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-F3vdY9hv.js | matched "ngrok-free.app" | 40 |
| medium | Credential file access | package/dist/install-package-dir-C9fjgAM1.js | matched ".npmrc" | 10 |
| low | Messenger Bot Endpoint | package/dist/channel.setup-Ck8RHaEY.js | matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler) | 5 |
| low | Credential file access | package/dist/embedding-provider-YmqqwbBs.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/env-api-keys-BYCyQooC.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Credential file access | package/dist/host-env-security-CXDv4ev5.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Credential file access | package/dist/memory-embedding-adapter-CtXVlYNg.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/model-auth-Bsu1GCBS.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/model-auth-markers-BusdadrB.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/model-auth-runtime-shared-Bk95RsF2.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/provider-contract-api-BD19667h.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Credential file access | package/dist/region-DdL1rda9.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Credential file access | package/dist/src-DdlkwkL9.js | matched "AWS_ACCESS_KEY" | 5 |
| low | Credential file access | package/dist/ssh-config-zpubnlba.js | matched ".ssh/" | 5 |
| low | Credential file access | package/dist/vertex-adc-ePrc3TIL.js | matched "GOOGLE_APPLICATION_CREDENTIALS" | 5 |
| low | Install-time lifecycle script | package.json | preinstall="node scripts/preinstall-package-manager-warning.mjs" | 5 |
| low | Install-time lifecycle script | package.json | postinstall="node scripts/postinstall-bundled-plugins.mjs" | 5 |
| low | Credential file access | package/dist/extensions/google/openclaw.plugin.json | matched "GOOGLE_APPLICATION_CREDENTIALS" | 3 |
| low | Obfuscation Density | package/dist/crypto-runtime-BBxSli45.js | high encoded/escaped-token density | 0 |
| low | Large Javascript Payload | package/dist/opus-ml-3_gEPjgi.js | 4101363 bytes | 0 |
| low | Large Javascript Payload | package/dist/session.runtime-BG3Td33P.js | 3979755 bytes | 0 |
Manifest
Package metadata
Scripts387
android:assemblecd apps/android && ./gradlew :app:assemblePlayDebugandroid:assemble:third-partycd apps/android && ./gradlew :app:assembleThirdPartyDebugandroid:bundle:releasebun apps/android/scripts/build-release-aab.tsandroid:formatcd apps/android && ./gradlew :app:ktlintFormat :benchmark:ktlintFormatandroid:installcd apps/android && ./gradlew :app:installPlayDebugandroid:install:third-partycd apps/android && ./gradlew :app:installThirdPartyDebugandroid:lintcd apps/android && ./gradlew :app:ktlintCheck :benchmark:ktlintCheckandroid:lint:androidcd apps/android && ./gradlew :app:lintDebugandroid:runcd apps/android && ./gradlew :app:installPlayDebug && adb shell am start -n ai.openclaw.app/.MainActivityandroid:run:third-partycd apps/android && ./gradlew :app:installThirdPartyDebug && adb shell am start -n ai.openclaw.app/.MainActivityandroid:testcd apps/android && ./gradlew :app:testPlayDebugUnitTestandroid:test:integrationOPENCLAW_LIVE_TEST=1 OPENCLAW_LIVE_ANDROID_NODE=1 node scripts/run-vitest.mjs run --config test/vitest/vitest.live.config.ts src/gateway/android-node.capabilities.live.test.tsandroid:test:third-partycd apps/android && ./gradlew :app:testThirdPartyDebugUnitTestaudit:seamsnode scripts/audit-seams.mjsbuildnode scripts/build-all.mjsbuild:ci-artifactsnode scripts/build-all.mjs ciArtifactsbuild:dockernode scripts/tsdown-build.mjs && node scripts/check-cli-bootstrap-imports.mjs && node scripts/runtime-postbuild.mjs && node scripts/build-stamp.mjs && node scripts/runtime-postbuild-stamp.mjs && node --import tsx scripts/canvas-a2ui-copy.ts && node --import tsx scripts/copy-hook-metadata.ts && node --import tsx scripts/copy-export-html-templates.ts && node --import tsx scripts/write-build-info.ts && node --experimental-strip-types scripts/write-cli-startup-metadata.ts && node --import tsx scripts/write-cli-compat.tsbuild:plugin-sdk:dtsnode scripts/run-tsgo.mjs -p tsconfig.plugin-sdk.dts.json --declaration truebuild:plugin-sdk:strict-smokepnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.tsbuild:strict-smokepnpm canvas:a2ui:bundle && node scripts/tsdown-build.mjs && node scripts/check-cli-bootstrap-imports.mjs && node scripts/runtime-postbuild.mjs && node scripts/build-stamp.mjs && node scripts/runtime-postbuild-stamp.mjs && pnpm build:plugin-sdk:dts && node --import tsx scripts/write-plugin-sdk-entry-dts.ts && node scripts/check-plugin-sdk-exports.mjscanon:checknode scripts/canon.mjs checkcanon:check:jsonnode scripts/canon.mjs check --jsoncanon:enforcenode scripts/canon.mjs enforce --jsoncanvas:a2ui:bundlenode scripts/bundle-a2ui.mjschanged:lanesnode scripts/changed-lanes.mjschecknode scripts/check.mjscheck:architecturepnpm check:import-cycles && pnpm check:madge-import-cycles && pnpm check:deprecated-internal-config-api && pnpm check:deprecated-jsdoccheck:base-config-schemanode --import tsx scripts/generate-base-config-schema.ts --checkcheck:bundled-channel-config-metadatanode --import tsx scripts/generate-bundled-channel-config-metadata.ts --checkcheck:changednode scripts/check-changed.mjs- …and 357 more.
Dependencies63
@agentclientprotocol/sdk0.21.0@anthropic-ai/sdk0.93.0@anthropic-ai/vertex-sdk^0.16.0@aws-sdk/client-bedrock3.1042.0@aws-sdk/client-bedrock-runtime3.1042.0@aws-sdk/credential-provider-node3.972.39@aws/bedrock-token-generator^1.1.0@clack/core^1.3.0@clack/prompts^1.3.0@google/genai^1.51.0@grammyjs/runner^2.0.3@grammyjs/transformer-throttler^1.2.1@homebridge/ciao^1.3.8@larksuiteoapi/node-sdk^1.62.1@lydell/node-pty1.2.0-beta.12@mariozechner/pi-agent-core0.73.0@mariozechner/pi-ai0.73.0@mariozechner/pi-coding-agent0.73.0@mariozechner/pi-tui0.73.0@modelcontextprotocol/sdk1.29.0@mozilla/readability^0.6.0@openclaw/fs-safe^0.1.1@slack/bolt^4.7.2@slack/types^2.21.0@slack/web-api^7.15.2@wecom/aibot-node-sdk1.0.7ajv^8.20.0chalk^5.6.2chokidar^5.0.0commander^14.0.3- …and 33 more.
Optional dependencies1
sqlite-vec0.1.9