Package evidence
[email protected]
Webhook Exfil Endpoint, Credential file access, Install-time lifecycle script +2 more
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Weekly downloads
- 2,539Niche · −30% score
- Versions published
- 158
- First published
- May 2026
- Publisher
- funanvvv
Effective trust discount applied: −30% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["[email protected]"],"fail_on":"review"}'Why flagged
What the scanner saw
Webhook Exfil Endpoint
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (5 events)
- available → available · risk review · score 128 · status available -> available, risk high -> review, score 117 -> 128
- available → available · risk high · score 117 · status available -> available, risk high -> high, score 168 -> 117
- available → available · risk high · score 168 · status available -> available, risk high -> high, score 84 -> 168
- available → available · risk high · score 84 · status available -> available, risk high -> high, score 142 -> 84
- new → available · risk high · score 142 · status changed
Evidence
Static findings
22 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/channel.setup-CI5d-nca.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/dist-ygTw8Wxg.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-DXwaxIXe.js | — | 40 |
| medium | Credential file access | package/dist/install-package-dir-YUqZ6_UR.js | — | 10 |
Show all 22 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | Webhook Exfil Endpoint | package/dist/channel.setup-CI5d-nca.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/dist-ygTw8Wxg.js | — | 40 |
| high | Webhook Exfil Endpoint | package/dist/guarded-json-api-DXwaxIXe.js | — | 40 |
| medium | Credential file access | package/dist/install-package-dir-YUqZ6_UR.js | — | 10 |
| low | Credential file access | package/dist/embedding-provider-V29U4JA7.js | — | 5 |
| low | Credential file access | package/dist/env-api-keys-BYCyQooC.js | — | 5 |
| low | Credential file access | package/dist/host-env-security-CXDv4ev5.js | — | 5 |
| low | Credential file access | package/dist/memory-embedding-adapter-LCmm_orp.js | — | 5 |
| low | Credential file access | package/dist/model-auth-markers-BusdadrB.js | — | 5 |
| low | Credential file access | package/dist/model-auth-RldWEugw.js | — | 5 |
| low | Credential file access | package/dist/model-auth-runtime-shared-Bk95RsF2.js | — | 5 |
| low | Credential file access | package/dist/provider-contract-api-BD19667h.js | — | 5 |
| low | Credential file access | package/dist/region-DCTEgtvf.js | — | 5 |
| low | Credential file access | package/dist/src-DdlkwkL9.js | — | 5 |
| low | Credential file access | package/dist/ssh-config-zpubnlba.js | — | 5 |
| low | Credential file access | package/dist/vertex-adc-ePrc3TIL.js | — | 5 |
| low | Install-time lifecycle script | package.json | — | 5 |
| low | Install-time lifecycle script | package.json | — | 5 |
| low | Credential file access | package/dist/extensions/google/openclaw.plugin.json | — | 3 |
| low | Obfuscation Density | package/dist/crypto-runtime-BBxSli45.js | — | 0 |
| low | Large Javascript Payload | package/dist/opus-ml-3_gEPjgi.js | — | 0 |
| low | Large Javascript Payload | package/dist/session.runtime-BG3Td33P.js | — | 0 |
Manifest
Package metadata
Scripts 387
Sign in to view install / lifecycle script contents.
Dependencies63
@agentclientprotocol/sdk0.21.0@anthropic-ai/sdk0.93.0@anthropic-ai/vertex-sdk^0.16.0@aws-sdk/client-bedrock3.1042.0@aws-sdk/client-bedrock-runtime3.1042.0@aws-sdk/credential-provider-node3.972.39@aws/bedrock-token-generator^1.1.0@clack/core^1.3.0@clack/prompts^1.3.0@google/genai^1.51.0@grammyjs/runner^2.0.3@grammyjs/transformer-throttler^1.2.1@homebridge/ciao^1.3.8@larksuiteoapi/node-sdk^1.62.1@lydell/node-pty1.2.0-beta.12@mariozechner/pi-agent-core0.73.0@mariozechner/pi-ai0.73.0@mariozechner/pi-coding-agent0.73.0@mariozechner/pi-tui0.73.0@modelcontextprotocol/sdk1.29.0@mozilla/readability^0.6.0@openclaw/fs-safe^0.1.1@slack/bolt^4.7.2@slack/types^2.21.0@slack/web-api^7.15.2@wecom/aibot-node-sdk1.0.7ajv^8.20.0chalk^5.6.2chokidar^5.0.0commander^14.0.3- …and 33 more.
Optional dependencies1
sqlite-vec0.1.9