Package evidence

[email protected]

Obfuscation Density: high encoded/escaped-token density

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 244
First published: Feb 2026
Publisher: cyborgninja

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'

Publishercyborgninja

Artifact bytes4,599,021

Previous version4.19.1

Published2026-05-22T07:46:05.160Z

SHA-256a4dd037793030d5362e4e265d0f1fdd5d78e91c8806ca4963d6066b181f6c0f3

Why flagged

What the scanner saw

Obfuscation Density: high encoded/escaped-token density

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

23d agoLast checked

highRisk

144Score

4.20.0Version

Status history (4 events)

available → available23d ago · risk high · score 144 · status available -> available, risk high -> high, score 218 -> 144
available → available23d ago · risk high · score 218 · status available -> available, risk high -> high, score 243 -> 218
available → available23d ago · risk high · score 243 · status available -> available, risk high -> high, score 768 -> 243
new → available24d ago · risk high · score 768 · status changed

Related candidates

Linked campaigns and clusters

Repeated static TTPstale

Credential file access — matched "aws_secret_access_key"

11 members · evidence strength 90

Publisher / release actor burststale

cyborgninja

5 members · evidence strength 84

Evidence

Static findings

98 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/comment-json/index.js	high encoded/escaped-token density	12
medium	Remote Payload	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/lib/mkcert.js	matched "github.com/FiloSottile/mkcert/releases/download"	12

Show all 98 findings (low-signal and informational)

Showing 60 of 98 findings.

Severity	Kind	Path	Detail	Points
medium	Obfuscation Density	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/comment-json/index.js	high encoded/escaped-token density	12
medium	Remote Payload	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/lib/mkcert.js	matched "github.com/FiloSottile/mkcert/releases/download"	12
low	Credential file access	package/dist/audit/dependency-scanner.js	matched ".ssh"	5
low	Credential file access	package/dist/xray/findings-store.js	matched ".ssh"	5
low	Credential file access	package/dist/defence/skill-scanner/scan-skill.js	matched ".ssh"	5
low	Install-time lifecycle script	package.json	postinstall="node scripts/postinstall.mjs"	5
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/zod/index.cjs	matched "atob("	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/[root-of-the-server]__883523b7._.js	matched "\\x1b"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/[root-of-the-server]__c95102dd._.js	matched "\\u0009"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/static/chunks/2d55e8cb58d80df0.js	matched "\\xd7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/static/chunks/40c1a2122c341c45.js	matched "\\xb7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/static/chunks/43d761df92da7cb6.js	matched "\\u00C0"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/static/chunks/4d0b86f6afedd8b5.js	matched "\\xb7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/static/chunks/8d4a0f601450b091.js	matched "\\xb7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/static/chunks/a092294b7089c7a6.js	matched "\\xb7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/static/chunks/a6dad97d9634a72d.js	matched "\\u2028"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/next-server/app-page-turbo-experimental.runtime.prod.js	matched "fromCharCode"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/next-server/app-page-turbo.runtime.prod.js	matched "fromCharCode"	3
low	Obfuscation	package/dist/cli/audit.js	matched "\\x1b"	3
low	Obfuscation	package/dashboard/.next/standalone/node_modules/source-map-support/browser-source-map-support.js	matched "fromCharCode"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/server/resume-data-cache/cache-store.js	matched "atob("	3
low	Obfuscation	package/dist/license/cli.js	matched "\\x1b"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/server/node-environment-extensions/console-dim.external.js	matched "\\x1b"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/server/node-environment-extensions/console-file.js	matched "\\u001b"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_c219bf07._.js	matched "\\xb7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_app_(dashboard)_memory_replay_page_tsx_d2b20535._.js	matched "\\xd7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_app_(dashboard)_overview_page_tsx_8c105626._.js	matched "\\xb7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_components_protection_ProtectionOverview_tsx_54554a97._.js	matched "\\xb7"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/.next/server/chunks/ssr/dashboard_src_components_settings_SettingsView_tsx_16dc83a7._.js	matched "\\xb7"	3
low	Obfuscation	package/dist/cli/doctor.js	matched "\\x1b"	3
low	Obfuscation	package/dist/setup/doctor.js	matched "\\x1b"	3
low	Obfuscation	package/dist/defence/firewall/encoding-detector.js	matched "\\u200B"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/server/app-render/encryption-utils.js	matched "fromCharCode"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/server/app-render/encryption.js	matched "atob("	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/build/webpack/plugins/eval-source-map-dev-tool-plugin.js	matched "eval("	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/server/node-environment-extensions/fast-set-immediate.external.js	matched "\\x1B"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/experimental/testmode/fetch.js	matched "Buffer.from(body, 'base64"	3
low	Obfuscation	package/dist/xray/file-scanner.js	matched "\\u200b"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/build/babel/loader/get-config.js	matched "\\x00"	3
low	Obfuscation	package/dist/xray/guidance.js	matched "eval("	3
low	Obfuscation	package/dist/environment/hidden-detector.js	matched "\\u202A"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/server/htmlescape.js	matched "\\u0026"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/lib/metadata/generate/icon-mark.js	matched "\\xab"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/@next/env/dist/index.js	matched "Buffer.from(e,\"base64"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/build/webpack/loaders/next-app-loader/index.js	matched "Buffer.from(middlewareConfigBase64, 'base64"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/build/webpack/loaders/next-edge-app-route-loader/index.js	matched "Buffer.from(appDirLoaderBase64, 'base64"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/build/webpack/loaders/next-edge-ssr-loader/index.js	matched "Buffer.from(middlewareConfigBase64, 'base64"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/@hapi/accept/index.js	matched "\\u2028"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/babel-code-frame/index.js	matched "\\u0080"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/busboy/index.js	matched "fromCharCode"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/commander/index.js	matched "\\ufeff"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/comment-json/index.js	matched "\\x00"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/conf/index.js	matched "\\x00"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/content-disposition/index.js	matched "\\x00"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/cookie/index.js	matched "\\u0009"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/edge-runtime/index.js	matched "\\x20"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/jsonwebtoken/index.js	matched "\\x00"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/picomatch/index.js	matched "\\x00"	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/send/index.js	matched "Eval("	3
low	Obfuscation	package/dashboard/.next/standalone/dashboard/node_modules/next/dist/compiled/strip-ansi/index.js	matched "\\u001B"	3

Manifest

Package metadata

Scripts21

audit:securitynpm audit --audit-level=moderate
benchtsx benchmark/longmemeval/run.ts
bench:smokeSHIELDCORTEX_SKIP_EMBEDDINGS=1 tsx benchmark/longmemeval/run.ts --quiet
bootstrap:dashboardnode -e "if (!require('fs').existsSync('dashboard/node_modules')) { process.exit(1); }" || (cd dashboard && npm ci --no-audit --no-fund)
buildnpm run build:ts && npm run build:dashboard
build:dashboardnpm run bootstrap:dashboard && cd dashboard && npm run build && (cp -r .next/static .next/standalone/dashboard/.next/ 2>/dev/null || true) && (cp -r public .next/standalone/dashboard/ 2>/dev/null || true) && cd .. && node scripts/prune-dashboard-standalone.mjs
build:tsnode -e "fs.rmSync('dist', { recursive: true, force: true }); fs.rmSync('plugins/openclaw/dist', { recursive: true, force: true })" && tsc -p tsconfig.build.json && tsc -p tsconfig.openclaw-plugin.json && cp plugins/openclaw/openclaw.plugin.json plugins/openclaw/dist/ && cp plugins/openclaw/openclaw.plugin.json ./openclaw.plugin.json && cp src/database/schema.sql dist/database/
devtsx src/index.ts
dev:apitsx src/index.ts --mode api
dev:dashboardtsx src/index.ts --dashboard
postbuild:tsnode scripts/ensure-bin-executable.mjs
postinstallnode scripts/postinstall.mjs
prepacknode scripts/ensure-bin-executable.mjs
prepublishOnlynpm run build
startnode dist/index.js
start:apinode dist/index.js --mode api
start:dashboardnode dist/index.js --dashboard
testnode scripts/run-jest.mjs
test:coveragenode scripts/run-jest.mjs --coverage
test:watchnode scripts/run-jest.mjs --watch
watchtsc --watch

Dependencies8

@huggingface/transformers^3.7.2
@modelcontextprotocol/sdk^1.0.0
better-sqlite3^12.0.0
cors^2.8.5
express^4.21.0
safe-regex2^5.0.0
ws^8.18.0
zod^3.23.0