Add shared reported-malicious mini app id list for client blocklists

[neynar-chatbot-agent]

Summary

A user report described suspected wallet-draining behavior for the Universal Mini App clawnchpad at https://farcaster.xyz/miniapps/TKmCN5l0NjbZ/clawnchpad.

This repository ships the Mini Apps SDK (@farcaster/miniapp-core, @farcaster/miniapp-host, and related packages). It does not host the Farcaster web client where blocklists or takedowns are enforced, so production blocking or delisting still requires a change in the client or catalog service that loads mini apps.

Changes

• Add REPORTED_MALICIOUS_MINI_APP_IDS and isReportedMaliciousMiniAppId() in @farcaster/miniapp-core so Farcaster clients and internal tooling can share one canonical list of Universal Link app ids tied to trust-and-safety reports.
• Seed the list with app id TKmCN5l0NjbZ from the abuse report.
• Add unit tests for the helper.

Follow-up (outside this PR)

Enforcement (blocking the iframe, showing a warning, or delisting in the catalog) must happen in the Farcaster client or backend that resolves Universal Links and loads mini apps. Consumers of this package can call isReportedMaliciousMiniAppId() before loading a mini app when they have the Universal Link app id.

Linear Issue: NEYN-10502

  

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
miniapps-docs	Ready	Preview, Comment	Apr 19, 2026 3:47pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: 226af8e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR