Cargo · crates.io

forensicnomicon

Webhook Exfil Endpoint: matched "ngrok-free.app"

Why PkgRadar flagged 0.2.0

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "ngrok-free.app" · forensicnomicon-0.2.0/src/abusable_sites.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · forensicnomicon-0.2.0/src/catalog/containers_parsing.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · forensicnomicon-0.2.0/src/catalog/descriptors/generated/regedit_generated.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · forensicnomicon-0.2.0/src/catalog/descriptors/mod.rs
medium	Remote Payload	matched "wget " · forensicnomicon-0.2.0/src/commands.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.2.0`	High risk	93	2026-06-05

Block this in CI

PkgRadar gates forensicnomicon (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]