Cargo · crates.io
kumiho-construct
Webhook Exfil Endpoint: matched "api.telegram.org/bot"
Why PkgRadar flagged 2026.5.20
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "api.telegram.org/bot" · kumiho-construct-2026.5.20/src/onboard/wizard.rs |
| medium | Rs Build Time Command | Process spawn (std::process::Command) at build time. · kumiho-construct-2026.5.20/build.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/agent/loop_.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/cron/mod.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/cron/scheduler.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/peripherals/arduino_flash.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/peripherals/nucleo_flash.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/security/policy.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/skills/audit.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/skills/mod.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/tools/cron_add.rs |
| medium | Remote Payload | matched "curl " · kumiho-construct-2026.5.20/src/tools/cron_update.rs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2026.5.20 | High risk | 150 | 2026-06-01 |
Block this in CI
pkgradar gate --ecosystem cargo [email protected]