PkgRadar

Cargo · crates.io

llamastash

Remote Payload: matched "curl "

Why PkgRadar flagged 0.0.4

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · llamastash-0.0.4/src/cli/daemon.rs
mediumRemote Payloadmatched "github.com/llamastash/llamastash/releases/download" · llamastash-0.0.4/src/init/benchmark.rs
mediumRemote Payloadmatched "Curl " · llamastash-0.0.4/src/tui/events.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.4High risk362026-06-16
0.0.3High risk362026-06-11
0.0.2Review242026-06-02
0.0.1Review242026-05-28

Block this in CI

PkgRadar gates llamastash (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence