Cargo · crates.io

llman

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 0.0.41

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · llman-0.0.41/src/config_schema.rs
medium	Remote Payload	matched "curl " · llman-0.0.41/src/x/claude_code/config.rs
medium	Remote Payload	matched "curl " · llman-0.0.41/src/x/claude_code/security.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · llman-0.0.41/src/x/sdd_eval/playbook.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.41`	High risk	26	2026-06-05

Block this in CI

PkgRadar gates llman (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]