PkgRadar

Cargo · crates.io

otoji

Rs Build Time Command: Process spawn (std::process::Command) at build time.

Why PkgRadar flagged 0.1.16

SeveritySignalEvidence
mediumRs Build Time CommandProcess spawn (std::process::Command) at build time. · otoji-0.1.16/build.rs
mediumRemote Payloadmatched "curl " · otoji-0.1.16/src/asr/sensevoice.rs
mediumRemote Payloadmatched "github.com/k2-fsa/sherpa-onnx/releases/download" · otoji-0.1.16/src/asr/sensevoice_download.rs
mediumRemote Payloadmatched "curl " · otoji-0.1.16/src/kws.rs
mediumRemote Payloadmatched "curl " · otoji-0.1.16/src/main.rs
mediumRemote Payloadmatched "curl " · otoji-0.1.16/src/tts/piper.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.16High risk902026-06-15
0.1.15High risk902026-06-15
0.1.14High risk902026-06-15

Block this in CI

PkgRadar gates otoji (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence
otoji — Cargo security scan | PkgRadar