Cargo · crates.io
torc
Credential File Packaged: torc-0.34.0/.env
Why PkgRadar flagged 0.34.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential File Packaged | torc-0.34.0/.env · torc-0.34.0/.env |
| medium | Rs Build Time Command | Process spawn (std::process::Command) at build time. · torc-0.34.0/build.rs |
| medium | Remote Payload | matched "curl " · torc-0.34.0/src/cli.rs |
| medium | Remote Payload | matched "raw.githubusercontent.com" · torc-0.34.0/src/mcp_server/tools.rs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.34.0 | High risk | 89 | 2026-06-03 |
0.33.3 | High risk | 89 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem cargo [email protected]