Cargo · crates.io
vtcode-core
Remote Payload: matched "invoke-webrequest"
Why PkgRadar flagged 0.121.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "invoke-webrequest" · vtcode-core-0.121.1/src/command_safety/windows_cmdlet_db.rs |
| medium | Remote Payload | matched "curl " · vtcode-core-0.121.1/src/pods/manager.rs |
| medium | Remote Payload | matched "curl " · vtcode-core-0.121.1/src/sandboxing/debug.rs |
| medium | Remote Payload | matched "curl " · vtcode-core-0.121.1/src/skills/templates.rs |
| medium | Remote Payload | matched "curl " · vtcode-core-0.121.1/src/terminal_setup/features/shell_integration.rs |
| medium | Remote Payload | matched "curl " · vtcode-core-0.121.1/src/terminal_setup/terminals/iterm2.rs |
| medium | Remote Payload | matched "wget " · vtcode-core-0.121.1/src/tools/validation/commands.rs |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.121.1 | High risk | 62 | 2026-06-03 |
0.121.0 | High risk | 62 | 2026-06-03 |
0.120.0 | High risk | 62 | 2026-06-03 |
0.119.0 | High risk | 62 | 2026-06-03 |
0.118.0 | High risk | 62 | 2026-06-03 |
0.117.7 | High risk | 62 | 2026-06-03 |
0.117.6 | High risk | 62 | 2026-06-03 |
0.117.5 | High risk | 62 | 2026-06-02 |
0.117.4 | High risk | 62 | 2026-06-02 |
0.117.3 | High risk | 62 | 2026-06-02 |
0.117.2 | High risk | 62 | 2026-06-02 |
0.117.1 | High risk | 62 | 2026-06-01 |
0.117.0 | High risk | 62 | 2026-06-01 |
0.116.4 | High risk | 62 | 2026-05-31 |
0.116.3 | High risk | 62 | 2026-05-31 |
0.116.2 | Review | 62 | 2026-05-31 |
0.116.1 | Review | 62 | 2026-05-31 |
0.116.0 | Review | 62 | 2026-05-30 |
0.114.0 | High risk | 62 | 2026-05-30 |
0.113.0 | High risk | 62 | 2026-05-30 |
0.112.0 | High risk | 62 | 2026-05-30 |
0.111.1 | High risk | 62 | 2026-05-30 |
0.108.4 | High risk | 62 | 2026-05-30 |
0.115.0 | Review | 62 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem cargo [email protected]