PkgRadar

Go modules · proxy.golang.org

gitea.lerkolabs.com/lerkolabs/uptop

Webhook Exfil Endpoint: matched "discord.com/api/webhooks/"

Why PkgRadar flagged v0.1.0-rc.4.0.20260612233855-de51dde6e63f

SeveritySignalEvidence
highWebhook Exfil Endpointmatched "discord.com/api/webhooks/" · gitea.lerkolabs.com/lerkolabs/[email protected]/cmd/uptop/main.go
mediumRemote Payloadmatched "curl " · gitea.lerkolabs.com/lerkolabs/[email protected]/internal/tui/view_detail.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.1.0-rc.4.0.20260612233855-de51dde6e63fHigh risk672026-06-14
v0.1.0-rc.3High risk672026-06-14
v0.1.0-rc.1High risk672026-06-14
v0.1.0-rc.2High risk672026-06-13
v0.1.0-rc.4.0.20260612214748-eff67332aa4eHigh risk672026-06-13
v0.1.0-rc.4High risk672026-06-13

Related campaigns

Block this in CI

PkgRadar gates gitea.lerkolabs.com/lerkolabs/uptop (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go gitea.lerkolabs.com/lerkolabs/[email protected]
Start free — 25 scans / moView full evidence