PkgRadar

PyPI · pypi.org

garmin-mcp-gt

Webhook Exfil Endpoint: matched "ngrok.app"

Why PkgRadar flagged 0.1.6

SeveritySignalEvidence
highWebhook Exfil Endpointmatched "ngrok.app" · garmin_mcp_gt-0.1.6/ui/node_modules/psl/data/rules.js

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.6High risk402026-06-04
0.1.5High risk402026-06-04
0.1.4High risk402026-06-04
0.1.3High risk402026-06-04
0.1.2High risk402026-06-04
0.1.0Low risk02026-05-30

Block this in CI

PkgRadar gates garmin-mcp-gt (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi garmin-mcp-gt==0.1.6
Start free — 25 scans / moView full evidence