PkgRadar

PyPI · pypi.org

veloxml-cli

Messenger Bot Endpoint: matched "discordapp.com/api/webhooks/" — messenger-bot URL without exfil context (likely a notification handler)

Early detection

PkgRadar flagged this 1h before public disclosure

Detected 2026-05-28 · disclosed as MAL-2026-4862 on 2026-05-28

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.0Review52026-05-28

Block this in CI

PkgRadar gates veloxml-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi veloxml-cli==0.1.0
Start free — 25 scans / moView full evidence