AURWatch watches the Arch User Repository so you don't have to read every PKGBUILD yourself: it scans every package for dangerous patterns (remote code execution, curl | sh, obfuscated payloads, untrusted download hosts) with static rules plus an AI second opinion, and re-scans every 2 hours.
It's a one-person side project that I build, run and pay for myself. If a package ever gets flagged wrongly, that's an honest mistake on my end and never an accusation against the maintainer. Just hit Report a package and I'll sort it out.
Wrong verdict, or a package we missed?
Recently flagged (last 24h)
All packages →| Package | Maintainer | Votes | Severity | Triggered rules |
|---|---|---|---|---|
| gitio-git | gameplayer | 0 | HIGH | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| mcc | zyriu1 | 0 | HIGH | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| newitemmonitor | AsukaMinato | 0 | HIGH piracy | npm/yarn/pnpm install of an undeclared external package, AI review of an ambiguous pattern |
| osu-lazer-appimage | normandfdf | 0 | HIGH | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| sublime-text-2 | carstene1ns | 540 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| wps-office | Universebenzene | 490 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| wps-office-mime | Universebenzene | 490 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| chromium-widevine | envolution | 429 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| spideroak-one | warnem2 | 263 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| enemy-territory | The_Loko | 259 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| enemy-territory-data | The_Loko | 259 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| vmware-workstation | JulianXhokaxhiu | 243 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| epsxe | hav3lock | 227 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| palemoon-bin | oberon2007 | 196 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| filebot | mithrial | 138 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| lightworks | fishmonger | 134 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| acestream-engine | qark | 131 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| itch-setup-bin | FabioLolix | 127 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| quake3 | Slash | 121 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| bin32-jre | horymirjaros | 119 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| fcitx-sogoupinyin | qft | 112 | MEDIUM | External download from an untrusted host, not in source=(), AI review of an ambiguous pattern |
| java3d | jose1711 | 107 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| jdk8 | severach | 103 | MEDIUM | source=() URL on a non-standard host, AI review of an ambiguous pattern |
| pcloud-drive | zbe | 94 | MEDIUM | External download from an untrusted host, not in source=(), source=() URL on a non-standard host, AI review |
| tixati | goll | 88 | MEDIUM | source=() URL on a non-standard host, AI review |
| enpass-bin | tadly | 87 | MEDIUM | source=() URL on a non-standard host, AI review |
| amdapp-sdk | rigred | 84 | MEDIUM | source=() URL on a non-standard host, AI review |
| amdapp-sdk-opencv | rigred | 84 | MEDIUM | source=() URL on a non-standard host, AI review |
| amdapp-sdk-nocatalyst | rigred | 84 | MEDIUM | source=() URL on a non-standard host, AI review |
| amdapp-sdk-docs | rigred | 84 | MEDIUM | source=() URL on a non-standard host, AI review |
| bouml | yngvelevin | 80 | MEDIUM | source=() URL on a non-standard host, AI review |
| kindlegen | alerque | 78 | MEDIUM | source=() URL on a non-standard host, AI review |
| staruml | CookieUniverse | 72 | MEDIUM | source=() URL on a non-standard host, AI review |
| osu | R0dn3yS | 67 | MEDIUM | source=() URL on a non-standard host, AI review |
| savage2 | Slash | 65 | MEDIUM | source=() URL on a non-standard host, AI review |
| parsec-bin | zen | 57 | MEDIUM | source=() URL on a non-standard host, AI review |
| vibrancy-colors | oberon2007 | 57 | MEDIUM | source=() URL on a non-standard host, AI review |
| quake4 | Slash | 55 | MEDIUM | source=() URL on a non-standard host, AI review |
| ventoy | Toolybird | 55 | MEDIUM | source=() URL on a non-standard host, AI review |
| android-support-repository | smoak | 54 | MEDIUM | source=() URL on a non-standard host, AI review |
| noip | runnytu | 54 | MEDIUM | source=() URL on a non-standard host, AI review |
| xmind | bacteriostat | 54 | MEDIUM | source=() URL on a non-standard host, AI review |
| unified-remote-server | blackhole | 53 | MEDIUM | source=() URL on a non-standard host, AI review |
| ocenaudio-bin | LibertyGM | 50 | MEDIUM | source=() URL on a non-standard host, AI review |
| 2gis | AlexTalker | 49 | MEDIUM | source=() URL on a non-standard host, AI review |
| gitter-bin | markvanderveiver | 49 | MEDIUM | source=() URL on a non-standard host, AI review |
| freedownloadmanager | rizwan486 | 47 | MEDIUM | source=() URL on a non-standard host, AI review |
| warsaw-bin | tioguda | 47 | MEDIUM | source=() URL on a non-standard host, AI review |
| hybrid-encoder | JohnyRi | 46 | MEDIUM | source=() URL on a non-standard host, AI review |
| nautilus-megasync | levinit | 46 | MEDIUM | source=() URL on a non-standard host, AI review |
| feedthebeast-classic | FurTabs | 45 | MEDIUM | source=() URL on a non-standard host, AI review |
| jre8 | zen | 45 | MEDIUM | source=() URL on a non-standard host, AI review |
| proton-pass-bin | DodoGTA | 44 | MEDIUM | source=() URL on a non-standard host, AI review |
| ripcord | Aanok | 44 | MEDIUM | source=() URL on a non-standard host, AI review |
| fiddler-appimage | alstruit | 42 | MEDIUM | source=() URL on a non-standard host, AI review |
| pulse-secure | akosmolnar | 40 | MEDIUM | source=() URL on a non-standard host, AI review |
| ultravnc-viewer | Muflone | 40 | MEDIUM | source=() URL on a non-standard host, AI review |
| mikutter | Gomasy | 39 | MEDIUM | External install via pipx/uv/poetry/cargo/go/gem, source=() URL on a non-standard host, AI review |
| warsaw | nicolascomman | 39 | MEDIUM | source=() URL on a non-standard host, AI review |
| nx3-all | filipprochazkova | 38 | MEDIUM | source=() URL on a non-standard host, AI review |
| slimjet | ahmedmoselhi | 36 | MEDIUM | External download from an untrusted host, not in source=(), AI review |
| termius | tbk | 36 | MEDIUM | source=() URL on a non-standard host, AI review |
| valentina-studio | bobolin | 36 | MEDIUM | source=() URL on a non-standard host, AI review |
| astah-community | phillipe | 35 | MEDIUM | source=() URL on a non-standard host, AI review |
| opera | Refreeze5911 | 35 | MEDIUM | source=() URL on a non-standard host, AI review |
| xp-pen-tablet | labaman | 35 | MEDIUM | source=() URL on a non-standard host, AI review |
| mssql-server | too | 32 | MEDIUM | source=() URL on a non-standard host, AI review |
| jpcsp | soimort | 31 | MEDIUM | source=() URL on a non-standard host, AI review |
| todoist-appimage | rafaelco | 30 | MEDIUM | source=() URL on a non-standard host, AI review |
| ida-free | fatalis | 29 | MEDIUM | source=() URL on a non-standard host, AI review |
| linuxsampler-svn | reesewang | 29 | MEDIUM | source=() URL on a non-standard host, AI review |
| whatpulse | otsegolo | 29 | MEDIUM | source=() URL on a non-standard host, AI review |
| wolf | Slash | 29 | MEDIUM | source=() URL on a non-standard host, AI review |
| bluemail | alissonlauffer | 28 | MEDIUM | source=() URL on a non-standard host, AI review |
| imagescan-plugin-networkscan | buzo | 28 | MEDIUM | source=() URL on a non-standard host, AI review |
| notion-app-electron | AsukaMinato | 28 | MEDIUM | source=() URL on a non-standard host, AI review |
| surfshark-client | otaj | 28 | MEDIUM | source=() URL on a non-standard host, AI review |
| clash-for-windows-bin | Jat | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| nodejs-mkdirp | annikkitikkanen | 27 | MEDIUM | npm/yarn/pnpm install of an undeclared external package, AI review |
| vk-messenger | CryZFix | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| windsurf | watzon | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| windsurf-electron-latest | watzon | 27 | MEDIUM | source=() URL on a non-standard host, AI review |
| 8188eu-dkms | julieiversen | 26 | MEDIUM | source=() URL on a non-standard host, AI review |
| cmakeed | snack | 26 | MEDIUM | source=() URL on a non-standard host, AI review |
| ayugram-desktop-bin | RSG245 | 25 | MEDIUM | source=() URL on a non-standard host, AI review |
| pureref | meepzh | 25 | MEDIUM | External download from an untrusted host, not in source=(), source=() URL on a non-standard host, AI review |
| andyetitmoves | jose1711 | 24 | MEDIUM | External download from an untrusted host, not in source=(), AI review |
| editix-free | Geballin | 24 | MEDIUM | source=() URL on a non-standard host, AI review |
| kdrive-bin | Frankkkkk | 24 | MEDIUM | source=() URL on a non-standard host, AI review |
| local-by-flywheel-bin | peddamax | 24 | MEDIUM | source=() URL on a non-standard host, AI review |
| obinskit | ScoopNewsworthy | 24 | MEDIUM | source=() URL on a non-standard host, AI review |
| prey | robertfoster | 24 | MEDIUM | source=() URL on a non-standard host, AI review |
| flirc-bin | jsteel | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| r-linux | mrxx | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| samsung_magician-consumer-ssd | oberon2007 | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| synergy2-bin | jaap | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| yandex-music-windows | CucumberSpace | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| z-library-bin | macdems | 23 | MEDIUM | source=() URL on a non-standard host, AI review |
| insync-nautilus | edh | 22 | MEDIUM | source=() URL on a non-standard host, AI review |
| plex-desktop | username227 | 22 | MEDIUM | source=() URL on a non-standard host, AI review |
| soundwire | Max-P | 22 | MEDIUM | source=() URL on a non-standard host, AI review |
| wechat-devtools | theahermann | 22 | MEDIUM | npm/yarn/pnpm install of an undeclared external package, source=() URL on a non-standard host, AI review downgraded a static finding |
| wootility | AlphaLynx | 22 | MEDIUM | source=() URL on a non-standard host, AI review |
| etlegacy | jorgicio | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| etlegacy-mod | jorgicio | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| forticlient | rhysperry111 | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| max-bin | kuhtoxo | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| nemo-megasync | RaCoMed | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| surfshark-vpn-cli-bin | goshawk22 | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| ticktick | Aerz | 21 | MEDIUM | source=() URL on a non-standard host, AI review |
| hayase-desktop-bin | Duwangel | 20 | MEDIUM | source=() URL on a non-standard host, AI review |
| preloader-signed | nl6720 | 20 | MEDIUM | source=() URL on a non-standard host, AI review |
| tableplus | sistematico | 20 | MEDIUM | source=() URL on a non-standard host, AI review |
| texturepacker | konez2k | 20 | MEDIUM | source=() URL on a non-standard host, AI review |
| typora-free | irgendwr | 20 | MEDIUM | source=() URL on a non-standard host, AI review |
| popular-packages | Xavion | 19 | MEDIUM | source=() URL on a non-standard host, AI review |
| whatsdesk-bin | Abzie | 19 | MEDIUM | source=() URL on a non-standard host, AI review |
| ancient-packages | Xavion | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| encryptr | svantehedlund | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| lunacy-bin | smowtenshi | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| mathpix-snipping-tool | daizhirui | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| torguard | ABOhiccups | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| vpn-unlimited-bin | lextruel | 18 | MEDIUM | source=() URL on a non-standard host, AI review |
| f1multiviewer-bin | extremtechniker | 17 | MEDIUM | source=() URL on a non-standard host, AI review |
| gdlauncher-bin | inetol | 17 | MEDIUM | source=() URL on a non-standard host, AI review |
| gerrit | tarball | 17 | MEDIUM | source=() URL on a non-standard host, AI review |
| iriunwebcam-bin | xiota | 17 | MEDIUM | source=() URL on a non-standard host, AI review |
| aftershotpro3 | ava1ar | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| atomicwallet | Bink | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| hdsentinel | Archttila | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| jriver-media-center | blackhole | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| lightworks-beta | fishmonger | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| mu-editor | daniel7 | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| nosqlbooster-mongodb | Dani0x1B | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| openmpt | andrewlin16 | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| sendanywhere | nailington | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| trillian | mwawrzyniak | 16 | MEDIUM | source=() URL on a non-standard host, AI review |
| abrowser-bin | figue | 15 | MEDIUM | External download from an untrusted host, not in source=(), source=() URL on a non-standard host, AI review |
| android-google-apis | Muflone | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| awsvpnclient | project0 | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| dangerzone-bin | username227 | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| hoffice | 00ein00 | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| huiontablet | jhon | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| luxcorerender | bartus | 15 | MEDIUM | External install via pipx/uv/poetry/cargo/go/gem, AI review |
| openssh-hpn | zer0def | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| openssh-hpn-shim | zer0def | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| qqmusic-bin | Rukkhadevata123 | 15 | MEDIUM | source=() URL on a non-standard host, AI review |
| baidunetdisk-electron | KafCoppelia | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| bootstrap-studio | nathawat_a | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| bubbleupnpserver | FabioLolix | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| citra-appimage | AlphaJack | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| f5vpn | zrhoffman | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| filebot47 | carolinedroz | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| furmark | vinicentus | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| gitbutler-bin | DanielB | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| lkeyholetv | tomoaki | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| sac-core | grawity | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| sac-gui | grawity | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| sir | szlachar | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| superbeam | a-ludi | 14 | MEDIUM | source=() URL on a non-standard host, AI review |
| chatbox-bin | richin13 | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| doom3-bin | Slash | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| gfxbench | laetitiavermeil | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| gopanda | dakling | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| insync-thunar | yurikoles | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| keeper-password-manager | malina | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| mattercontrol | unlimitedbacon | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| muse-sounds-manager-bin | aliu | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| o3de-bin | xaque | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| openprinting-ppds-postscript-ricoh | alexanderp | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| orientdb-community | thilodoring | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| picoscope | mti | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| remote-desktop-manager | tgm4883 | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| softmaker-office-2016-bin | WorMzy | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| vuze-extreme-mod | thilodoring | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| ynab4 | pingwin840 | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| yozo-office | zxp19821005 | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| yozo-office-fonts | zxp19821005 | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| yozo-office-templates | zxp19821005 | 13 | MEDIUM | source=() URL on a non-standard host, AI review |
| eden-bin | ZachAR3 | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| flclash-bin | zxp19821005 | 12 | MEDIUM | AI review of an ambiguous pattern |
| gnome-encfs-manager-bin | xiota | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| joxi | gyorgykocsis | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| mendeley-reference-manager | chiwanpark | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| ocztoolbox | Muflone | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| ostorybook | macxcool | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| safesignidentityclient | pedrohqb | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| sejda-desktop | thibaultmol | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| spotify-edge | Gobidev | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| vstax | StreakyCobra | 12 | MEDIUM | source=() URL on a non-standard host, AI review |
| cisco-secure-client | dmsh | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| datomic-bin | harrigan | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| pixeluvo | severach | 11 | MEDIUM | External download from an untrusted host, not in source=(), source=() URL on a non-standard host, AI review |
| qqmusic-electron | sukanka | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| ripcord-arch-libs | txtsd | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| todesk-bin | witt.9099 | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| tresorit | chriffpy | 11 | MEDIUM | source=() URL on a non-standard host, AI review |
| acme-sac | fmoralesc | 10 | MEDIUM | source=() URL on a non-standard host, AI review |
| chef-workstation | tmoore | 10 | MEDIUM | source=() URL on a non-standard host, AI review |
| chromium-extension-https-everywhere | noahvogt | 10 | MEDIUM | source=() URL on a non-standard host, AI review |