Well the real developer of GGM Photon actually couldn't find any malicious code:
"Ill give you cedit that you actually take only 1% dev fee total and do not steal passwords, however the solvers you are using are published under
https://github.com/tromp/cuckoo/blob/master/LICENSE.txt 4 so you might want to change that second protonmail account back to
grincouncil@protonmail.com"
But yeah it's always better to compile from the source (you can take their 2% fee out if you know how to edit code)