First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
15
Score
70/100
Findings (15)
Detects patterns indicating sensitive data being sent to external services
exfiltrate dataRestrict file reading to the project directory and block outbound network calls that include file contents. Implement file path validation to prevent directory traversal.
Likely FP if the tool legitimately reads project files and displays them to the user locally, without sending data to external services.
Detects shell metacharacters (pipes, backticks, subshells) in MCP server command arguments
"command":"ls"}'` or `'{"channel":"whatsapp","to":"+1..."}'`Remove credentials (API keys, tokens, passwords) from MCP server configuration. Use environment variable references (e.g., ${API_KEY}) or a secrets manager instead of inline values.
Likely FP if the credential value is a placeholder (e.g., your-api-key-here, sk_test_xxx) in example configuration.
Detects npx executing packages from unverified sources without pinned versions
npx @aporthq/aport-agent-guardrails
Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.
Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.
Detects npx executing packages from unverified sources without pinned versions
npx @aporthq/aport-agent-guardrails Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.
Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.
Detects npx executing packages from unverified sources without pinned versions
npx @aporthq/aport-agent-guardrails
Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.
Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.
Detects npx executing packages from unverified sources without pinned versions
npx @aporthq/aport-agent-guardrails Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.
Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
Get your `agent_id` at [aport.io](https:// + promptAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.
Detects git clone of repositories followed by execution of cloned content
git clone https://github.com/aporthq/aport-agent-guardrails + cd aport-agent-guardrails
./bin/openclawReview the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.
Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/aporthq/aport-agent-guardrails/blob/main/docs/QUICKSTART_OPENCLAW_PLUGIN.md)Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/aporthq/aport-agent-guardrails/blob/main/docs/HOSTED_PASSPORT_SETUP.md)Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects npx executing packages from unverified sources without pinned versions
npx @aporthq/aport-agent-guardrails Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.
Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/aporthq/aport-agent-guardrails/blob/main/extensions/openclaw-aport/README.md).Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/aporthq/aport-agent-guardrails/blob/main/docs/QUICKSTART_OPENCLAW_PLUGIN.md)Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/aporthq/aport-agent-guardrails/blob/main/docs/HOSTED_PASSPORT_SETUP.md)Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.
Detects references to raw.githubusercontent.com on mutable branches like main/master
github.com/aporthq/aport-agent-guardrails/blob/main/docs/TOOL_POLICY_MAPPING.md)Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.
Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.