beeper-cli

clawhub:beeper-cli

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L23

Detects URLs fetched at runtime that control or influence agent behavior without pinning

Download from [releases](https:// + Settings

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.

LOW

go install from remote EXTDL_010

external-download L26

Detects go install fetching and compiling arbitrary Go packages

go install github.com/foeken/beeper-cli@

FIX

Pin Go install targets to a specific version (e.g., go install example.com/tool@v1.2.3). Avoid @latest as it fetches whatever is currently published.

FP?

Likely FP if the go install target is a well-known tool (e.g., golang.org/x/ packages) pinned to a specific version in documentation.