botcoin-miner

clawhub:botcoin-miner

View source

85/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

85/100

HIGH 1

LOW 1

Findings (2)

HIGH

Binary download and execute EXTDL_007

external-download L50

Detects downloading a binary file followed by making it executable

wget https://github.com/happybigmtn/botcoin/releases/download + chmod +x

FIX

Pin the download to a specific version tag or commit hash. Verify the downloaded file's checksum before using it. Avoid piping curl output directly to a shell.

FP?

Likely FP if downloading from an official, well-known domain (e.g., deno.land, rustup.rs) with HTTPS, though this pattern remains risky even with trusted sources.

LOW

Download binary or archive from URL EXTDL_016

external-download L50

Detects downloading binary, archive, or installer files from remote URLs

wget https://github.com/happybigmtn/botcoin/releases/download/v0.2.0/botcoin-v0.2.0-linux-x86_64.tar.gz

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.