First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
75/100
Findings (2)
Detects patterns of downloading and piping to shell execution
curl | shDownload the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.
Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.
Detects MCP server configurations connecting to non-localhost remote URLs
"url": "https://api.github.com/..."Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.
Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).