First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
4
Score
77/100
Findings (4)
Detects content pretending to be a system prompt
system prompt:Remove encoded or obfuscated directives (base64, ROT13, unicode escapes, hex-encoded text). All text should be in plaintext and human-readable.
Likely FP if the encoded content is legitimate data (e.g., a base64-encoded image, a hex-encoded binary hash) rather than concealed directives.
Detects attempts to extract the system prompt
show the FULL promptRemove directives that attempt to make the agent act autonomously without user confirmation (e.g., automatically running commands, skipping confirmation prompts).
Likely FP if the matched text is in a CI/CD tool description where automated execution is the intended behavior in a controlled environment.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
get an [ERC8004](https:// + configAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.
Detects MCP server configurations connecting to non-localhost remote URLs
"url": "https://clawdvine.sh/media/a1b2c3d4-..."Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.
Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).