First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
9
Score
100/100
Findings (9)
Detects downloading binary, archive, or installer files from remote URLs
curl https://example.com/file.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
load
curl -X POST https:// + configAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.
Detects downloading binary, archive, or installer files from remote URLs
curl -r 0-1000 https://example.com/large-file.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.
Detects downloading binary, archive, or installer files from remote URLs
download
curl -C - -O https://example.com/large-file.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.
Detects downloading binary, archive, or installer files from remote URLs
curl -O https://example.com/file.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.
Detects downloading binary, archive, or installer files from remote URLs
curl -o myfile.zip https://example.com/file.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.
Detects downloading binary, archive, or installer files from remote URLs
curl -O https://example.com/file1.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.
Detects downloading binary, archive, or installer files from remote URLs
download
curl -C - -O https://example.com/large-file.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.
Detects downloading binary, archive, or installer files from remote URLs
curl -# -O https://example.com/large-file.zipVerify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.
Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.