domain

clawhub:domain

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Arbitrary MCP server execution MCP_011

mcp-attack L32

Detects execution of MCP servers from arbitrary paths, URLs, or user-controlled commands

call https://api.domainkits.com/v1/mcp.

FIX

Block MCP tools from shadowing or overriding built-in tools. Implement tool name uniqueness validation and prevent tools from registering names that conflict with system tools.

FP?

Likely FP if the tool has a name similar to a built-in tool by coincidence (e.g., a search tool) without malicious intent to override system behavior.

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L70

Detects URLs fetched at runtime that control or influence agent behavior without pinning

Get your API key at https:// + config

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.