moltguard

clawhub:moltguard

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Runtime URL controls agent behavior EXTDL_001

external-download L727

Detects skills fetching external URLs to use as runtime instructions

curl -L -o /tmp/test-email.txt https://raw.githubusercontent.com + prompt

FIX

Pin the downloaded resource to a specific version or commit hash, and verify its integrity with a checksum (SHA-256). Avoid fetching scripts or binaries from arbitrary URLs at runtime.

FP?

Likely FP if the download URL points to a well-known CDN or package registry (e.g., npmjs.com, pypi.org) and is pinned to a specific version.

LOW

Mutable GitHub raw content reference THIRDPARTY_002

third-party-content L727

Detects references to raw.githubusercontent.com on mutable branches like main/master

raw.githubusercontent.com/openguardrails/moltguard/main/

FIX

Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.

FP?

Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.