moltrade

clawhub:moltrade

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Git clone and execute chain SUPPLY_012

supply-chain L52

Detects git clone of repositories followed by execution of cloned content

git clone https://github.com/hetu-project/moltrade.git` + cd moltrade/trader && pip install

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.

LOW

Mutable GitHub raw content reference THIRDPARTY_002

third-party-content L16

Detects references to raw.githubusercontent.com on mutable branches like main/master

raw.githubusercontent.com/hetu-project/moltrade/main/

FIX

Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.

FP?

Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.