multi-factor-strategy

clawhub:multi-factor-strategy

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

pip install arbitrary package EXTDL_009

external-download L15

Detects pip install of arbitrary packages that modify the host environment

pip install qu

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

Git clone and execute chain SUPPLY_012

supply-chain L18

Detects git clone of repositories followed by execution of cloned content

git clone https://gitcode.com/datavoid/quantcli.git + cd quantcli
pip install

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.