First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
70/100
Findings (2)
Detects cloud provider token and credential endpoints
oauth2.googleapis.com/tokenBlock access to cloud instance metadata services using IMDSv2 token requirements, network rules, or iptables. This is a critical vector for credential theft in cloud environments.
Likely FP if the match is in security documentation explaining how to protect against SSRF/IMDS attacks rather than code that accesses the metadata service.
Detects downloading a binary file followed by making it executable
curl -L -o ~/.local/bin/cloudflared https://github.com/cloudflare/cloudflared/releases/latest/download + chmod +xPin the download to a specific version tag or commit hash. Verify the downloaded file's checksum before using it. Avoid piping curl output directly to a shell.
Likely FP if downloading from an official, well-known domain (e.g., deno.land, rustup.rs) with HTTPS, though this pattern remains risky even with trusted sources.