oebb-scotty

clawhub:oebb-scotty

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 5

Findings (5)

LOW

Download binary or archive from URL EXTDL_016

external-download L48

Detects downloading binary, archive, or installer files from remote URLs

curl -s -X POST "https://fahrplan.oebb.at/bin/mgate.exe

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

LOW

Download binary or archive from URL EXTDL_016

external-download L110

Detects downloading binary, archive, or installer files from remote URLs

curl -s -X POST "https://fahrplan.oebb.at/bin/mgate.exe

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

LOW

Download binary or archive from URL EXTDL_016

external-download L224

Detects downloading binary, archive, or installer files from remote URLs

curl -s -X POST "https://fahrplan.oebb.at/bin/mgate.exe

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

LOW

Download binary or archive from URL EXTDL_016

external-download L271

Detects downloading binary, archive, or installer files from remote URLs

curl -s -X POST "https://fahrplan.oebb.at/bin/mgate.exe

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

LOW

Download binary or archive from URL EXTDL_016

external-download L336

Detects downloading binary, archive, or installer files from remote URLs

curl -s -X POST "https://fahrplan.oebb.at/bin/mgate.exe

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.