openclaw-search-tool

clawhub:openclaw-search-tool

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Cargo or gem install from remote EXTDL_012

external-download L25

Detects cargo install or gem install fetching packages from remote registries

cargo install o

FIX

Pin Cargo/Gem packages to specific versions (e.g., cargo install tool@0.1.0, gem install tool -v 1.2.3). Use lock files for reproducibility.

FP?

Likely FP if the matched text is a very short fragment (3 words or fewer) or uses placeholder package names.

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L28

Detects URLs fetched at runtime that control or influence agent behavior without pinning

Get a key at https:// + prompt

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.