First Seen
Feb 19, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
75/100
Findings (2)
Detects patterns of downloading and piping to shell execution
curl | shDownload the file first, verify its integrity (checksum, signature), inspect it, then run it. Prefer package managers over raw downloads. Never fetch-and-run in one step.
Likely FP if the target is a well-known installer (e.g., rustup, Homebrew) from its canonical HTTPS domain, though the pattern is inherently risky.
Detects URLs fetched at runtime that control or influence agent behavior without pinning
Get it at https:// + configAvoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.
Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.