ziptax

clawhub:ziptax

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 3

Findings (3)

LOW

Download binary or archive from URL EXTDL_016

external-download L22

Detects downloading binary, archive, or installer files from remote URLs

curl -s "https://api.zip

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

LOW

Download binary or archive from URL EXTDL_016

external-download L28

Detects downloading binary, archive, or installer files from remote URLs

curl -s "https://api.zip

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.

LOW

Download binary or archive from URL EXTDL_016

external-download L34

Detects downloading binary, archive, or installer files from remote URLs

curl -s "https://api.zip

FIX

Verify the integrity of downloaded binaries or archives using SHA-256 checksums or GPG signatures. Pin download URLs to specific versions and avoid fetching from unverified sources.

FP?

Likely FP if the download is from github.com or githubusercontent.com for a specific tagged release with documented checksums.