Go modules · proxy.golang.org
github.com/StacklokLabs/toolhive
Remote Payload: matched "curl "
Why PkgRadar flagged v0.29.2-0.20260605152852-4a9af53f2080
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/stackloklabs/[email protected]/cmd/thv/app/tui.go |
| medium | Remote Payload | matched "cURL " · github.com/stackloklabs/[email protected]/pkg/auth/oauth/oidc.go |
| medium | Remote Payload | matched "Curl " · github.com/stackloklabs/[email protected]/pkg/tui/keys.go |
| medium | Remote Payload | matched "curl " · github.com/stackloklabs/[email protected]/pkg/tui/view_statusbar.go |
| medium | Credential file access | matched ".npmrc" · github.com/stackloklabs/[email protected]/pkg/runner/protocol.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.29.2-0.20260605152852-4a9af53f2080 | High risk | 68 | 2026-06-07 |
v0.27.1 | High risk | 68 | 2026-06-07 |
v0.27.2 | High risk | 68 | 2026-06-07 |
Block this in CI
pkgradar gate --ecosystem go github.com/StacklokLabs/[email protected]