Go modules · proxy.golang.org
github.com/devlikebear/tars
Remote Payload: matched "github.com/%s/releases/download"
Why PkgRadar flagged v0.34.2
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/%s/releases/download" · github.com/devlikebear/[email protected]/internal/release/release.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/devlikebear/[email protected]/internal/skillhub/registry.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/devlikebear/[email protected]/internal/skillhub/sources/anthropic/source.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/devlikebear/[email protected]/internal/skillhub/sources/hermes/source.go |
| medium | Remote Payload | matched "curl " · github.com/devlikebear/[email protected]/internal/tool/prompt_validation.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.34.2 | High risk | 60 | 2026-06-10 |
v0.34.1 | High risk | 60 | 2026-06-08 |
v0.34.0 | High risk | 60 | 2026-06-08 |
v0.33.4 | High risk | 60 | 2026-06-03 |
v0.33.2 | High risk | 60 | 2026-06-03 |
v0.33.0 | High risk | 60 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem go github.com/devlikebear/[email protected]