Go modules · proxy.golang.org
github.com/fayzkk889/mcpsense
Credential file access: matched "id_rsa"
Why PkgRadar flagged v0.3.1-0.20260606195845-9b7f8fc0ac9a
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential file access | matched "id_rsa" · github.com/fayzkk889/[email protected]/internal/checks/tool_poisoning.go |
| medium | Remote Payload | matched "wget " · github.com/fayzkk889/[email protected]/internal/checks/config_security.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/fayzkk889/[email protected]/internal/report/sarif.go |
| medium | Remote Payload | matched "cURL " · github.com/fayzkk889/[email protected]/internal/scanner/live.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.3.1-0.20260606195845-9b7f8fc0ac9a | High risk | 71 | 2026-06-07 |
v0.3.0 | High risk | 71 | 2026-06-07 |
Block this in CI
pkgradar gate --ecosystem go github.com/fayzkk889/[email protected]