Go modules · proxy.golang.org
github.com/hexagon-codes/hexclaw
Remote Payload: matched "curl "
Why PkgRadar flagged v0.4.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/hexagon-codes/[email protected]/security/skill_scanner.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/hexagon-codes/[email protected]/skill/hub/hub.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/hexagon-codes/[email protected]/skill/hub/mcp_hub.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.4.1 | High risk | 41 | 2026-06-04 |
Block this in CI
pkgradar gate --ecosystem go github.com/hexagon-codes/[email protected]