Go modules · proxy.golang.org
github.com/jholhewres/devclaw
Remote Payload: matched "github.com/microsoft/onnxruntime/releases/download"
Why PkgRadar flagged v1.19.3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/microsoft/onnxruntime/releases/download" · github.com/jholhewres/[email protected]/pkg/devclaw/copilot/memory/embeddings_onnx.go |
| medium | Remote Payload | matched "curl " · github.com/jholhewres/[email protected]/pkg/devclaw/copilot/subagent.go |
| medium | Remote Payload | matched "curl " · github.com/jholhewres/[email protected]/pkg/devclaw/sandbox/exec_docker.go |
| medium | Remote Payload | matched "cURL " · github.com/jholhewres/[email protected]/pkg/devclaw/webui/server.go |
| medium | Credential file access | matched ".ssh\\" · github.com/jholhewres/[email protected]/pkg/devclaw/sandbox/policy.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.19.3 | High risk | 73 | 2026-06-17 |
v1.19.0 | High risk | 73 | 2026-06-17 |
v1.19.1 | High risk | 73 | 2026-06-17 |
v1.19.2 | High risk | 73 | 2026-06-17 |
v1.20.0 | High risk | 73 | 2026-06-17 |
Block this in CI
pkgradar gate --ecosystem go github.com/jholhewres/[email protected]