Go modules · proxy.golang.org

github.com/kaiko-ai/policy-bot

Remote Payload: matched "cURL "

Why PkgRadar flagged v0.0.0-20260604101855-9d0d5aef9e64

Severity	Signal	Evidence
medium	Remote Payload	matched "cURL " · github.com/kaiko-ai/[email protected]/server/handler/details.go
medium	Remote Payload	matched "cURL " · github.com/kaiko-ai/[email protected]/server/handler/details_reviewers.go
medium	Remote Payload	matched "cURL " · github.com/kaiko-ai/[email protected]/server/handler/eval_context.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260604101855-9d0d5aef9e64`	High risk	36	2026-06-05
`v0.0.0-20260604094318-33b537522c97`	High risk	36	2026-06-05
`v0.0.0-20260529124203-cd9996339cc6`	Review	36	2026-05-30
`v0.0.0-20260528104742-3a9e620b6073`	Review	36	2026-05-29

Block this in CI

PkgRadar gates github.com/kaiko-ai/policy-bot (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/kaiko-ai/[email protected]