Go modules · proxy.golang.org

github.com/luckyPipewrench/pipelock

Webhook Exfil Endpoint: matched "requestbin.com"

Why PkgRadar flagged v1.5.1-0.20260601014236-069a2e7f259b

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "requestbin.com" · github.com/luckypipewrench/[email protected]/internal/config/defaults.go
high	Webhook Exfil Endpoint	matched "webhook.site" · github.com/luckypipewrench/[email protected]/internal/projectscan/suggest.go
high	DNS / OAST exfiltration	matched "burpcollaborator.net" · github.com/luckypipewrench/[email protected]/configs/hostile-model.yaml
medium	Remote Payload	matched "curl " · github.com/luckypipewrench/[email protected]/internal/cli/diag/demo.go
medium	Remote Payload	matched "curl " · github.com/luckypipewrench/[email protected]/internal/cli/diag/test.go
medium	Remote Payload	matched "curl " · github.com/luckypipewrench/[email protected]/internal/cli/runtime/sandbox.go
medium	Remote Payload	matched "webhook.site" · github.com/luckypipewrench/[email protected]/internal/projectscan/suggest.go
medium	Remote Payload	matched "cURL " · github.com/luckypipewrench/[email protected]/internal/proxy/forward.go
medium	Remote Payload	matched "curl " · github.com/luckypipewrench/[email protected]/internal/session/taint_classify.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.5.1-0.20260601014236-069a2e7f259b`	High risk	253	2026-06-02

Block this in CI

PkgRadar gates github.com/luckyPipewrench/pipelock (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/luckyPipewrench/[email protected]