Go modules · proxy.golang.org

github.com/mr-pmillz/GoGatoZ

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged v0.5.1-0.20260603223657-1ba8799726fa

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/mr-pmillz/[email protected]/cmd/enumerate.go
medium	Remote Payload	matched "curl " · github.com/mr-pmillz/[email protected]/pkg/attack/payloads/infostealer.go
medium	Remote Payload	matched "iwr " · github.com/mr-pmillz/[email protected]/pkg/attack/payloads/payloads.go
medium	Remote Payload	matched "curl " · github.com/mr-pmillz/[email protected]/pkg/attack/secrets.go
medium	Remote Payload	matched "curl " · github.com/mr-pmillz/[email protected]/pkg/enumerate/report/exploit.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.5.1-0.20260603223657-1ba8799726fa`	High risk	65	2026-06-05
`v0.4.9`	High risk	65	2026-06-05
`v0.4.3`	High risk	65	2026-06-05
`v0.4.5`	High risk	65	2026-06-05
`v0.4.8`	High risk	65	2026-06-05
`v0.4.4`	High risk	65	2026-06-05
`v0.4.6`	High risk	65	2026-06-05
`v0.4.7`	High risk	65	2026-06-05
`v0.5.0`	High risk	65	2026-06-05

Block this in CI

PkgRadar gates github.com/mr-pmillz/GoGatoZ (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/mr-pmillz/[email protected]