brew package intelligence

curl

Automic Vault tracks curl because plain text http credentials matters when AI agents run command-line tools on macOS.

Read docs Run scanner

overview

What Automic Vault knows about curl

Get a file from an HTTP, HTTPS or FTP server

Homepage

Not present in the local metadata.

Commands and aliases

No executable aliases were found in the local package database.

radioisotope

Plain Text HTTP Credentials

`curl` can read reusable HTTP credentials from ~/.netrc and ~/.curlrc. Automic Vault currently detects this exposure but does not yet provide a migration or package modification for curl.

Local README excerpt

curl Radioisotope Detector

This detector reports plaintext curl credentials in user-level config files. It does not currently migrate credentials or modify curl.

Detected hazards:

~/.netrc machine passwords
~/.curlrc user, proxy-user, bearer token, and Authorization settings

Source: data/radioisotopes/curl/README.md

Coverage source

https://formulae.brew.sh/formula/curl

Caveats

We detect non-empty netrc passwords.
We detect clear auth options and Authorization headers in ~/.curlrc.
Per-command credentials passed directly on the command line are not scanned.

install metadata

Resolver facts

Package key	brew:curl
Last updated	2026-04-29T14:56:17Z
Pulse	updated

source trail

Generated from repository data

This page is regenerated by scripts/generate-pkg-pages.py. Deployments refuse to publish if www/pkg/ is stale relative to local package data.

Used sources

Nucleus package database
local isotope README
radioisotope security manifest