How exactly would that work? Curl isn't exactly software that can be "hosted" somewhere, and I'm not sure where you'd hide the flag in the software? Either very few actual vulns would end up being able to retrieve the flag, or it would be trivial to retrieve the flag without an exploit.

In most basic form it would just be form with URL that (lib)curl is later supposed to fetch. And target server (controlled by researcher) is supposed to send payload that triggers RCE in client.

Sure, it covers a very narrow scope but I am afraid the bigger issue would be that it is going to get spammed with submitted links. And those links will often be to strait up illegal content, it might not matter that such server instantly deletes all downloaded files.