emcie-co/parlant

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

https://github.com/emcie-co/parlant.git · scanned 2026-05-16 09:47 UTC (3 weeks, 6 days ago) · 10 languages

246 raw signals (27 security + 219 graph) 76th percentile · Python · large (100-500K LoC) System graph score 60 (higher by 24)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 3 weeks, 6 days ago · v1 · 14 actionable findings from 1 signal source. 11 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON

100.0% cov · 0 findings

Severity distribution — click a segment to filter

Active filters: severity: high × excluding tests × Reset all

Severity: Critical 0 High 6 Medium 4 Low 4 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 14 System graph 0 Crowd 0 Layer: Quality 6 Security 4 Cicd 4

Exclude dismissed / FP Exclude test files

Scan summary Quality grade A- (84/100). Dimensions: security 87, maintainability 85. 27 findings. 138,641 lines analyzed.

Showing 6 of 14 actionable findings. 25 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks security Injection conf 0.85 [SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.

Use parameterized queries: cursor.execute('SELECT * FROM t WHERE id = %s', [id]). For dynamic table or column names, choose identifiers from a hard-coded allowlist and keep values in parameters.

src/parlant/adapters/db/snowflake_db.py:427

high Security checks cicd CI/CD security conf 0.92 Dockerfile pipes a remote script into a shell

Piping downloaded code directly into a shell bypasses checksum verification and makes builds dependent on mutable remote content.

.devcontainer/Dockerfile:39 CI/CD securitycontainers

high Security checks security auth conf 0.74 [AUC002] Low visible authorization coverage in route inventory: Only 25.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.

Only 25.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.

high Security checks quality Quality conf 0.72 Agent control bridge may listen on a network interface without visible auth

Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN.

src/parlant/core/services/tools/plugins.py:11

high Security checks quality Quality conf 0.72 Agent control bridge may listen on a network interface without visible auth

src/parlant/core/services/tools/mcp_service.py:11

high Security checks cicd CI/CD security conf 0.72 Dockerfile keeps pip download cache

Pip's package cache increases image size and can preserve unnecessary artifacts.

.devcontainer/Dockerfile:39 CI/CD securitycontainers

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.

For AI agents + API integrations

Email me when this repo regresses

Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.

API access

This page is publicly accessible at: https://repobility.com/scan/00d57213-51b2-4fdb-9000-c77d21e631e2/

To check status programmatically (no auth required):

curl -s https://repobility.com/api/v1/public/scan/00d57213-51b2-4fdb-9000-c77d21e631e2/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.