Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
74 of your 107 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 4.26s · analysis 10.88s · 4.9 MB · GitHub preflight 456ms

shareAI-lab/learn-claude-code

https://github.com/shareAI-lab/learn-claude-code · scanned 2026-06-05 08:59 UTC (5 days, 17 hours ago) · 10 languages

304 raw signals (100 security + 204 graph) 9th percentile · Typescript · medium (20-100K LoC) System graph score 92 (lower by 41)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 17 hours ago · v2 · 132 actionable findings from 2 signal sources. 70 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
70.6
/100
Security checks
49
40 findings
System graph
93
66.7% cov · 92 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 40.0 0.15 6.00
security_score 54.3 0.25 13.57
testing_score 22.0 0.20 4.40
documentation_score 78.0 0.15 11.70
practices_score 75.0 0.15 11.25
code_quality 50.0 0.10 5.00
Overall 1.00 51.9
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 10 Medium 53 Low 49 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 40 System graph 92 Crowd 0 Layer: Software 56 Quality 30 Security 38 Api 1 Frontend 7
Scan summary Quality grade C- (52/100). Dimensions: security 54, maintainability 40. 100 findings (23 security). 30,551 lines analyzed.

Showing 112 of 132 actionable findings. 202 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.
Review and fix per the pattern semantics. See CWE-78 / for context.
3 files, 3 locations
agents/s01_agent_loop.py:70
agents/s02_tool_use.py:53
agents/s03_todo_write.py:104
high Security checks quality Quality conf 1.00 ✓ Repobility 25 occurrences `self._save` used but never assigned in __init__
Method `create` of class `TaskManager` reads `self._save`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
3 files, 25 locations
agents/s11_autonomous_agents.py:118, 191, 194, 197, 206, 208, 223, 231, +6 more (14 hits)
agents/s07_task_system.py:72, 77, 81, 87, 92, 101 (6 hits)
agents/s_full.py:142, 279, 281, 285, 289 (5 hits)
high Security checks software dependencies conf 0.88 next: GHSA-267c-6grr-h53f
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-26hh-7cqf-hhc6
Next.js has a Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-36qx-fr4f-26g5
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-492v-c6pp-mqqv
Next.js has a Middleware / Proxy bypass through dynamic route parameter injection
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-8h8q-6873-q5fj
Next.js Vulnerable to Denial of Service with Server Components
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-c4j6-fc7j-m34r
Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-mg66-mrh9-m8jx
Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
web/package-lock.json
high Security checks software dependencies conf 0.88 next: GHSA-q4gf-8mx6-v5v3
Next.js has a Denial of Service with Server Components
web/package-lock.json
low Security checks security Injection conf 0.50 3 occurrences [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
Use subprocess with shell=False and a list of args. Never eval user input.
3 files, 3 locations
agents/s01_agent_loop.py:70
agents/s02_tool_use.py:53
agents/s03_todo_write.py:104
medium Security checks software Open redirect conf 1.00 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030.
Validate the URL is same-origin or on an explicit allowlist before assignment: const u = new URL(serverUrl, location.href); if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return; location.assign(u); Even better: have the server return a path (/checkout/done) instead of a full …
web/src/components/layout/header.tsx:44
low Security checks quality Error handling conf 0.55 ✓ Repobility 25 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
6 files, 25 locations
s19_mcp_plugin/code.py:211, 299, 309, 577, 679, 970 (6 hits)
agents/s11_autonomous_agents.py:242, 412, 422, 434, 544 (5 hits)
agents/s06_context_compact.py:159, 168, 179, 233 (4 hits)
s04_hooks/code.py:102, 111, 122, 133 (4 hits)
s16_team_protocols/code.py:207, 217, 538, 813 (4 hits)
agents/s07_task_system.py:149, 158 (2 hits)
Error handlingquality
medium Security checks software dependencies conf 0.88 next: GHSA-3x4c-7xq6-9pq8
Next.js: Unbounded next/image disk cache growth can exhaust storage
web/package-lock.json
medium Security checks software dependencies conf 0.88 next: GHSA-ffhc-5mcf-pf4q
Next.js vulnerable to cross-site scripting in App Router applications using CSP nonces
web/package-lock.json
medium Security checks software dependencies conf 0.88 next: GHSA-ggv3-7p47-pfv8
Next.js: HTTP request smuggling in rewrites
web/package-lock.json
medium Security checks software dependencies conf 0.88 next: GHSA-gx5p-jg67-6x7h
Next.js has cross-site scripting in beforeInteractive scripts with untrusted input
web/package-lock.json
medium Security checks software dependencies conf 0.88 next: GHSA-h27x-g6w4-24gq
Next.js: Unbounded postponed resume buffering can lead to DoS
web/package-lock.json
medium Security checks software dependencies conf 0.88 next: GHSA-h64f-5h5j-jqjh
Next.js has a Denial of Service in the Image Optimization API
web/package-lock.json
medium Security checks software dependencies conf 0.88 next: GHSA-mq59-m269-xvcx
Next.js: null origin can bypass Server Actions CSRF checks
web/package-lock.json
medium Security checks software dependencies conf 0.88 next: GHSA-wfc6-r584-vfw7
Next.js vulnerable to cache poisoning in React Server Component responses
web/package-lock.json
medium Security checks software dependencies conf 0.90 npm package `@types/diff` is 1 major version(s) behind (7.0.2 -> 8.0.0)
`@types/diff` is pinned/resolved at 7.0.2 but the latest stable release on the npm registry is 8.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
web/package.json
medium Security checks software dependencies conf 0.90 npm package `diff` is 1 major version(s) behind (8.0.3 -> 9.0.0)
`diff` is pinned/resolved at 8.0.3 but the latest stable release on the npm registry is 9.0.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
web/package.json
medium Security checks software dependencies conf 0.88 postcss: GHSA-qx2v-qp2m-jg93
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
web/package-lock.json
medium Security checks software dependencies conf 0.88 python-dotenv: GHSA-mf9w-mj56-hr94
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
requirements.txt
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — web/src/app/[locale]/layout.tsx:41
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — web/src/components/docs/doc-renderer.tsx:91
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in web/src/app/[locale]/layout.tsx:41
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
web/src/app/[locale]/layout.tsx:41 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in web/src/components/docs/doc-renderer.tsx:91
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
web/src/components/docs/doc-renderer.tsx:91 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s01_agent_loop.py:70
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s01_agent_loop.py:70 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s02_tool_use.py:53
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s02_tool_use.py:53 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s03_todo_write.py:104
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s03_todo_write.py:104 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s04_subagent.py:58
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s04_subagent.py:58 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s05_skill_loading.py:129
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s05_skill_loading.py:129 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s06_context_compact.py:146
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s06_context_compact.py:146 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s07_task_system.py:136
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s07_task_system.py:136 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s08_background_tasks.py:70
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s08_background_tasks.py:70 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s09_agent_teams.py:268
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s09_agent_teams.py:268 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s10_team_protocols.py:309
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s10_team_protocols.py:309 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s11_autonomous_agents.py:397
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s11_autonomous_agents.py:397 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s12_worktree_task_isolation.py:383
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s12_worktree_task_isolation.py:383 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in agents/s_full.py:85
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
agents/s_full.py:85 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s01_agent_loop/code.py:74
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s01_agent_loop/code.py:74 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s02_tool_use/code.py:51
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s02_tool_use/code.py:51 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s03_permission/code.py:69
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s03_permission/code.py:69 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s04_hooks/code.py:89
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s04_hooks/code.py:89 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s05_todo_write/code.py:72
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s05_todo_write/code.py:72 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s06_subagent/code.py:77
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s06_subagent/code.py:77 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s07_skill_loading/code.py:124
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s07_skill_loading/code.py:124 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s08_context_compact/code.py:131
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s08_context_compact/code.py:131 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s09_memory/code.py:365
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s09_memory/code.py:365 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s10_system_prompt/code.py:106
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s10_system_prompt/code.py:106 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s11_error_recovery/code.py:113
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s11_error_recovery/code.py:113 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s12_task_system/code.py:187
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s12_task_system/code.py:187 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s13_background_tasks/code.py:187
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s13_background_tasks/code.py:187 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s14_cron_scheduler/code.py:190
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s14_cron_scheduler/code.py:190 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s15_agent_teams/code.py:189
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s15_agent_teams/code.py:189 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s16_team_protocols/code.py:193
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s16_team_protocols/code.py:193 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s17_autonomous_agents/code.py:185
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s17_autonomous_agents/code.py:185 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s18_worktree_isolation/code.py:313
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s18_worktree_isolation/code.py:313 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s19_mcp_plugin/code.py:285
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s19_mcp_plugin/code.py:285 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in s20_comprehensive/code.py:393
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
s20_comprehensive/code.py:393 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in skills/agent-builder/references/minimal-agent.py:72
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
skills/agent-builder/references/minimal-agent.py:72 Subprocess shell true
medium System graph security Coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
auth
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
3 test file(s) for 100 source file(s) (ratio 0.03). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks software dependencies conf 0.88 next: GHSA-3g8h-86w9-wvmq
Next.js's Middleware / Proxy redirects can be cache-poisoned
web/package-lock.json
low Security checks software dependencies conf 0.88 next: GHSA-jcc7-9wpm-mj36
Next.js: null origin can bypass dev HMR websocket CSRF checks
web/package-lock.json
low Security checks software dependencies conf 0.88 next: GHSA-vfv6-92ff-j949
Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
web/package-lock.json
low Security checks software dependencies conf 0.90 npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4)
`tsx` is pinned/resolved at 4.21.0 but the latest stable release on the npm registry is 4.22.4 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
web/package.json
low System graph software Dead code candidate conf 1.00 File has no detected symbols: web/next.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: web/src/lib/constants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: web/src/types/agent-data.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 10 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:run_bash, s10_system_prompt/code.py:run_bash, s17_autonomous_agents/code.py:run_bash, s17_autonomous_agents/code.py:run This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 14 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:run_read, s13_background_tasks/code.py:run_read, s10_system_prompt/code.py:run_read, s17_autonomous_agents/code.py:run_read This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-…
duplicatesduplication
low System graph quality Integrity conf 1.00 7 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:summary_hook, s04_hooks/code.py:summary_hook This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
7 occurrences
repo-level (7 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 23 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:safe_path, s13_background_tasks/code.py:safe_path, s10_system_prompt/code.py:safe_path, s17_autonomous_agents/code.py:safe_path This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: s18_worktree_isolation/code.py:list_tasks, s20_comprehensive/code.py:list_tasks, s19_mcp_plugin/code.py:list_tasks This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or docum…
duplicatesduplication
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:register_hook, s05_todo_write/code.py:register_hook, s06_subagent/code.py:register_hook, s04_hooks/code.py:register_hook This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-cod…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:run_todo_write, s08_context_compact/code.py:run_todo_write, s20_comprehensive/code.py:run_todo_write, s05_todo_write/code.py:run_todo_write This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see h…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:run_edit, s05_todo_write/code.py:run_edit, s03_permission/code.py:run_edit, s06_subagent/code.py:run_edit This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Con…
duplicatesduplication
low System graph quality Integrity conf 1.00 3 occurrences Near-duplicate function bodies in 8 places
Functions with the same first-5-line body hash: s07_skill_loading/code.py:run_write, s10_system_prompt/code.py:run_write, s05_todo_write/code.py:run_write, s03_permission/code.py:run_write This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygi…
3 occurrences
repo-level (3 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 9 places
Functions with the same first-5-line body hash: s18_worktree_isolation/code.py:save_task, s13_background_tasks/code.py:save_task, s20_comprehensive/code.py:save_task, s17_autonomous_agents/code.py:save_task This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph software Dead code conf 1.00 Possibly dead Python function: context_inject_hook
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s07_skill_loading/code.py:338
low System graph software Dead code conf 1.00 Possibly dead Python function: log_hook
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s07_skill_loading/code.py:334
low System graph software Dead code conf 1.00 Possibly dead Python function: log_hook
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s08_context_compact/code.py:403
low System graph software Dead code conf 1.00 Possibly dead Python function: permission_hook
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s07_skill_loading/code.py:326
low System graph software Dead code conf 1.00 Possibly dead Python function: permission_hook
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s08_context_compact/code.py:398
low System graph software Dead code conf 1.00 Possibly dead Python function: run_check_inbox
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:797
low System graph software Dead code conf 1.00 Possibly dead Python function: run_claim_task
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:780
low System graph software Dead code conf 1.00 Possibly dead Python function: run_claim_task
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s13_background_tasks/code.py:247
low System graph software Dead code conf 1.00 Possibly dead Python function: run_complete_task
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:784
low System graph software Dead code conf 1.00 Possibly dead Python function: run_create_task
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:758
low System graph software Dead code conf 1.00 Possibly dead Python function: run_create_task
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s13_background_tasks/code.py:217
low System graph software Dead code conf 1.00 Possibly dead Python function: run_create_worktree
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:744
low System graph software Dead code conf 1.00 Possibly dead Python function: run_get_task
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:776
low System graph software Dead code conf 1.00 Possibly dead Python function: run_get_task
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s13_background_tasks/code.py:240
low System graph software Dead code conf 1.00 Possibly dead Python function: run_glob
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s07_skill_loading/code.py:160
low System graph software Dead code conf 1.00 Possibly dead Python function: run_glob
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s08_context_compact/code.py:158
low System graph software Dead code conf 1.00 Possibly dead Python function: run_keep_worktree
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:752
low System graph software Dead code conf 1.00 Possibly dead Python function: run_list_tasks
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:766
low System graph software Dead code conf 1.00 Possibly dead Python function: run_list_tasks
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s13_background_tasks/code.py:225
low System graph software Dead code conf 1.00 Possibly dead Python function: run_remove_worktree
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:748
low System graph software Dead code conf 1.00 Possibly dead Python function: run_request_plan
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:719
low System graph software Dead code conf 1.00 Possibly dead Python function: run_request_shutdown
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:705
low System graph software Dead code conf 1.00 Possibly dead Python function: run_review_plan
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:725
low System graph software Dead code conf 1.00 Possibly dead Python function: run_send_message
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:792
low System graph software Dead code conf 1.00 Possibly dead Python function: run_spawn_teammate
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s18_worktree_isolation/code.py:788
low System graph software Dead code conf 1.00 Possibly dead Python function: spawn_subagent
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s07_skill_loading/code.py:229
low System graph software Dead code conf 1.00 Possibly dead Python function: spawn_subagent
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s08_context_compact/code.py:225
low System graph software Dead code conf 1.00 Possibly dead Python function: summary_hook
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
s07_skill_loading/code.py:342
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — web/scripts/extract-content.ts:373
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph quality Complexity conf 1.00 Very large file: s20_comprehensive/code.py (2087 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/0c05603e-8e66-4c7b-8e59-a23f96a19f84/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/0c05603e-8e66-4c7b-8e59-a23f96a19f84/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.