← Back to scan
File as GitHub Issue repo: shareAI-lab/learn-claude-code

Push this scan report to shareAI-lab/learn-claude-code

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Bare Except Pass

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… agents/s03_todo_write.py:104
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… agents/s02_tool_use.py:53
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… agents/s01_agent_loop.py:70
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… s02_tool_use/code.py:25
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… s01_agent_loop/code.py:40
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… agents/s01_agent_loop.py:38
HIGH MINED108 `self._load` used but never assigned in __init__ agents/s_full.py:289
HIGH MINED108 `self._load` used but never assigned in __init__ agents/s_full.py:285
HIGH MINED108 `self._next_id` used but never assigned in __init__ agents/s_full.py:279
HIGH MINED108 `self._save` used but never assigned in __init__ agents/s_full.py:281
HIGH MINED108 `self.render` used but never assigned in __init__ agents/s_full.py:142
HIGH MINED108 `self._save` used but never assigned in __init__ agents/s07_task_system.py:101
HIGH MINED108 `self._clear_dependency` used but never assigned in __init__ agents/s07_task_system.py:87
HIGH MINED108 `self._save` used but never assigned in __init__ agents/s07_task_system.py:92
HIGH MINED108 `self._load` used but never assigned in __init__ agents/s07_task_system.py:81
HIGH MINED108 `self._load` used but never assigned in __init__ agents/s07_task_system.py:77
HIGH MINED108 `self._save` used but never assigned in __init__ agents/s07_task_system.py:72
HIGH MINED108 `self._set_status` used but never assigned in __init__ agents/s11_autonomous_agents.py:277
HIGH MINED108 `self._exec` used but never assigned in __init__ agents/s11_autonomous_agents.py:256
HIGH MINED108 `self._set_status` used but never assigned in __init__ agents/s11_autonomous_agents.py:243
HIGH MINED108 `self._set_status` used but never assigned in __init__ agents/s11_autonomous_agents.py:231
HIGH MINED108 `self._set_status` used but never assigned in __init__ agents/s11_autonomous_agents.py:301
HIGH MINED108 `self._set_status` used but never assigned in __init__ agents/s11_autonomous_agents.py:303
HIGH MINED108 `self._set_status` used but never assigned in __init__ agents/s11_autonomous_agents.py:268
HIGH MINED108 `self._teammate_tools` used but never assigned in __init__ agents/s11_autonomous_agents.py:223
HIGH MINED108 `self._loop` used but never assigned in __init__ agents/s11_autonomous_agents.py:208
HIGH MINED108 `self._save_config` used but never assigned in __init__ agents/s11_autonomous_agents.py:206
HIGH MINED108 `self._find_member` used but never assigned in __init__ agents/s11_autonomous_agents.py:197
HIGH MINED108 `self._save_config` used but never assigned in __init__ agents/s11_autonomous_agents.py:194
HIGH MINED108 `self._find_member` used but never assigned in __init__ agents/s11_autonomous_agents.py:191
HIGH MINED108 `self.send` used but never assigned in __init__ agents/s11_autonomous_agents.py:118
HIGH GHSA-q4gf-8mx6-v5v3 next: GHSA-q4gf-8mx6-v5v3 web/package-lock.json
HIGH GHSA-mg66-mrh9-m8jx next: GHSA-mg66-mrh9-m8jx web/package-lock.json
HIGH GHSA-c4j6-fc7j-m34r next: GHSA-c4j6-fc7j-m34r web/package-lock.json
HIGH GHSA-8h8q-6873-q5fj next: GHSA-8h8q-6873-q5fj web/package-lock.json
HIGH GHSA-492v-c6pp-mqqv next: GHSA-492v-c6pp-mqqv web/package-lock.json
HIGH GHSA-36qx-fr4f-26g5 next: GHSA-36qx-fr4f-26g5 web/package-lock.json
HIGH GHSA-26hh-7cqf-hhc6 next: GHSA-26hh-7cqf-hhc6 web/package-lock.json
HIGH GHSA-267c-6grr-h53f next: GHSA-267c-6grr-h53f web/package-lock.json
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… web/src/components/layout/header.tsx:44
MED MINED111 Bare except continues silently agents/s07_task_system.py:158
MED MINED111 Bare except continues silently agents/s07_task_system.py:149
MED MINED111 Bare except continues silently agents/s06_context_compact.py:233
MED MINED111 Bare except continues silently agents/s06_context_compact.py:179
MED MINED111 Bare except continues silently agents/s06_context_compact.py:168
MED MINED111 Bare except continues silently agents/s06_context_compact.py:159
MED MINED111 Bare except continues silently agents/s11_autonomous_agents.py:544
MED MINED111 Bare except continues silently agents/s11_autonomous_agents.py:242
MED MINED111 Bare except continues silently agents/s11_autonomous_agents.py:434
MED MINED111 Bare except continues silently agents/s11_autonomous_agents.py:422
MED MINED111 Bare except continues silently agents/s11_autonomous_agents.py:412
MED MINED111 Bare except continues silently s04_hooks/code.py:133
MED MINED111 Bare except continues silently s04_hooks/code.py:122
MED MINED111 Bare except continues silently s04_hooks/code.py:111
MED MINED111 Bare except continues silently s04_hooks/code.py:102
MED MINED111 Bare except continues silently s19_mcp_plugin/code.py:577
MED MINED111 Bare except continues silently s19_mcp_plugin/code.py:970
MED MINED111 Bare except continues silently s19_mcp_plugin/code.py:679
MED MINED111 Bare except continues silently s19_mcp_plugin/code.py:309
MED MINED111 Bare except continues silently s19_mcp_plugin/code.py:299
MED MINED111 Bare except continues silently s19_mcp_plugin/code.py:211
MED MINED111 Bare except continues silently s16_team_protocols/code.py:538
MED MINED111 Bare except continues silently s16_team_protocols/code.py:813
MED MINED111 Bare except continues silently s16_team_protocols/code.py:217
MED MINED111 Bare except continues silently s16_team_protocols/code.py:207
MED COMP001 [COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 24 (S… agents/s03_todo_write.py:164
MED DEPCUR-NPM npm package `@types/diff` is 1 major version(s) behind (7.0.2 -> 8.0.0) web/package.json
MED DEPCUR-NPM npm package `diff` is 1 major version(s) behind (8.0.3 -> 9.0.0) web/package.json
MED GHSA-qx2v-qp2m-jg93 postcss: GHSA-qx2v-qp2m-jg93 web/package-lock.json
MED GHSA-wfc6-r584-vfw7 next: GHSA-wfc6-r584-vfw7 web/package-lock.json
MED GHSA-mq59-m269-xvcx next: GHSA-mq59-m269-xvcx web/package-lock.json
MED GHSA-h64f-5h5j-jqjh next: GHSA-h64f-5h5j-jqjh web/package-lock.json
MED GHSA-h27x-g6w4-24gq next: GHSA-h27x-g6w4-24gq web/package-lock.json
MED GHSA-gx5p-jg67-6x7h next: GHSA-gx5p-jg67-6x7h web/package-lock.json
MED GHSA-ggv3-7p47-pfv8 next: GHSA-ggv3-7p47-pfv8 web/package-lock.json
MED GHSA-ffhc-5mcf-pf4q next: GHSA-ffhc-5mcf-pf4q web/package-lock.json
MED GHSA-3x4c-7xq6-9pq8 next: GHSA-3x4c-7xq6-9pq8 web/package-lock.json
MED GHSA-mf9w-mj56-hr94 python-dotenv: GHSA-mf9w-mj56-hr94 requirements.txt
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. agents/s03_todo_write.py:104
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. agents/s02_tool_use.py:53
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. agents/s01_agent_loop.py:70
LOW COMP001 [COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 12 (S… agents/s02_tool_use.py:115
LOW COMP001 [COMP001] High cognitive complexity: Function `agent_loop` has cognitive complexity 8 (So… agents/s01_agent_loop.py:81
LOW DEPCUR-NPM npm package `tsx` is minor version(s) behind (4.21.0 -> 4.22.4) web/package.json
LOW GHSA-vfv6-92ff-j949 next: GHSA-vfv6-92ff-j949 web/package-lock.json
LOW GHSA-jcc7-9wpm-mj36 next: GHSA-jcc7-9wpm-mj36 web/package-lock.json
LOW GHSA-3g8h-86w9-wvmq next: GHSA-3g8h-86w9-wvmq web/package-lock.json
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… web/src/components/diff/code-diff.tsx:87
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… web/src/components/code/source-viewer.t…:48
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… web/src/components/architecture/message…:50
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… web/src/components/docs/doc-renderer.tsx:91
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… web/src/app/[locale]/layout.tsx:41
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… s01_agent_loop/code.py:26
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. agents/s03_todo_write.py:199
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. agents/s02_tool_use.py:139
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. agents/s01_agent_loop.py:108
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… s02_tool_use/code.py:26
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… s01_agent_loop/code.py:41
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… agents/s01_agent_loop.py:39
Reset to top 5 99 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `shareAI-lab/learn-claude-code`

**Score: 71/100 (C-)**  ·  100 findings  ·  scanned 2026-06-05 08:59 UTC  ·  30,551 LOC

| Severity | Count |
|---|---|
| CRITICAL | 0 |
| HIGH | 39 |
| MEDIUM | 42 |
| LOW | 6 |

📊 [Full filterable report](https://repobility.com/scan/0c05603e-8e66-4c7b-8e59-a23f96a19f84/)  ·  ![scorecard](https://repobility.com/scan/0c05603e-8e66-4c7b-8e59-a23f96a19f84/report.png?v=1780649943-s2)

### Top findings

1. **HIGH** `MINED034` — Python Subprocess Shell True
   `agents/s03_todo_write.py:104` · CWE-78 · ✓ Repobility
2. **HIGH** `MINED034` — Python Subprocess Shell True
   `agents/s02_tool_use.py:53` · CWE-78 · ✓ Repobility
3. **HIGH** `MINED034` — Python Subprocess Shell True
   `agents/s01_agent_loop.py:70` · CWE-78 · ✓ Repobility
4. **HIGH** `MINED001` — Bare Except Pass
   `s02_tool_use/code.py:25` · CWE-755 · ✓ Repobility
5. **HIGH** `MINED001` — Bare Except Pass
   `s01_agent_loop/code.py:40` · CWE-755 · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/0c05603e-8e66-4c7b-8e59-a23f96a19f84/_
Megaproject â high spam risk
Could not determine 'shareAI-lab/learn-claude-code' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.