← Back to scan
File as GitHub Issue repo: coasty-ai/open-computer-use

Push this scan report to coasty-ai/open-computer-use

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Blocking call `time.sleep` inside async function `browser_open_and_connect`

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED106 [MINED106] Phantom test coverage: test_user_id: Test function `test_user_id` runs code bu… tests/post_deploy/conftest.py:288
HIGH MINED106 [MINED106] Phantom test coverage: test_jwt: Test function `test_jwt` runs code but contai… tests/post_deploy/conftest.py:282
HIGH MINED106 [MINED106] Phantom test coverage: test_user_session: Test function `test_user_session` ru… tests/post_deploy/conftest.py:253
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `… docker/ai-desktop/ai_agent_server.py:3199
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `browser_open_and_connect`: `… docker/ai-desktop/ai_agent_server.py:3191
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.slee… docker/ai-desktop/ai_agent_server.py:1926
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.slee… docker/ai-desktop/ai_agent_server.py:1901
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.slee… docker/ai-desktop/ai_agent_server.py:1899
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `arrange_windows`: `time.slee… docker/ai-desktop/ai_agent_server.py:1936
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `switch_to_window`: `time.sle… docker/ai-desktop/ai_agent_server.py:1870
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `switch_to_window`: `time.sle… docker/ai-desktop/ai_agent_server.py:1875
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:912
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:909
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:713
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:717
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:677
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:648
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:622
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:596
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:553
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:541
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:527
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:529
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:512
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:498
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:485
HIGH MINED110 [MINED110] Blocking call `time.sleep` inside async function `execute_command`: `time.slee… docker/ai-desktop/ai_agent_server.py:472
HIGH MINED108 [MINED108] `self.close_browser` used but never assigned in __init__: Method `close_all` o… docker/ai-desktop/stealth_browser.py:487
HIGH MINED108 [MINED108] `self._apply_cdp_stealth` used but never assigned in __init__: Method `connect… docker/ai-desktop/stealth_browser.py:363
HIGH MINED108 [MINED108] `self._apply_cdp_stealth` used but never assigned in __init__: Method `create_… docker/ai-desktop/stealth_browser.py:193
HIGH MINED108 [MINED108] `self._setup_chrome_options` used but never assigned in __init__: Method `crea… docker/ai-desktop/stealth_browser.py:167
HIGH MINED108 [MINED108] `self._get_or_create_profile` used but never assigned in __init__: Method `_se… docker/ai-desktop/stealth_browser.py:125
HIGH MINED108 [MINED108] `self._get_random_user_agent` used but never assigned in __init__: Method `_se… docker/ai-desktop/stealth_browser.py:99
HIGH MINED108 [MINED108] `self._get_random_viewport` used but never assigned in __init__: Method `_setu… docker/ai-desktop/stealth_browser.py:63
HIGH MINED108 [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_test` of … campaigns/sender.py:278
HIGH MINED108 [MINED108] `self._connect` used but never assigned in __init__: Method `send_test` of cla… campaigns/sender.py:274
HIGH MINED108 [MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` o… campaigns/sender.py:183
HIGH MINED108 [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of… campaigns/sender.py:215
HIGH MINED108 [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign`… campaigns/sender.py:213
HIGH MINED108 [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of… campaigns/sender.py:181
HIGH MINED108 [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign`… campaigns/sender.py:179
HIGH MINED108 [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign`… campaigns/sender.py:134
HIGH MINED108 [MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` o… campaigns/sender.py:133
HIGH MINED108 [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of… campaigns/sender.py:132
HIGH MINED108 [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of… campaigns/sender.py:158
HIGH MINED108 [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign`… campaigns/sender.py:156
HIGH MINED108 [MINED108] `self._send_one` used but never assigned in __init__: Method `send_campaign` o… campaigns/sender.py:142
HIGH MINED108 [MINED108] `self._disconnect` used but never assigned in __init__: Method `send_campaign`… campaigns/sender.py:218
HIGH MINED108 [MINED108] `self._connect` used but never assigned in __init__: Method `send_campaign` of… campaigns/sender.py:96
HIGH SEC083 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can c… scripts/check-userdata-size.mjs:9
HIGH SEC083 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can c… scripts/check-agent-size.mjs:7
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). electron/src/main/native-screenshot.ts:124
HIGH SEC114 [SEC114] path.join / Path() on user-controlled segment without containment check: filepat… electron/src/main/file-ops.ts:130
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… docker/ai-desktop/obfuscate.py:94
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… campaigns/sender.py:67
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … components/animated-favicon.tsx:68
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … app/components/payment-handler.tsx:32
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … app/components/landing/landing-page.tsx:57
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… electron/src/renderer/components/Messag…:25
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… docker/ai-desktop/obfuscate.py:61
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resol… docker/ai-desktop/Dockerfile:2
HIGH MINED118 [MINED118] Dockerfile FROM `node:18-alpine` not pinned by digest: `FROM node:18-alpine` r… Dockerfile:2
HIGH JRN009 Secret-like setting is echoed into a password input value app/auth/login-page.tsx:929
HIGH JRN009 Secret-like setting is echoed into a password input value app/auth/login-page.tsx:861
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:298
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:280
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:205
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2902
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2386
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:5160
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2944
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:5388
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:4994
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:3269
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:3153
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:3054
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2975
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2907
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2819
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2710
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2651
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:2531
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:5749
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… docker/ai-desktop/ai_agent_server.py:4464
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/check_no_jwt_leak.py:130
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… campaigns/sender.py:55
MED SEC119 [SEC119] World-writable / world-readable file permissions: World-writable files let any l… docker/ai-desktop/obfuscate.py:111
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… docker/ai-desktop/obfuscate.py:94
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … electron/src/renderer/components/Messag…:25
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … docker/ai-desktop/obfuscate.py:60
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … app/components/chat/message-parser.tsx:50
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… app/components/collaborative/dialog-col…:53
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… app/components/chat/dialog-auth.tsx:54
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… app/components/chat-input/popover-conte…:45
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… app/components/layout/settings/apikeys/…:287
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… app/components/layout/dialog-publish.tsx:57
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… app/components/chat-input/button-view-s…:24
MED SEC087 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; … app/api/onboarding/route.ts:18
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. app/api/status/route.ts:44
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. app/api/status/history/route.ts:79
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. app/api/chat/route.ts:235
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. docker/ai-desktop/obfuscate.py:57
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… campaigns/sender.py:67
MED COMP001 [COMP001] High cognitive complexity: Function `get_variant_stats` has cognitive complexit… campaigns/ab_testing.py:25
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKR002 Compose service `nextjs-app` image has no explicit tag docker-compose.yml:31
MED DKR002 Compose service `backend` image has no explicit tag docker-compose.yml:3
MED AGT007 localStorage write failures are swallowed silently electron/src/renderer/components/Overla…:797
MED AGT007 localStorage write failures are swallowed silently app/components/layout/sidebar/sidebar-f…:830
MED AGT007 localStorage write failures are swallowed silently app/components/landing/top-announcement…:81
MED AGT007 localStorage write failures are swallowed silently lib/posthog/analytics.ts:34
MED AGT007 localStorage write failures are swallowed silently components/common/oss-banner.tsx:74
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore Dockerfile:46
MED DKR004 Docker build secret exposed through ARG Dockerfile:25
MED DKR004 Docker build secret exposed through ARG Dockerfile:24
MED DKR004 Docker build secret exposed through ARG Dockerfile:20
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/awaiting-human-bann…:146
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/awaiting-human-bann…:57
MED JRN003 Frontend API reference is not matched by discovered backend routes app/api/files/route.ts:141
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/file-attachment-dis…:86
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/chat.tsx:1036
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/chat.tsx:574
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/chat-visibility-tog…:165
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/chat-visibility-tog…:77
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/chat-visibility-tog…:54
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/active-swarm-banner…:63
MED JRN003 Frontend API reference is not matched by discovered backend routes app/components/chat/active-swarm-banner…:49
MED JRN003 Frontend API reference is not matched by discovered backend routes app/api/machines/[id]/vnc/route.ts:131
MED JRN003 Frontend API reference is not matched by discovered backend routes app/api/files/route.ts:11
MED JRN003 Frontend API reference is not matched by discovered backend routes app/api/chats/[chatId]/messages/route.ts:23
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 32.4% of discovered …
MED AGT012 Agent control bridge may listen on a network interface without visible auth lib/services/agent-health-check.ts:27
MED AGT012 Agent control bridge may listen on a network interface without visible auth lib/client-ip.ts:11
MED AGT012 Agent control bridge may listen on a network interface without visible auth lib/docker/docker-service.ts:27
MED AGT012 Agent control bridge may listen on a network interface without visible auth lib/azure/container-instances.ts:135
MED AGT012 Agent control bridge may listen on a network interface without visible auth electron/src/main/index.ts:5
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker-compose.ai-desktop.yml:15
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker/ai-desktop/startup.sh:33
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker/ai-desktop/startup.secure.sh:168
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker/ai-desktop/startup.azure.sh:29
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker/ai-desktop/chrome-wrapper.sh:28
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker/ai-desktop/chrome-auth-wrapper.sh:36
MED AGT012 Agent control bridge may listen on a network interface without visible auth docker/ai-desktop/ai_agent_server.py:3
MED WEB015 Public web app has no Content Security Policy index.html
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/api/developers/route.ts:76
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/api/user-memory/route.ts:79
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/api/user-memory/route.ts:20
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/api/collaborative-rooms/route.ts:56
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/api/collaborative-rooms/route.ts:5
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/api/validate-email/route.ts:7
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/api/csrf/route.ts:5
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/auth/desktop-callback/route.ts:12
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/auth/callback/route.ts:7
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/blog/feed.xml/route.ts:19
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… app/api/machines/[id]/settings/route.ts:11
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… app/api/machines/cleanup/route.ts:39
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… app/api/swarms/shared/[id]/route.ts:11
MED CORE_NO_CI No CI/CD configuration found
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… scripts/check-userdata-size.mjs:195
LOW COMP001 [COMP001] High cognitive complexity: Function `get_all_user_emails` has cognitive complex… campaigns/db.py:203
LOW COMP001 [COMP001] High cognitive complexity: Function `determine_winner` has cognitive complexity… campaigns/ab_testing.py:51
LOW DKR011 Dockerfile installs recommended OS packages docker/ai-desktop/Dockerfile:155
LOW DKR011 Dockerfile installs recommended OS packages docker/ai-desktop/Dockerfile:104
LOW DKR011 Dockerfile installs recommended OS packages docker/ai-desktop/Dockerfile:74
LOW DKR011 Dockerfile installs recommended OS packages docker/ai-desktop/Dockerfile:62
LOW DKR011 Dockerfile installs recommended OS packages docker/ai-desktop/Dockerfile:41
LOW DKR011 Dockerfile installs recommended OS packages docker/ai-desktop/Dockerfile:15
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW DKC010 Compose service lacks no-new-privileges hardening docker-compose.yml:31
LOW DKC010 Compose service lacks no-new-privileges hardening docker-compose.yml:3
LOW WEB011 Public web app has no humans.txt humans.txt
INFO MINED065 [MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser o… docker-compose.yml:20
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… docker/ai-desktop/obfuscate.py:95
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… campaigns/sender.py:68
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… app/guide/tabs/swarm-mode.tsx:75
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… app/components/seo/json-ld.tsx:14
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… app/components/machines/machine-card-th…:60
INFO MINED047 [MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explic… app/components/chat/language-scroll-bar…:43
INFO MINED047 [MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explic… app/components/chat/language-indicator.…:43
INFO MINED047 [MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explic… app/components/chat/language-auto-scrol…:41
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… app/components/chat/search-images.tsx:26
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… app/components/chat/run-feedback-bar.tsx:255
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… app/blog/[id]/page.tsx:136
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. scripts/check_no_jwt_leak.py:142
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. app/api/files/route.ts:47
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… app/components/chat-input/button-view-s…:23
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… app/blog/feed.xml/route.ts:44
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… app/api/files/route.ts:149
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. app/api/collaborative-rooms/[roomId]/ro…:127
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. app/api/collaborative-rooms/[roomId]/pa…:70
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. app/api/collaborative-rooms/[roomId]/me…:85
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … app/api/electron/proxy/[...path]/route.…:111
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … app/api/collaborative-rooms/[roomId]/pa…:150
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … app/api/chat/utils.ts:118
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. app/api/credits/auto-refill/execute/rou…:211
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. app/api/chat/utils.ts:270
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. app/api/chat/api.ts:36
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … app/api/chat/machine-status/[machineId]…:58
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … app/api/chat/db.ts:102
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … app/api/chat/api.ts:51
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `coasty-ai/open-computer-use`

**Score: 76/100 (A-)**  ·  283 findings  ·  scanned 2026-05-31 01:28 UTC  ·  277,105 LOC

| Severity | Count |
|---|---|
| CRITICAL | 5 |
| HIGH | 88 |
| MEDIUM | 94 |
| LOW | 13 |

📊 [Full filterable report](https://repobility.com/scan/0e944bde-4911-4fc7-bd85-665b19a7e379/)  ·  ![scorecard](https://repobility.com/scan/0e944bde-4911-4fc7-bd85-665b19a7e379/report.png?v=1780190910-s2)

### Top findings

1. **HIGH** `MINED106` — Phantom test coverage: test_user_id
   `tests/post_deploy/conftest.py:288` · ✓ Repobility
2. **HIGH** `MINED106` — Phantom test coverage: test_jwt
   `tests/post_deploy/conftest.py:282` · ✓ Repobility
3. **HIGH** `MINED106` — Phantom test coverage: test_user_session
   `tests/post_deploy/conftest.py:253` · ✓ Repobility
4. **HIGH** `MINED110` — Blocking call `time.sleep` inside async function `browser_open_and_connect`
   `docker/ai-desktop/ai_agent_server.py:3199` · ✓ Repobility
5. **HIGH** `MINED110` — Blocking call `time.sleep` inside async function `browser_open_and_connect`
   `docker/ai-desktop/ai_agent_server.py:3191` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/0e944bde-4911-4fc7-bd85-665b19a7e379/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 30 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'coasty-ai/open-computer-use' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Filing guard overridden Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.