Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
128 of your 247 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 62.99s for a 185.3 MB repo slow.
  • Repobility's analysis ran in 67.95s after the clone landed.

openclaw/openclaw

https://github.com/openclaw/openclaw · scanned 2026-06-05 04:24 UTC (3 hours, 25 minutes ago) · 10 languages

5760 findings (222 legacy + 5538 scanner) 11/13 scanners ran 92nd percentile · Typescript · huge (>500K LoC) Scanner says 56 (higher by 36)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 3 hours, 25 minutes ago · v3 · 2068 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
74.1
/100
Repobility
92
222 legacy
9-layer
56
100.0% cov · 1846 gaps
Critical
158
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 100.0 0.25 25.00
testing_score 95.0 0.20 19.00
documentation_score 100.0 0.15 15.00
practices_score 91.0 0.15 13.65
code_quality 65.0 0.10 6.50
Overall 1.00 91.9
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 158 High 276 Medium 154 Low 1030 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 222 9-layer 1846 Crowd 0 Layer: Software 150 Quality 1106 Security 172 Cicd 290 Frontend 160 Network 5 Hardware 4 Api 181
Scan summary Repository scanned at 55.8/100 with 100.0% coverage. It contains 105972 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 1846 findings — concentrated in quality (1006), cicd (268), api (181). Risk profile is high: 133 critical, 162 high, 122 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 1523 of 2068 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Legacy software dependency conf 0.90 ✓ Repobility [MINED116] Workflow uses `secrets.OPENCLAW_GH_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.OPENCLAW_GH_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context).
Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed.
.github/workflows/website-installer-sync.yml:136 dependencylegacy
critical 9-layer security secrets conf 1.00 Possible secret in extensions/mattermost/src/mattermost/slash-http.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
extensions/mattermost/src/mattermost/slash-http.ts:149 secrets
critical 9-layer security secrets conf 1.00 Possible secret in extensions/microsoft-foundry/auth.ts
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
extensions/microsoft-foundry/auth.ts:174 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/codex-on-demand-docker.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/codex-on-demand-docker.sh:62 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/lib/release-media-memory/scenario.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/lib/release-media-memory/scenario.sh:17 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/lib/release-typed-onboarding/scenario.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/lib/release-typed-onboarding/scenario.sh:17 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/lib/release-upgrade-user-journey/scenario.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/lib/release-upgrade-user-journey/scenario.sh:17 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/lib/release-user-journey/scenario.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/lib/release-user-journey/scenario.sh:17 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/lib/upgrade-survivor/run.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/lib/upgrade-survivor/run.sh:16 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/lib/upgrade-survivor/run.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/lib/upgrade-survivor/run.sh:21 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/npm-onboard-channel-agent-docker.sh
Detected pattern matching slack_token. Rotate the credential and move to a secret manager.
scripts/e2e/npm-onboard-channel-agent-docker.sh:94 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/npm-onboard-channel-agent-docker.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/npm-onboard-channel-agent-docker.sh:68 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/telegram-user-crabbox-proof.ts
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/telegram-user-crabbox-proof.ts:486 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/telegram-user-driver.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
scripts/e2e/telegram-user-driver.py:319 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/upgrade-survivor-docker.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/upgrade-survivor-docker.sh:169 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/e2e/upgrade-survivor-docker.sh
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/e2e/upgrade-survivor-docker.sh:173 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/release-check.ts
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/release-check.ts:666 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/release-check.ts
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/release-check.ts:693 secrets
critical 9-layer security secrets conf 1.00 Possible secret in scripts/release-check.ts
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
scripts/release-check.ts:756 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/cli/proxy-cli.runtime.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/cli/proxy-cli.runtime.ts:134 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/gateway/server.auth.control-ui.suite.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/gateway/server.auth.control-ui.suite.ts:558 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/gateway/server.auth.control-ui.suite.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/gateway/server.auth.control-ui.suite.ts:561 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/gateway/server.auth.modes.suite.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/gateway/server.auth.modes.suite.ts:25 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/gateway/server.auth.modes.suite.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/gateway/server.auth.modes.suite.ts:31 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/gateway/server.auth.modes.suite.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/gateway/server.auth.modes.suite.ts:40 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/plugins/contracts/tts-contract-suites.ts
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
src/plugins/contracts/tts-contract-suites.ts:728 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/wizard/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/wizard/i18n/locales/en.ts:11 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/wizard/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/wizard/i18n/locales/en.ts:575 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/wizard/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/wizard/i18n/locales/en.ts:1026 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/wizard/i18n/locales/zh-CN.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/wizard/i18n/locales/zh-CN.ts:558 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/wizard/i18n/locales/zh-CN.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/wizard/i18n/locales/zh-CN.ts:989 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/wizard/i18n/locales/zh-TW.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/wizard/i18n/locales/zh-TW.ts:559 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/wizard/i18n/locales/zh-TW.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/wizard/i18n/locales/zh-TW.ts:990 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ar.ts:670 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ar.ts:679 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ar.ts:680 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ar.ts:1173 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ar.ts:1174 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/de.ts:675 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/de.ts:684 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/de.ts:685 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/de.ts:1188 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/de.ts:1189 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/en.ts:669 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/en.ts:678 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/en.ts:679 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/en.ts:1174 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/en.ts:1175 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/es.ts:672 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/es.ts:681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/es.ts:682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/es.ts:1186 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/es.ts:1187 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fa.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fa.ts:672 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fa.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fa.ts:681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fa.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fa.ts:682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fa.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fa.ts:1181 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fa.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fa.ts:1182 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fr.ts:674 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fr.ts:683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fr.ts:684 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fr.ts:1189 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/fr.ts:1190 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/id.ts:671 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/id.ts:680 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/id.ts:681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/id.ts:1181 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/id.ts:1182 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/it.ts:673 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/it.ts:682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/it.ts:683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/it.ts:1185 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/it.ts:1186 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ja-JP.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ja-JP.ts:674 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ja-JP.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ja-JP.ts:683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ja-JP.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ja-JP.ts:684 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ja-JP.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ja-JP.ts:1184 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ja-JP.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ja-JP.ts:1185 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ko.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ko.ts:670 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ko.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ko.ts:679 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ko.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ko.ts:680 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ko.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ko.ts:1176 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/ko.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/ko.ts:1177 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/nl.ts:673 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/nl.ts:682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/nl.ts:683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/nl.ts:1184 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/nl.ts:1185 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pl.ts:672 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pl.ts:681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pl.ts:682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pl.ts:1187 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pl.ts:1188 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pt-BR.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pt-BR.ts:671 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pt-BR.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pt-BR.ts:680 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pt-BR.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pt-BR.ts:681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pt-BR.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pt-BR.ts:1183 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/pt-BR.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/pt-BR.ts:1184 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/th.ts:669 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/th.ts:678 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/th.ts:679 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/th.ts:1167 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/th.ts:1168 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/tr.ts:674 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/tr.ts:683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/tr.ts:684 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/tr.ts:1186 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/tr.ts:1187 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/uk.ts:673 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/uk.ts:682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/uk.ts:683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/uk.ts:1185 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/uk.ts:1186 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/vi.ts:672 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/vi.ts:681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/vi.ts:682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/vi.ts:1179 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/vi.ts:1180 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/zh-CN.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/zh-CN.ts:668 secrets
critical 9-layer security secrets conf 1.00 Possible secret in ui/src/i18n/locales/zh-TW.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
ui/src/i18n/locales/zh-TW.ts:668 secrets
low Legacy quality quality conf 1.00 ✓ Repobility [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).
Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context.
extensions/diffs/src/viewer-assets.ts:158 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).
Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context.
extensions/diffs-language-pack/src/viewer-assets.ts:84 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let.
Review and fix per the pattern semantics. See CWE-476 / for context.
apps/swabble/Sources/SwabbleCore/Support/AttributedString+Sentences.swift:62 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let.
Review and fix per the pattern semantics. See CWE-476 / for context.
apps/shared/OpenClawKit/Sources/OpenClawKit/GatewayErrors.swift:185 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.encryption_key_for_current_tdlib` used but never assigned in __init__: Method `authorize` of class `UserDriver` reads `self.encryption_key_for_current_tdlib`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.encryption_key_for_current_tdlib = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:342 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.encryption_key_for_current_tdlib` used but never assigned in __init__: Method `authorize` of class `UserDriver` reads `self.encryption_key_for_current_tdlib`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.encryption_key_for_current_tdlib = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:332 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.encryption_key` used but never assigned in __init__: Method `authorize` of class `UserDriver` reads `self.encryption_key`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.encryption_key = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:295 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.encryption_key` used but never assigned in __init__: Method `encryption_key_for_current_tdlib` of class `UserDriver` reads `self.encryption_key`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.encryption_key = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:272 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.handle_update` used but never assigned in __init__: Method `request` of class `TdClient` reads `self.handle_update`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.handle_update = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:210 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.receive` used but never assigned in __init__: Method `next_update` of class `TdClient` reads `self.receive`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.receive = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:220 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.receive` used but never assigned in __init__: Method `request` of class `TdClient` reads `self.receive`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.receive = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:203 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.send` used but never assigned in __init__: Method `request` of class `TdClient` reads `self.send`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.send = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:200 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.settle_sent_message` used but never assigned in __init__: Method `send_text` of class `UserDriver` reads `self.settle_sent_message`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.settle_sent_message = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:389 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.show_qr_link` used but never assigned in __init__: Method `authorize` of class `UserDriver` reads `self.show_qr_link`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.show_qr_link = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:314 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.td_params_current` used but never assigned in __init__: Method `authorize` of class `UserDriver` reads `self.td_params_current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.td_params_current = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:345 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.td_params_current` used but never assigned in __init__: Method `authorize` of class `UserDriver` reads `self.td_params_current`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.td_params_current = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:335 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.td_params` used but never assigned in __init__: Method `authorize` of class `UserDriver` reads `self.td_params`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.td_params = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:290 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.td_params` used but never assigned in __init__: Method `td_params_current` of class `UserDriver` reads `self.td_params`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.td_params = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:259 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.text_content` used but never assigned in __init__: Method `send_text` of class `UserDriver` reads `self.text_content`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.text_content = <default>` in __init__, or add a class-level default.
scripts/e2e/telegram-user-driver.py:403 qualitylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/cache@<40-char-sha> # v4` and let Dependabot bump it on a scheduled cadence.
.github/workflows/mantis-slack-desktop-smoke.yml:183 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v4` and let Dependabot bump it on a scheduled cadence.
apps/swabble/.github/workflows/ci.yml:17 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/install-smoke.yml:292 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/install-smoke.yml:220 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/install-smoke.yml:109 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/install-smoke.yml:59 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/npm-telegram-beta-e2e.yml:123 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/docs-agent.yml:36 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/mantis-slack-desktop-smoke.yml:168 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/mantis-slack-desktop-smoke.yml:114 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/real-behavior-proof.yml:25 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/duplicate-after-merge.yml:38 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/checkout@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/opengrep-precise.yml:44 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/create-github-app-token` pinned to mutable ref `@v3`: `uses: actions/create-github-app-token@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/create-github-app-token@<40-char-sha> # v3` and let Dependabot bump it on a scheduled cadence.
.github/workflows/mantis-slack-desktop-smoke.yml:466 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/create-github-app-token` pinned to mutable ref `@v3`: `uses: actions/create-github-app-token@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/create-github-app-token@<40-char-sha> # v3` and let Dependabot bump it on a scheduled cadence.
.github/workflows/real-behavior-proof.yml:37 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/create-github-app-token` pinned to mutable ref `@v3`: `uses: actions/create-github-app-token@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/create-github-app-token@<40-char-sha> # v3` and let Dependabot bump it on a scheduled cadence.
.github/workflows/real-behavior-proof.yml:29 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/download-artifact@<40-char-sha> # v8` and let Dependabot bump it on a scheduled cadence.
.github/workflows/npm-telegram-beta-e2e.yml:200 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/download-artifact@<40-char-sha> # v8` and let Dependabot bump it on a scheduled cadence.
.github/workflows/npm-telegram-beta-e2e.yml:193 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/github-script` pinned to mutable ref `@v8`: `uses: actions/github-script@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/github-script@<40-char-sha> # v8` and let Dependabot bump it on a scheduled cadence.
.github/workflows/mantis-slack-desktop-smoke.yml:84 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/setup-go` pinned to mutable ref `@v6`: `uses: actions/setup-go@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/setup-go@<40-char-sha> # v6` and let Dependabot bump it on a scheduled cadence.
.github/workflows/mantis-slack-desktop-smoke.yml:193 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/upload-artifact@<40-char-sha> # v7` and let Dependabot bump it on a scheduled cadence.
.github/workflows/npm-telegram-beta-e2e.yml:272 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/upload-artifact@<40-char-sha> # v7` and let Dependabot bump it on a scheduled cadence.
.github/workflows/mantis-slack-desktop-smoke.yml:456 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: actions/upload-artifact@<40-char-sha> # v7` and let Dependabot bump it on a scheduled cadence.
.github/workflows/opengrep-precise.yml:96 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED115] Action `github/codeql-action/upload-sarif` pinned to mutable ref `@v4`: `uses: github/codeql-action/upload-sarif@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
Replace with: `uses: github/codeql-action/upload-sarif@<40-char-sha> # v4` and let Dependabot bump it on a scheduled cadence.
.github/workflows/opengrep-precise.yml:87 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED118] Dockerfile FROM `ubuntu:24.04` not pinned by digest: `FROM ubuntu:24.04` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Replace with: `FROM ubuntu:24.04@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot).
.github/images/live-media-runner/Dockerfile:1 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED126] Workflow container/services image `ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04` unpinned: `container/services image: ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines.
Replace with `ghcr.io/openclaw/openclaw-live-media-runner:ubuntu-24.04@sha256:<digest>`. Re-pin via Dependabot Docker scope.
.github/workflows/openclaw-live-and-e2e-checks-reusable.yml:2450 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.14.1`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.14.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed).
.pre-commit-config.yaml:54 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED131] pre-commit hook `https://github.com/koalaman/shellcheck-precommit` pinned to mutable rev `v0.11.0`: `.pre-commit-config.yaml` references `https://github.com/koalaman/shellcheck-precommit` at `rev: v0.11.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed).
.pre-commit-config.yaml:24 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v6.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v6.0.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed).
.pre-commit-config.yaml:9 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED131] pre-commit hook `https://github.com/rhysd/actionlint` pinned to mutable rev `v1.7.10`: `.pre-commit-config.yaml` references `https://github.com/rhysd/actionlint` at `rev: v1.7.10`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed).
.pre-commit-config.yaml:33 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED131] pre-commit hook `https://github.com/zizmorcore/zizmor-pre-commit` pinned to mutable rev `v1.22.0`: `.pre-commit-config.yaml` references `https://github.com/zizmorcore/zizmor-pre-commit` at `rev: v1.22.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed).
.pre-commit-config.yaml:39 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility [MINED134] Binary file `apps/android/gradle/wrapper/gradle-wrapper.jar` committed in source repo: `apps/android/gradle/wrapper/gradle-wrapper.jar` is a .jar binary (48,966 bytes) committed to a repo that otherwise has 17058 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
apps/android/gradle/wrapper/gradle-wrapper.jar:1 dependencylegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
extensions/document-extract/document-extractor.ts:48 path_traversallegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
extensions/codex/src/app-server/sandbox-exec-server/http.ts:296 path_traversallegacy
high Legacy security credential_exposure conf 1.00 [SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but they can leak live secrets through logs, shell history, CI output, or documentation.
Remove the command, use a secret manager or CI masked secret, and rotate any credential that may have been printed.
.agents/skills/release-openclaw-ci/scripts/release-ci-summary.mjs:35 credential_exposurelegacy
high Legacy software prototype_pollution conf 1.00 [SEC033] Prototype Pollution — unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie).
Sanitize keys BEFORE merge: function sanitize(obj) { delete obj.__proto__; delete obj.constructor; delete obj.prototype; return obj; } Or use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation.
extensions/discord/src/monitor/native-command-model-picker-apply.ts:50 prototype_pollutionlegacy
high Legacy software resource_exhaustion conf 1.00 [SEC035] Unbounded Resource Allocation — DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants.
Cap user-controlled sizes BEFORE allocation: size = min(int(request.args.get('n', 100)), MAX_SIZE) Set framework-level limits: Flask: app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024 FastAPI: use middleware to enforce request size Django: DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py …
extensions/file-transfer/src/node-host/file-fetch.ts:119 resource_exhaustionlegacy
high Legacy software resource_exhaustion conf 1.00 [SEC035] Unbounded Resource Allocation — DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants.
Cap user-controlled sizes BEFORE allocation: size = min(int(request.args.get('n', 100)), MAX_SIZE) Set framework-level limits: Flask: app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024 FastAPI: use middleware to enforce request size Django: DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py …
extensions/file-transfer/src/node-host/dir-fetch.ts:187 resource_exhaustionlegacy
low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.
For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.
extensions/chutes/onboard.ts:29 xsslegacy
low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.
For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.
extensions/browser/src/cli/browser-cli-debug.ts:132 xsslegacy
low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.
For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.
extensions/browser/src/browser/snapshot-urls.ts:15 xsslegacy
low Legacy quality quality conf 1.00 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).
Use a literal RegExp or whitelist-validate user input before constructing patterns.
extensions/imessage/src/monitor/reflection-guard.ts:31 qualitylegacy
low Legacy quality quality conf 1.00 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).
Use a literal RegExp or whitelist-validate user input before constructing patterns.
extensions/copilot/src/auth-bridge.ts:317 qualitylegacy
low Legacy quality quality conf 1.00 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).
Use a literal RegExp or whitelist-validate user input before constructing patterns.
extensions/browser/src/browser/url-pattern.ts:20 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
extensions/browser/src/browser/routes/dispatcher.ts:91 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
extensions/browser/src/browser/paths.ts:107 qualitylegacy
low Legacy quality quality conf 1.00 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0).
Use execFile / spawn with separate args array; never pass shell strings.
extensions/acpx/src/codex-trust-config.ts:144 qualitylegacy
high Legacy security path_traversal conf 1.00 [SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly.
After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`.
extensions/browser/src/browser/paths.ts:156 path_traversallegacy
high Legacy security path_traversal conf 1.00 [SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly.
After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`.
extensions/browser/src/browser/output-files.ts:23 path_traversallegacy
high Legacy security path_traversal conf 1.00 [SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly.
After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`.
extensions/acpx/src/process-lease.ts:100 path_traversallegacy
high Legacy security auth conf 0.78 Consent is collected in UI without visible backend audit persistence
Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state.
extensions/msteams/src/pending-uploads-fs.ts:243 authlegacy
high Legacy cicd docker conf 0.92 Dockerfile pipes a remote script into a shell
Download the artifact, verify its checksum or signature, pin the version, and then execute it.
scripts/docker/sandbox/Dockerfile.common:31 dockerlegacy
high Legacy cicd docker conf 0.92 Dockerfile pipes a remote script into a shell
Download the artifact, verify its checksum or signature, pin the version, and then execute it.
scripts/docker/install-sh-nonroot/Dockerfile:28 dockerlegacy
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /anything (extensions/mattermost/src/mattermost/client.test.ts:164)
`extensions/mattermost/src/mattermost/client.test.ts:164` calls `DELETE /anything` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/anything` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: DELETE /posts/${postId} (extensions/mattermost/src/mattermost/client.ts:561)
`extensions/mattermost/src/mattermost/client.ts:561` calls `DELETE /posts/${postId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/posts/<p>` If this points at an external API, prefix it with `https://` so…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/me (extensions/clickclack/src/http-client.ts:48)
`extensions/clickclack/src/http-client.ts:48` calls `GET /api/me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/me` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/workspaces (extensions/clickclack/src/http-client.ts:52)
`extensions/clickclack/src/http-client.ts:52` calls `GET /api/workspaces` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/workspaces` If this points at an external API, prefix it with `https://` so the match…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /channels/${channelId} (extensions/mattermost/src/mattermost/client.ts:190)
`extensions/mattermost/src/mattermost/client.ts:190` calls `GET /channels/${channelId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/channels/<p>` If this points at an external API, prefix it with `https:…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /missing (extensions/mattermost/src/mattermost/client.test.ts:152)
`extensions/mattermost/src/mattermost/client.test.ts:152` calls `GET /missing` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/missing` If this points at an external API, prefix it with `https://` so the mat…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /posts/${payload.post_id} (extensions/mattermost/src/mattermost/interactions.ts:511)
`extensions/mattermost/src/mattermost/interactions.ts:511` calls `GET /posts/${payload.post_id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/posts/<p>` If this points at an external API, prefix it with `…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /repos/openclaw/openclaw (test/scripts/dependency-guard-script.test.ts:663)
`test/scripts/dependency-guard-script.test.ts:663` calls `GET /repos/openclaw/openclaw` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/repos/openclaw/openclaw` If this points at an external API, prefix it w…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /repos/openclaw/openclaw (test/scripts/dependency-guard-script.test.ts:687)
`test/scripts/dependency-guard-script.test.ts:687` calls `GET /repos/openclaw/openclaw` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/repos/openclaw/openclaw` If this points at an external API, prefix it w…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /repos/openclaw/openclaw (test/scripts/dependency-guard-script.test.ts:721)
`test/scripts/dependency-guard-script.test.ts:721` calls `GET /repos/openclaw/openclaw` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/repos/openclaw/openclaw` If this points at an external API, prefix it w…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /users/${userId} (extensions/mattermost/src/mattermost/client.ts:176)
`extensions/mattermost/src/mattermost/client.ts:176` calls `GET /users/${userId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/<p>` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /users/${userId}/teams (extensions/mattermost/src/mattermost/client.ts:533)
`extensions/mattermost/src/mattermost/client.ts:533` calls `GET /users/${userId}/teams` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/<p>/teams` If this points at an external API, prefix it with `htt…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /users/me (extensions/mattermost/src/mattermost/client.test.ts:125)
`extensions/mattermost/src/mattermost/client.test.ts:125` calls `GET /users/me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/me` If this points at an external API, prefix it with `https://` so the m…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /users/me (extensions/mattermost/src/mattermost/client.ts:169)
`extensions/mattermost/src/mattermost/client.ts:169` calls `GET /users/me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/me` If this points at an external API, prefix it with `https://` so the matche…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /users/me/teams (extensions/mattermost/src/mattermost/directory.ts:139)
`extensions/mattermost/src/mattermost/directory.ts:139` calls `GET /users/me/teams` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/me/teams` If this points at an external API, prefix it with `https://…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET /users/username/${encodeURIComponent(username)} (extensions/mattermost/src/mattermost/client.ts:183)
`extensions/mattermost/src/mattermost/client.ts:183` calls `GET /users/username/${encodeURIComponent(username)}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/username/<p>` If this points at an exter…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${enabledPort}${pathname} (src/gateway/models-http.test.ts:31)
`src/gateway/models-http.test.ts:31` calls `GET http://127.0.0.1:${enabledPort}${pathname}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/<p>` If this points at an external API, prefix it with …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${MOCK_PORT}/health (test/scripts/docker-build-helper.test.ts:2303)
`test/scripts/docker-build-helper.test.ts:2303` calls `GET http://127.0.0.1:${MOCK_PORT}/health` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/health` If this points at an external API, prefix …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${mock_port}/health (test/scripts/rtt-harness.test.ts:215)
`test/scripts/rtt-harness.test.ts:215` calls `GET http://127.0.0.1:${mock_port}/health` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/health` If this points at an external API, prefix it with `…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/ (src/gateway/server.control-ui-root.test.ts:40)
`src/gateway/server.control-ui-root.test.ts:40` calls `GET http://127.0.0.1:${port}/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>` If this points at an external API, prefix it with `https://`…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1 (src/plugin-sdk/provider-auth-runtime.test.ts:116)
`src/plugin-sdk/provider-auth-runtime.test.ts:116` calls `GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/callback` If this points…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1 (src/plugin-sdk/provider-auth-runtime.test.ts:151)
`src/plugin-sdk/provider-auth-runtime.test.ts:151` calls `GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/callback` If this points…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1 (src/plugin-sdk/provider-auth-runtime.test.ts:175)
`src/plugin-sdk/provider-auth-runtime.test.ts:175` calls `GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/callback` If this points…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1 (src/plugin-sdk/provider-auth-runtime.test.ts:76)
`src/plugin-sdk/provider-auth-runtime.test.ts:76` calls `GET http://127.0.0.1:${port}/callback?code=code-1&state=state-1` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/callback` If this points …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/fixture/inbound (test/scripts/e2e-helper-env-limits.test.ts:148)
`test/scripts/e2e-helper-env-limits.test.ts:148` calls `GET http://127.0.0.1:${port}/fixture/inbound` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/fixture/inbound` If this points at an externa…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/healthz (extensions/telegram/src/webhook.test.ts:481)
`extensions/telegram/src/webhook.test.ts:481` calls `GET http://127.0.0.1:${port}/healthz` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/healthz` If this points at an external API, prefix it wi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/healthz (extensions/telegram/src/webhook.test.ts:528)
`extensions/telegram/src/webhook.test.ts:528` calls `GET http://127.0.0.1:${port}/healthz` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/healthz` If this points at an external API, prefix it wi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/hook (src/gateway/server-http.request-trace.test.ts:78)
`src/gateway/server-http.request-trace.test.ts:78` calls `GET http://127.0.0.1:${port}/hook` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/hook` If this points at an external API, prefix it wit…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/hooks/wake (src/gateway/server.hooks.test.ts:1007)
`src/gateway/server.hooks.test.ts:1007` calls `GET http://127.0.0.1:${port}/hooks/wake` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/hooks/wake` If this points at an external API, prefix it wi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/hooks/wake (src/gateway/server.hooks.test.ts:278)
`src/gateway/server.hooks.test.ts:278` calls `GET http://127.0.0.1:${port}/hooks/wake` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/hooks/wake` If this points at an external API, prefix it wit…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/v1/chat/completions (src/gateway/openai-http.test.ts:191)
`src/gateway/openai-http.test.ts:191` calls `GET http://127.0.0.1:${port}/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/chat/completions` If this points at an external A…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/v1/models (src/gateway/models-http.test.ts:120)
`src/gateway/models-http.test.ts:120` calls `GET http://127.0.0.1:${port}/v1/models` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/models` If this points at an external API, prefix it with `…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/v1/models (src/gateway/models-http.test.ts:138)
`src/gateway/models-http.test.ts:138` calls `GET http://127.0.0.1:${port}/v1/models` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/models` If this points at an external API, prefix it with `…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/v1/responses (src/gateway/openresponses-http.test.ts:266)
`src/gateway/openresponses-http.test.ts:266` calls `GET http://127.0.0.1:${port}/v1/responses` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/responses` If this points at an external API, pre…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${QA_LAB_INTERNAL_PORT}/healthz (extensions/qa-lab/src/docker-harness.ts:85)
`extensions/qa-lab/src/docker-harness.ts:85` calls `GET http://127.0.0.1:${QA_LAB_INTERNAL_PORT}/healthz` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/healthz` If this points at an external AP…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:18789/healthz (extensions/qa-lab/src/docker-harness.test.ts:56)
`extensions/qa-lab/src/docker-harness.test.ts:56` calls `GET http://127.0.0.1:18789/healthz` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:18789/healthz` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:18789/healthz (extensions/qa-lab/src/docker-harness.ts:126)
`extensions/qa-lab/src/docker-harness.ts:126` calls `GET http://127.0.0.1:18789/healthz` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:18789/healthz` If this points at an external API, prefix it wit…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:44080/healthz (extensions/qa-lab/src/docker-harness.ts:58)
`extensions/qa-lab/src/docker-harness.ts:58` calls `GET http://127.0.0.1:44080/healthz` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:44080/healthz` If this points at an external API, prefix it with…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.example.com/data (src/skills/security/scanner.test.ts:312)
`src/skills/security/scanner.test.ts:312` calls `GET https://api.example.com/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.example.com/data` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.telegram.org/botTOKEN/getMe (extensions/telegram/src/fetch.test.ts:531)
`extensions/telegram/src/fetch.test.ts:531` calls `GET https://api.telegram.org/botTOKEN/getMe` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.telegram.org/bottoken/getme` If this points at an external AP…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.telegram.org/botTOKEN/getMe (extensions/telegram/src/fetch.test.ts:562)
`extensions/telegram/src/fetch.test.ts:562` calls `GET https://api.telegram.org/botTOKEN/getMe` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.telegram.org/bottoken/getme` If this points at an external AP…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.telegram.org/botx/getMe (extensions/telegram/src/fetch.test.ts:1255)
`extensions/telegram/src/fetch.test.ts:1255` calls `GET https://api.telegram.org/botx/getMe` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.telegram.org/botx/getme` If this points at an external API, pref…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://auth.example.com/token (src/agents/mcp-http-fetch.test.ts:131)
`src/agents/mcp-http-fetch.test.ts:131` calls `GET https://auth.example.com/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/auth.example.com/token` If this points at an external API, prefix it with `htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://auth.example.com/token (src/agents/mcp-http-fetch.test.ts:192)
`src/agents/mcp-http-fetch.test.ts:192` calls `GET https://auth.example.com/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/auth.example.com/token` If this points at an external API, prefix it with `htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://auth.example.com/token (src/agents/mcp-http-fetch.test.ts:99)
`src/agents/mcp-http-fetch.test.ts:99` calls `GET https://auth.example.com/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/auth.example.com/token` If this points at an external API, prefix it with `http…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://discord.com/api/v10/oauth2/applications/@me (extensions/discord/src/monitor/provider.rest-proxy.test.ts:177)
`extensions/discord/src/monitor/provider.rest-proxy.test.ts:177` calls `GET https://discord.com/api/v10/oauth2/applications/@me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/https:/discord.com/api/v10/oau…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://discord.com/api/v10/oauth2/applications/@me (extensions/discord/src/monitor/provider.rest-proxy.test.ts:207)
`extensions/discord/src/monitor/provider.rest-proxy.test.ts:207` calls `GET https://discord.com/api/v10/oauth2/applications/@me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/https:/discord.com/api/v10/oau…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://discord.com/api/v10/oauth2/applications/@me (extensions/discord/src/monitor/provider.rest-proxy.test.ts:256)
`extensions/discord/src/monitor/provider.rest-proxy.test.ts:256` calls `GET https://discord.com/api/v10/oauth2/applications/@me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/https:/discord.com/api/v10/oau…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://discord.com/api/v10/oauth2/applications/@me (extensions/discord/src/monitor/provider.rest-proxy.test.ts:273)
`extensions/discord/src/monitor/provider.rest-proxy.test.ts:273` calls `GET https://discord.com/api/v10/oauth2/applications/@me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/https:/discord.com/api/v10/oau…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://discord.com/api/v10/oauth2/applications/@me (extensions/discord/src/monitor/provider.rest-proxy.test.ts:307)
`extensions/discord/src/monitor/provider.rest-proxy.test.ts:307` calls `GET https://discord.com/api/v10/oauth2/applications/@me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/https:/discord.com/api/v10/oau…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://discord.com/api/v10/oauth2/applications/@me (extensions/discord/src/monitor/provider.rest-proxy.test.ts:334)
`extensions/discord/src/monitor/provider.rest-proxy.test.ts:334` calls `GET https://discord.com/api/v10/oauth2/applications/@me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/https:/discord.com/api/v10/oau…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://discord.com/api/v10/oauth2/applications/@me (extensions/discord/src/monitor/provider.rest-proxy.test.ts:356)
`extensions/discord/src/monitor/provider.rest-proxy.test.ts:356` calls `GET https://discord.com/api/v10/oauth2/applications/@me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/https:/discord.com/api/v10/oau…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://example.invalid (src/skills/security/scanner.test.ts:290)
`src/skills/security/scanner.test.ts:290` calls `GET https://example.invalid` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/example.invalid` If this points at an external API, prefix it with `https://` so th…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://github.com/${login}.png?size=${AVATAR_PROBE_SIZE} (scripts/update-clawtributors.ts:457)
`scripts/update-clawtributors.ts:457` calls `GET https://github.com/${login}.png?size=${AVATAR_PROBE_SIZE}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/github.com/<p>.png` If this points at an external API…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://mcp.example.com/.well-known/oauth-protected-resource (src/agents/mcp-http-fetch.test.ts:189)
`src/agents/mcp-http-fetch.test.ts:189` calls `GET https://mcp.example.com/.well-known/oauth-protected-resource` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/mcp.example.com/.well-known/oauth-protected-reso…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://mcp.example.com/token (src/agents/mcp-http-fetch.test.ts:117)
`src/agents/mcp-http-fetch.test.ts:117` calls `GET https://mcp.example.com/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/mcp.example.com/token` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://mcp.example.com/token (src/agents/mcp-http-fetch.test.ts:130)
`src/agents/mcp-http-fetch.test.ts:130` calls `GET https://mcp.example.com/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/mcp.example.com/token` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://mcp.example.com/token (src/agents/mcp-http-fetch.test.ts:158)
`src/agents/mcp-http-fetch.test.ts:158` calls `GET https://mcp.example.com/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/mcp.example.com/token` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://mcp.example.com/token (src/agents/mcp-http-fetch.test.ts:98)
`src/agents/mcp-http-fetch.test.ts:98` calls `GET https://mcp.example.com/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/mcp.example.com/token` If this points at an external API, prefix it with `https:…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: OPTIONS http://127.0.0.1:${port}/callback (src/plugin-sdk/provider-auth-runtime.test.ts:100)
`src/plugin-sdk/provider-auth-runtime.test.ts:100` calls `OPTIONS http://127.0.0.1:${port}/callback` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/callback` If this points at an external API, p…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: OPTIONS http://127.0.0.1:${port}/callback (src/plugin-sdk/provider-auth-runtime.test.ts:139)
`src/plugin-sdk/provider-auth-runtime.test.ts:139` calls `OPTIONS http://127.0.0.1:${port}/callback` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/callback` If this points at an external API, p…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: OPTIONS http://127.0.0.1:${port}/callback (src/plugin-sdk/provider-auth-runtime.test.ts:61)
`src/plugin-sdk/provider-auth-runtime.test.ts:61` calls `OPTIONS http://127.0.0.1:${port}/callback` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/callback` If this points at an external API, pr…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/channels/${encodeURIComponent(channelId)}/messages (extensions/clickclack/src/http-client.ts:88)
`extensions/clickclack/src/http-client.ts:88` calls `POST /api/channels/${encodeURIComponent(channelId)}/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/channels/<p>/messages` If this points at an …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/dms (extensions/clickclack/src/http-client.ts:105)
`extensions/clickclack/src/http-client.ts:105` calls `POST /api/dms` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dms` If this points at an external API, prefix it with `https://` so the matcher skips it.
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/dms/${encodeURIComponent(conversationId)}/messages (extensions/clickclack/src/http-client.ts:115)
`extensions/clickclack/src/http-client.ts:115` calls `POST /api/dms/${encodeURIComponent(conversationId)}/messages` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/dms/<p>/messages` If this points at an exte…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/messages/${encodeURIComponent(messageId)}/thread/replies (extensions/clickclack/src/http-client.ts:95)
`extensions/clickclack/src/http-client.ts:95` calls `POST /api/messages/${encodeURIComponent(messageId)}/thread/replies` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/messages/<p>/thread/replies` If this p…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /channels/direct (extensions/mattermost/src/mattermost/client.ts:225)
`extensions/mattermost/src/mattermost/client.ts:225` calls `POST /channels/direct` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/channels/direct` If this points at an external API, prefix it with `https://…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /commands (extensions/mattermost/src/mattermost/slash-commands.ts:214)
`extensions/mattermost/src/mattermost/slash-commands.ts:214` calls `POST /commands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/commands` If this points at an external API, prefix it with `https://` so t…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /posts (extensions/mattermost/src/mattermost/client.test.ts:137)
`extensions/mattermost/src/mattermost/client.test.ts:137` calls `POST /posts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/posts` If this points at an external API, prefix it with `https://` so the matche…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /posts (extensions/mattermost/src/mattermost/client.ts:517)
`extensions/mattermost/src/mattermost/client.ts:517` calls `POST /posts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/posts` If this points at an external API, prefix it with `https://` so the matcher ski…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /users/ids (extensions/mattermost/src/mattermost/directory.ts:161)
`extensions/mattermost/src/mattermost/directory.ts:161` calls `POST /users/ids` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/ids` If this points at an external API, prefix it with `https://` so the …
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST /users/search (extensions/mattermost/src/mattermost/directory.ts:149)
`extensions/mattermost/src/mattermost/directory.ts:149` calls `POST /users/search` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:request Normalized path used for matching: `/users/search` If this points at an external API, prefix it with `https://` s…
wiringdangling-fetchhelper:request
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://10.0.0.5:11434/api/chat (src/agents/provider-transport-fetch.test.ts:895)
`src/agents/provider-transport-fetch.test.ts:895` calls `POST http://10.0.0.5:11434/api/chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/10.0.0.5:11434/api/chat` If this points at an external API,…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://10.0.0.5:1234/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:702)
`src/agents/provider-transport-fetch.test.ts:702` calls `POST http://10.0.0.5:1234/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/10.0.0.5:1234/v1/chat/completions` If this points…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://10.0.0.5:1234/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:747)
`src/agents/provider-transport-fetch.test.ts:747` calls `POST http://10.0.0.5:1234/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/10.0.0.5:1234/v1/chat/completions` If this points…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://10.0.0.5:1234/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:806)
`src/agents/provider-transport-fetch.test.ts:806` calls `POST http://10.0.0.5:1234/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/10.0.0.5:1234/v1/chat/completions` If this points…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://10.0.0.5:4321/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:787)
`src/agents/provider-transport-fetch.test.ts:787` calls `POST http://10.0.0.5:4321/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/10.0.0.5:4321/v1/chat/completions` If this points…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${enabledPort}/v1/embeddings (src/gateway/embeddings-http.test.ts:144)
`src/gateway/embeddings-http.test.ts:144` calls `POST http://127.0.0.1:${enabledPort}/v1/embeddings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/embeddings` If this points at an external A…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${enabledPort}/v1/embeddings (src/gateway/embeddings-http.test.ts:320)
`src/gateway/embeddings-http.test.ts:320` calls `POST http://127.0.0.1:${enabledPort}/v1/embeddings` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/embeddings` If this points at an external A…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${params.port}/mcp (src/gateway/mcp-http.test.ts:120)
`src/gateway/mcp-http.test.ts:120` calls `POST http://127.0.0.1:${params.port}/mcp` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/mcp` If this points at an external API, prefix it with `https:/…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${params.port}/tools/invoke (src/gateway/tools-invoke-http.test.ts:313)
`src/gateway/tools-invoke-http.test.ts:313` calls `POST http://127.0.0.1:${params.port}/tools/invoke` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/tools/invoke` If this points at an external A…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}${pathLocal} (src/gateway/server.hooks.test.ts:61)
`src/gateway/server.hooks.test.ts:61` calls `POST http://127.0.0.1:${port}${pathLocal}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/<p>` If this points at an external API, prefix it with `htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}${pathname} (src/gateway/session-kill-http.test.ts:116)
`src/gateway/session-kill-http.test.ts:116` calls `POST http://127.0.0.1:${port}${pathname}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/<p>` If this points at an external API, prefix it with…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/hooks/agent (src/gateway/server.hooks.test.ts:499)
`src/gateway/server.hooks.test.ts:499` calls `POST http://127.0.0.1:${port}/hooks/agent` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/hooks/agent` If this points at an external API, prefix it …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/hooks/mapped-ok (src/gateway/server.hooks.test.ts:515)
`src/gateway/server.hooks.test.ts:515` calls `POST http://127.0.0.1:${port}/hooks/mapped-ok` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/hooks/mapped-ok` If this points at an external API, pr…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/tools/invoke (src/gateway/gateway.test.ts:310)
`src/gateway/gateway.test.ts:310` calls `POST http://127.0.0.1:${port}/tools/invoke` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/tools/invoke` If this points at an external API, prefix it wit…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/tools/invoke (src/gateway/tools-invoke-http.cron-regression.test.ts:124)
`src/gateway/tools-invoke-http.cron-regression.test.ts:124` calls `POST http://127.0.0.1:${port}/tools/invoke` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/tools/invoke` If this points at an e…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/chat/completions (src/gateway/openai-http.test.ts:1757)
`src/gateway/openai-http.test.ts:1757` calls `POST http://127.0.0.1:${port}/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/chat/completions` If this points at an external…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/chat/completions (src/gateway/openai-http.test.ts:1764)
`src/gateway/openai-http.test.ts:1764` calls `POST http://127.0.0.1:${port}/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/chat/completions` If this points at an external…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/chat/completions (src/gateway/openai-http.test.ts:201)
`src/gateway/openai-http.test.ts:201` calls `POST http://127.0.0.1:${port}/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/chat/completions` If this points at an external …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/chat/completions (src/gateway/openai-http.test.ts:2476)
`src/gateway/openai-http.test.ts:2476` calls `POST http://127.0.0.1:${port}/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/chat/completions` If this points at an external…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/chat/completions (src/gateway/openai-http.test.ts:80)
`src/gateway/openai-http.test.ts:80` calls `POST http://127.0.0.1:${port}/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/chat/completions` If this points at an external A…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/responses (src/gateway/openresponses-http.test.ts:104)
`src/gateway/openresponses-http.test.ts:104` calls `POST http://127.0.0.1:${port}/v1/responses` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/responses` If this points at an external API, pr…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/responses (src/gateway/openresponses-http.test.ts:273)
`src/gateway/openresponses-http.test.ts:273` calls `POST http://127.0.0.1:${port}/v1/responses` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/responses` If this points at an external API, pr…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/responses (src/gateway/openresponses-http.test.ts:978)
`src/gateway/openresponses-http.test.ts:978` calls `POST http://127.0.0.1:${port}/v1/responses` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/responses` If this points at an external API, pr…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/traces (test/scripts/qa-otel-smoke.test.ts:108)
`test/scripts/qa-otel-smoke.test.ts:108` calls `POST http://127.0.0.1:${port}/v1/traces` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/traces` If this points at an external API, prefix it wi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${port}/v1/traces (test/scripts/qa-otel-smoke.test.ts:142)
`test/scripts/qa-otel-smoke.test.ts:142` calls `POST http://127.0.0.1:${port}/v1/traces` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/v1/traces` If this points at an external API, prefix it wi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:${runtime.port}/mcp (src/gateway/gateway-cli-backend.live-probe-helpers.ts:223)
`src/gateway/gateway-cli-backend.live-probe-helpers.ts:223` calls `POST http://127.0.0.1:${runtime.port}/mcp` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/mcp` If this points at an external AP…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:11434/api/chat (src/agents/provider-transport-fetch.test.ts:974)
`src/agents/provider-transport-fetch.test.ts:974` calls `POST http://127.0.0.1:11434/api/chat` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:11434/api/chat` If this points at an external AP…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:11434/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:990)
`src/agents/provider-transport-fetch.test.ts:990` calls `POST http://127.0.0.1:11434/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:11434/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:1234/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:766)
`src/agents/provider-transport-fetch.test.ts:766` calls `POST http://127.0.0.1:1234/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:1234/v1/chat/completions` If this poin…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:18000/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:414)
`src/agents/provider-transport-fetch.test.ts:414` calls `POST http://127.0.0.1:18000/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:18000/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:18000/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:478)
`src/agents/provider-transport-fetch.test.ts:478` calls `POST http://127.0.0.1:18000/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:18000/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:18000/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:497)
`src/agents/provider-transport-fetch.test.ts:497` calls `POST http://127.0.0.1:18000/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:18000/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:18000/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:522)
`src/agents/provider-transport-fetch.test.ts:522` calls `POST http://127.0.0.1:18000/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:18000/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:18000/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:554)
`src/agents/provider-transport-fetch.test.ts:554` calls `POST http://127.0.0.1:18000/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:18000/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:18000/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:583)
`src/agents/provider-transport-fetch.test.ts:583` calls `POST http://127.0.0.1:18000/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:18000/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher
high 9-layer api wiring conf 1.00 Dangling fetch: POST http://127.0.0.1:18000/v1/chat/completions (src/agents/provider-transport-fetch.test.ts:611)
`src/agents/provider-transport-fetch.test.ts:611` calls `POST http://127.0.0.1:18000/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: helper:fetcher Normalized path used for matching: `/http:/127.0.0.1:18000/v1/chat/completions` If this po…
wiringdangling-fetchhelper:fetcher

Showing first 300 of 1523. Refine filters or use the legacy findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/133fe0c7-218e-4742-847e-cbe2f5a1fb4f/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/133fe0c7-218e-4742-847e-cbe2f5a1fb4f/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.