Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
15 of your 72 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 1.95s · analysis 4.58s · 1.4 MB · GitHub preflight 673ms

NVIDIA/SkillSpector

https://github.com/NVIDIA/SkillSpector.git · scanned 2026-06-18 08:45 UTC (1 day, 1 hour ago) · 10 languages

95 raw signals (60 security + 35 graph) 12th percentile · Python · small (2-20K LoC)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 day, 1 hour ago · v1 · 92 actionable findings from 2 signal sources. 3 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
60.0
/100
Security checks
64
59 findings
System graph
56
66.7% cov · 33 findings
Critical
1
click to filter
Agents
10
31 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 50.1 0.25 12.53
testing_score 100.0 0.20 20.00
documentation_score 100.0 0.15 15.00
practices_score 52.0 0.15 7.80
code_quality 60.5 0.10 6.05
Overall 1.00 74.1
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 1 High 37 Medium 20 Low 18 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 59 System graph 33 Crowd 0 Layer: Software 39 Cicd 2 Security 13 Quality 36 Hardware 2
Scan summary Repository scanned at 56.2/100 with 66.7% coverage. It contains 1276 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 35 findings — concentrated in quality (19), security (10), software (3). Risk profile is high: 0 critical, 9 high, 11 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 51 of 92 actionable findings. 95 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks security secrets conf 0.95 Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
docs/plans/2026-04-03-skilltrap-integration.md:418 0 TP · 1 FP
high Security checks software dependencies conf 0.88 cryptography: GHSA-537c-gmf6-5ccf
Vulnerable OpenSSL included in cryptography wheels
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.88 cryptography: GHSA-r6ph-v2qm-q3c2
cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.88 cryptography: PYSEC-2026-35
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography woul…
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.90 ✓ Repobility 2 occurrences Dockerfile FROM `python:3.12-slim-bookworm` not pinned by digest
`FROM python:3.12-slim-bookworm` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
lines 1, 8
Dockerfile:1, 8 (2 hits)
2.0 TP · 0 FP
high Security checks software dependencies conf 0.88 dulwich: GHSA-897w-fcg9-f6xj
Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.88 dulwich: GHSA-9277-mp7x-85jf
Dulwich Vulnerable to Command Injection via Merge Driver Path
uv.lock
high Security checks software dependencies conf 0.88 idna: PYSEC-2026-215
Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize the `valid_contexto`…
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.88 langchain-openai: PYSEC-2026-76
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with independ…
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.88 langsmith: GHSA-3644-q5cj-c5c7
LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.88 poetry: GHSA-2599-h6xx-hpxp
Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
uv.lock 1 TP · 0 FP
high Security checks software dependencies conf 0.90 ✓ Repobility pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.15.2`
`.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.15.2`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:2 1 TP · 0 FP
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-120
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting…
uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-175
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no docu…
uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-176
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature ver…
uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-177
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited out…
uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-178
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b…
uv.lock
high Security checks software dependencies conf 0.88 pyjwt: PYSEC-2026-179
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secre…
uv.lock
high Security checks software dependencies conf 0.88 starlette: GHSA-82w8-qh3p-5jfq
Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS
uv.lock
high Security checks software dependencies conf 0.88 starlette: GHSA-wqp7-x3pw-xc5r
Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
uv.lock
high Security checks software dependencies conf 0.88 starlette: PYSEC-2026-161
BadHost: Missing Host header validation poisons request.url.path, bypassing path-based security checks
uv.lock
high Security checks software dependencies conf 0.88 urllib3: PYSEC-2026-141
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
uv.lock
high Security checks software dependencies conf 0.88 urllib3: PYSEC-2026-142
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.dr…
uv.lock
high System graph security security conf 1.00 Insecure pattern 'eval_used' in README.md:287
Found a known-risky pattern (eval_used). Review and replace if possible.
README.md:287 Eval used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in README.md:286
Found a known-risky pattern (exec_used). Review and replace if possible.
README.md:286 Exec used
high Security checks cicd CI/CD security conf 0.82 Docker final stage has no non-root USER
Docker images run as root unless the image or Dockerfile switches to a non-root user.
Dockerfile:9 CI/CD securitycontainers
medium Security checks software dependencies conf 0.88 dulwich: GHSA-xrvj-v92f-53gj
Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
uv.lock
medium Security checks software dependencies conf 0.88 langchain-anthropic: GHSA-gr75-jv2w-4656
LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
uv.lock
medium Security checks software dependencies conf 0.88 langsmith: GHSA-rr7j-v2q5-chgv
LangSmith SDK: Streaming token events bypass output redaction
uv.lock
medium Security checks software dependencies conf 0.88 pyjwt: GHSA-993g-76c3-p5m4
PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes
uv.lock
medium Security checks software dependencies conf 0.88 pytest: GHSA-6w46-j5rx-g56g
pytest has vulnerable tmpdir handling
uv.lock
medium Security checks software dependencies conf 0.88 python-dotenv: GHSA-mf9w-mj56-hr94
python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback
uv.lock
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
docs/B.3.2-mcp-tool-poisoning.md:199
medium Security checks software dependencies conf 0.88 requests: GHSA-gc5v-m9x4-r6x2
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
uv.lock
medium Security checks software dependencies conf 0.88 starlette: GHSA-x746-7m8f-x49c
Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`
uv.lock
medium System graph quality Placeholder conf 1.00 Critical user flow still appears backed by mock or placeholder data
A payment/auth/admin/order/billing-style flow contains mock, fake, TODO, dummy, or placeholder markers in runtime source. In the Fable corpus this is a high-leverage completeness smell: the app can look finished while the money, identity, or tenant flow is still scaffolded.
Mock dataCritical flowGenerated repo pattern
medium System graph hardware Security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — src/skillspector/nodes/analyzers/behavioral_taint_tracking.py:210
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — src/skillspector/nodes/analyzers/pattern_defaults.py:303
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
low Security checks cicd CI/CD security conf 0.72 .dockerignore misses sensitive defaults
.dockerignore exists but does not cover common secret or VCS patterns.
.dockerignore CI/CD securitycontainers 1 TP · 0 FP
low Security checks software dependencies conf 0.88 dulwich: GHSA-555p-6grf-mh7f
Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`
uv.lock
low Security checks software dependencies conf 0.88 poetry: GHSA-73h3-mf4w-8647
Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4
uv.lock
low Security checks software dependencies conf 0.88 pygments: GHSA-5239-wwwm-4pmq
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
uv.lock
low Security checks software dependencies conf 0.88 starlette: GHSA-jp82-jpqv-5vv3
Starlette: Unvalidated request path concatenated into authority poisons request.url.hostname
uv.lock
low System graph hardware Supply chain conf 1.00 2 occurrences Docker base image is tag-pinned but not digest-pinned: python:3.12-slim-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
lines 1, 8
Dockerfile:1, 8 (2 hits)
containersPinned dependencies
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: src/skillspector/providers/openai/provider.py:get_context_length, src/skillspector/providers/anthropic/provider.py:get_context_length This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). C…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: src/skillspector/providers/openai/provider.py:resolve_model, src/skillspector/providers/nv_build/provider.py:resolve_model, src/skillspector/providers/anthropic/provider.py:resolve_model This is *the* AI-coder failure mode (4× more duplication in vib…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: src/skillspector/providers/base.py:create_chat_model, src/skillspector/providers/openai/provider.py:create_chat_model, src/skillspector/providers/nv_build/provider.py:create_chat_model, src/skillspector/providers/anthropic/provider.py:create_chat_mode…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 9 places
Functions with the same first-5-line body hash: src/skillspector/nodes/analyzers/static_patterns_supply_chain.py:loc, src/skillspector/nodes/analyzers/static_patterns_memory_poisoning.py:loc, src/skillspector/nodes/analyzers/static_patterns_output_handling.py:loc, src/skillspector/nodes/analyzers/s…
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `rule_v1` in tests/nodes/analyzers/test_static_yara.py:288
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Provenance conf 1.00 Shallow git history limits provenance confidence
The repository is a shallow clone. Origin/evolution analysis cannot distinguish fresh generation, imported legacy code, or long-lived human code with high confidence.
Git historyGenerated repo pattern
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/5af0a74e-3409-4ffe-985d-4356097a0e01/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/5af0a74e-3409-4ffe-985d-4356097a0e01/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.