Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

anthropics/claude-code

https://github.com/anthropics/claude-code.git · scanned 2026-05-16 15:07 UTC (3 weeks, 3 days ago) · 10 languages

43 raw signals (8 security + 35 graph) 86th percentile · Python · tiny (<2K LoC)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 3 weeks, 3 days ago · v1 · 6 actionable findings from 1 signal source. 2 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
73.3
/100
Security checks
71
6 findings
System graph
76
77.8% cov · 0 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 1 Medium 3 Low 2 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 6 System graph 0 Crowd 0 Layer: Cicd 2 Quality 3 Software 1
Scan summary Quality grade B (74/100). Dimensions: security 98, maintainability 40. 8 findings (1 security). 1,979 lines analyzed.

Showing 6 of 6 actionable findings. 8 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
plugins/security-guidance/hooks/security_reminder_hook.py:155
medium Security checks cicd CI/CD security conf 0.68 Agent auto-approve or skip-permissions mode is easy to enable
Codex/agent auto-approve, YOLO, or skip-permissions modes can be useful in isolated automation, but they remove the human checkpoint before command execution, network access, and file edits.
CHANGELOG.md:26 CI/CD securityagent runtimepermissions
medium Security checks cicd CI/CD security conf 0.90 Docker build context has no .dockerignore
Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts.
.dockerignore CI/CD securitycontainers
medium Security checks quality Quality conf 0.72 Privacy copy omits agent-mediated cloud connector data flow
Privacy panels that say cloud sync is disabled should still disclose when agent-mediated refreshes can send Gmail, Calendar, Drive, or similar connector snapshots outside the app.
CHANGELOG.md:1270
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
README.md:23
low Security checks quality Quality conf 0.60 3 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
3 files, 3 locations
plugins/hookify/hooks/pretooluse.py:3
plugins/hookify/hooks/stop.py:4
plugins/hookify/hooks/userpromptsubmit.py:3
duplicationquality
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/6131f100-85d9-42e5-8419-b96799a0c8f2/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/6131f100-85d9-42e5-8419-b96799a0c8f2/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.