Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
81 of your 136 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 21.67s · analysis 7.0s · 21.7 MB · GitHub API rate-limit (preflight)

lsdefine/GenericAgent

https://github.com/lsdefine/GenericAgent.git · scanned 2026-06-09 04:35 UTC (18 hours, 38 minutes ago) · 10 languages

2679 raw signals (125 security + 2554 graph) 35th percentile · Python · medium (20-100K LoC) System graph score 68 (lower by 22)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 18 hours, 37 minutes ago · v12 · 175 actionable findings from 2 signal sources. 74 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
61.8
/100
Security checks
55
67 findings
System graph
69
100.0% cov · 108 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 75.0 0.15 11.25
security_score 43.7 0.25 10.93
testing_score 0.0 0.20 0.00
documentation_score 94.0 0.15 14.10
practices_score 40.0 0.15 6.00
code_quality 42.1 0.10 4.21
Overall 1.00 46.5
Severity distribution — click a segment to filter
Active filters: layer: software × excluding tests × Reset all
Severity: Critical 0 High 45 Medium 12 Low 86 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 67 System graph 108 Crowd 0 Layer: Quality 76 Security 14 Cicd 2 Software 56 Frontend 3 Data 1 Api 23
Scan summary Quality grade D+ (46/100). Dimensions: security 44, maintainability 75. 125 findings (22 security). 35,014 lines analyzed.

Showing 54 of 175 actionable findings. 249 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks software dependencies conf 0.88 atk-sys: RUSTSEC-2024-0416
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 atk: RUSTSEC-2024-0413
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gdk-sys: RUSTSEC-2024-0418
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gdk: RUSTSEC-2024-0412
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gdkwayland-sys: RUSTSEC-2024-0411
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gdkx11-sys: RUSTSEC-2024-0414
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gdkx11: RUSTSEC-2024-0417
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 glib: RUSTSEC-2024-0429
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gtk-sys: RUSTSEC-2024-0420
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gtk3-macros: RUSTSEC-2024-0419
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 gtk: RUSTSEC-2024-0415
gtk-rs GTK3 bindings - no longer maintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 proc-macro-error: RUSTSEC-2024-0370
proc-macro-error is unmaintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 unic-char-property: RUSTSEC-2025-0081
`unic-char-property` is unmaintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 unic-char-range: RUSTSEC-2025-0075
`unic-char-range` is unmaintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 unic-common: RUSTSEC-2025-0080
`unic-common` is unmaintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 unic-ucd-ident: RUSTSEC-2025-0100
`unic-ucd-ident` is unmaintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.88 unic-ucd-version: RUSTSEC-2025-0098
`unic-ucd-version` is unmaintained
frontends/desktop/src-tauri/Cargo.lock
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
docs/GETTING_STARTED.md:62
high Security checks software dependencies conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
docs/installation_zh.md:38
low Security checks software Race condition conf 1.00 [SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason.
Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`.
memory/ljqCtrl.py:114
low Security checks software Race condition conf 1.00 [SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason.
Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`.
assets/agent_bbs.py:26
low Security checks software dependencies conf 0.90 npm package `@tauri-apps/cli` is minor version(s) behind (^2 -> 2.11.2)
`@tauri-apps/cli` is pinned/resolved at ^2 but the latest stable release on the npm registry is 2.11.2 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontends/desktop/package.json
low System graph software Dead code candidate conf 1.00 File has no detected symbols: ga_cli/__main__.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: mykey_template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: mykey_template_en.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code conf 1.00 Possibly dead Python function: build_autorun_prompt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
frontends/slash_cmds.py:194
low System graph software Dead code conf 1.00 Possibly dead Python function: build_conductor_prompt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
frontends/slash_cmds.py:230
low System graph software Dead code conf 1.00 Possibly dead Python function: build_goal_prompt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
frontends/slash_cmds.py:213
low System graph software Dead code conf 1.00 Possibly dead Python function: build_hive_prompt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
frontends/slash_cmds.py:221
low System graph software Dead code conf 1.00 Possibly dead Python function: build_morphling_prompt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
frontends/slash_cmds.py:204
low System graph software Dead code conf 1.00 Possibly dead Python function: build_update_prompt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
frontends/slash_cmds.py:143
low System graph software Dead code conf 1.00 Possibly dead Python function: do_ask_user
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:315
low System graph software Dead code conf 1.00 Possibly dead Python function: do_code_run
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:288
low System graph software Dead code conf 1.00 Possibly dead Python function: do_file_patch
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:364
low System graph software Dead code conf 1.00 Possibly dead Python function: do_file_read
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:411
low System graph software Dead code conf 1.00 Possibly dead Python function: do_file_write
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:378
low System graph software Dead code conf 1.00 Possibly dead Python function: do_no_tool
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:459
low System graph software Dead code conf 1.00 Possibly dead Python function: do_start_long_term_update
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:509
low System graph software Dead code conf 1.00 Possibly dead Python function: do_update_working_checkpoint
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:442
low System graph software Dead code conf 1.00 Possibly dead Python function: do_web_execute_js
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:337
low System graph software Dead code conf 1.00 Possibly dead Python function: do_web_scan
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:322
low System graph software Dead code conf 1.00 Possibly dead Python function: enter_plan_mode
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:433
low System graph software Dead code conf 1.00 Possibly dead Python function: fast_ask
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
llmcore.py:1065
low System graph software Dead code conf 1.00 Possibly dead Python function: handle_close
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
TMWebDriver.py:154
low System graph software Dead code conf 1.00 Possibly dead Python function: json_default
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent_loop.py:31
low System graph software Dead code conf 1.00 Possibly dead Python function: jump
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
TMWebDriver.py:281
low System graph software Dead code conf 1.00 Possibly dead Python function: log_request
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
TMWebDriver.py:108
low System graph software Dead code conf 1.00 Possibly dead Python function: replacer
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:186
low System graph software Dead code conf 1.00 Possibly dead Python function: safe_print
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:12
low System graph software Dead code conf 1.00 Possibly dead Python function: safeprint
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
llmcore.py:92
low System graph software Dead code conf 1.00 Possibly dead Python function: set_session
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
TMWebDriver.py:270
low System graph software Dead code conf 1.00 Possibly dead Python function: start_temp_monitor
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
simphtml.py:636
low System graph software Dead code conf 1.00 Possibly dead Python function: stream_reader
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
ga.py:48
low System graph software Dead code conf 1.00 Possibly dead Python function: to_allowed_set
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
frontends/chatapp_common.py:216
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/6356c847-6391-4ef0-ab26-f9c0d2936561/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/6356c847-6391-4ef0-ab26-f9c0d2936561/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.