Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

GenericAgent

https://github.com/lsdefine/GenericAgent.git · scanned 2026-05-17 02:55 UTC (13 hours, 27 minutes ago) · 10 languages

232 findings (24 legacy + 208 scanner) 55th percentile · Python · medium (20-100K LoC) Scanner says 82 (lower by 28)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 13 hours, 27 minutes ago · v2 · 129 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
75.1
/100
Repobility
68
24 legacy
9-layer
82
100.0% cov · 105 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: severity: medium × excluding tests × Reset all
Severity: Critical 0 High 27 Medium 17 Low 80 Source: Legacy 24 9-layer 105 Crowd 0 Layer: Quality 54 Security 18 Software 33 Frontend 3 Data 1 Cicd 1 Api 19
Scan summary Repository scanned at 82.3/100 with 100.0% coverage. It contains 1452 nodes across 18 cross-layer flows, written primarily in mixed languages. Engine surfaced 105 findings — concentrated in quality (42), software (28), api (19). Risk profile is high: 0 critical, 13 high, 9 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 17 of 129 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
frontends/desktop/static/app.js:772 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
assets/tmwd_cdp_bridge/background.js:124 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
assets/tmwd_cdp_bridge/disable_dialogs.js:19 error_handlinglegacy
medium Legacy security crypto conf 1.00 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness.
frontends/desktop/static/app.js:804 cryptolegacy
medium Legacy quality practices No CI/CD configuration found
Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request.
practiceslegacy
medium Legacy quality quality conf 0.82 Parallel implementation file sits beside a canonical file
AI-assisted edits often create a new sibling file instead of integrating the change into the existing module. That leaves two paths for future maintainers to understand and can hide the code that is actually wired into the app.
frontends/tuiapp_v2.py:1 qualitylegacy
medium Legacy software dependency conf 0.70 Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
docs/installation_zh.md:38 dependencylegacy
medium Legacy quality quality conf 0.78 Suspicious implementation file appears unreferenced
A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path.
frontends/tuiapp_v2.py:1 qualitylegacy
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — agentmain.py:194
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — frontends/desktop_bridge.py:571
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — ga_cli/cli.py:132
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — memory/adb_ui.py:80
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — memory/vision_api.template.py:81
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer security coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
coverageauth
medium 9-layer cicd coverage conf 1.00 No CI/CD pipelines detected
No GitHub Actions, GitLab CI, or CircleCI configs found. Without CI you can't gate deploys on tests/lints.
coverage
medium 9-layer data coverage conf 1.00 ORM models found but no DB engine detected
The repo defines tables/models but no DB connection string was found. Likely lives in env vars or a config file the scanner didn't read.
coverage
medium 9-layer quality tests conf 1.00 Very low test-to-source ratio
0 test file(s) for 61 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.
testscoverage
{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/6356c847-6391-4ef0-ab26-f9c0d2936561/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/6356c847-6391-4ef0-ab26-f9c0d2936561/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.