Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

DanOps-1/Gpt-Agreement-Payment

https://github.com/DanOps-1/Gpt-Agreement-Payment · scanned 2026-05-17 01:36 UTC (14 hours, 44 minutes ago) · 10 languages

249 findings (16 legacy + 233 scanner) 84th percentile · Python · medium (20-100K LoC) Scanner says 68 (higher by 12)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 14 hours, 43 minutes ago · v2 · 132 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
70.2
/100
Repobility
73
16 legacy
9-layer
68
100.0% cov · 116 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: layer: quality × excluding tests × Reset all
Severity: Critical 0 High 31 Medium 5 Low 94 Source: Legacy 16 9-layer 116 Crowd 0 Layer: Security 28 Quality 32 Software 31 Frontend 2 Cicd 2 Api 37
Scan summary Repository scanned at 67.5/100 with 100.0% coverage. It contains 1435 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 116 findings — concentrated in api (37), software (28), quality (24). Risk profile is high: 0 critical, 22 high, 1 medium. Recommended next step: open the api layer findings first — that's where the highest-impact wins live.

Showing 32 of 132 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
CTF-pay/hcaptcha_auto_solver.py:3042 error_handlinglegacy
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
CTF-pay/gopay.py:162 error_handlinglegacy
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
CTF-pay/card.py:158 error_handlinglegacy
medium Legacy quality quality conf 0.73 Codex session log reader may expose prompts or tool-call content
Codex session JSONL files can contain prompts, tool events, paths, and operational metadata, not only token counts. Token dashboards and exporters should avoid retaining or sharing raw session text.
CTF-reg/auth_flow.py:174 qualitylegacy
medium Legacy quality quality conf 0.80 localStorage write failures are swallowed silently
localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.
webui/frontend/src/views/Run.vue:575 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
webui/frontend/src/views/Setup.vue:28 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
webui/frontend/src/components/steps/Step09_VLM.vue:13 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
webui/frontend/src/components/steps/Step08_Captcha.vue:12 qualitylegacy
low 9-layer quality integrity conf 1.00 Legacy-named symbol `sentinel_v1_legacy` in CTF-reg/sentinel.py:7
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `wa_otp_legacy` in webui/backend/db.py:23
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: pipeline.py:list_subdomains, pipeline.py:list_subdomains This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: pipeline.py:provision, pipeline.py:provision This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: pipeline.py:delete_subdomain, pipeline.py:delete_subdomain This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: pipeline.py:pick, pipeline.py:pick This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: webui/server.py:spa_webui, webui/server.py:spa This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: webui/backend/link_state.py:mark_linked, webui/backend/link_state.py:mark_unlinked This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: CTF-reg/sentinel.py:fetch_sentinel_challenge, CTF-reg/sentinel.py:build_sentinel_token This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: CTF-reg/sentinel.py:get_sentinel_token, CTF-reg/sentinel_v1_legacy.py:get_sentinel_token This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: CTF-pay/card.py:create_paypal_payment_method, CTF-pay/card.py:create_gopay_payment_method This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: CTF-pay/hcaptcha_auto_solver.py:solve_hop_animals_cutout, CTF-pay/hcaptcha_auto_solver.py:solve_hop_animals This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: CTF-pay/hcaptcha_auto_solver.py:solve_hidden_under_reference, CTF-pay/hcaptcha_auto_solver.py:solve_road_completion, CTF-pay/hcaptcha_auto_solver.py:solve_dissolve_melt This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — se…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: CTF-pay/hcaptcha_auto_solver.py:solve_float_on_water, CTF-pay/hcaptcha_auto_solver.py:solve_hot_food, CTF-pay/hcaptcha_auto_solver.py:solve_shiny_thing, CTF-pay/hcaptcha_auto_solver.py:solve_kept_outside This is *the* AI-coder failure mode (4× more d…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: CTF-pay/gopay.py:provider, CTF-pay/gopay.py:provider, CTF-pay/gopay.py:provider, CTF-pay/gopay.py:provider This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Stub function `log_message` (body is just `pass`/`return`) — CTF-pay/card.py:3848
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `log_message` (body is just `pass`/`return`) — CTF-pay/local_mock_gateway.py:130
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality complexity conf 1.00 Very large file: CTF-pay/card.py (8865 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: CTF-pay/gopay.py (1310 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: CTF-pay/hcaptcha_auto_solver.py (4228 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: CTF-reg/auth_flow.py (2608 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: pipeline.py (3720 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in CTF-reg/browser_register.py:271
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in CTF-pay/card.py:2546
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/6af2fc05-432f-4cf8-b415-4aa1a7b84868/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/6af2fc05-432f-4cf8-b415-4aa1a7b84868/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.