Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

snapotter-hq/SnapOtter

https://github.com/snapotter-hq/SnapOtter · scanned 2026-05-17 01:37 UTC (14 hours, 42 minutes ago) · 10 languages

708 findings (58 legacy + 650 scanner) 8/10 scanners ran 98th percentile · Typescript · large (100-500K LoC) Scanner says 53 (higher by 34)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 14 hours, 41 minutes ago · v2 · 383 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
67.6
/100
Repobility
82
58 legacy
9-layer
53
100.0% cov · 325 gaps
Critical
38
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: layer: security × excluding tests × Reset all
Severity: Critical 38 High 16 Medium 47 Low 219 Source: Legacy 58 9-layer 325 Crowd 0 Layer: Security 49 Cicd 13 Quality 149 Software 67 Frontend 43 Hardware 7 Api 55
Scan summary Repository scanned at 53.0/100 with 100.0% coverage. It contains 3614 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 325 findings — concentrated in quality (116), software (64), api (55). Risk profile is high: 35 critical, 7 high, 34 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 45 of 383 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Legacy security credential_exposure conf 0.90 [SEC001] Hardcoded Password: Hardcoded password found in source code.
Use environment variables or a secrets manager.
docker/entrypoint.sh:8 credential_exposurelegacy
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ar.ts:1667 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ar.ts:1686 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/de.ts:1692 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/de.ts:1714 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/en.ts:1626 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/en.ts:1646 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/es.ts:1671 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/es.ts:1692 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/fr.ts:1690 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/fr.ts:1712 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/hi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/hi.ts:1663 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/hi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/hi.ts:1683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/id.ts:1679 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/id.ts:1699 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/it.ts:1684 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/it.ts:1705 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ja.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ja.ts:1656 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ko.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ko.ts:1641 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/nl.ts:1682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/nl.ts:1702 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/pl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/pl.ts:1709 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/pt-BR.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/pt-BR.ts:1703 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ru.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ru.ts:1681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ru.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ru.ts:1701 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/sv.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/sv.ts:1677 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/sv.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/sv.ts:1697 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/th.ts:1655 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/th.ts:1674 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/tr.ts:1685 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/tr.ts:1706 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/uk.ts:1681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/uk.ts:1702 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/vi.ts:1677 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/vi.ts:1697 secrets
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
packages/ai/python/enhance_faces.py:247 path_traversallegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
packages/ai/python/detect_faces.py:236 path_traversallegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
packages/ai/python/colorize.py:177 path_traversallegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time.
apps/web/src/pages/login-page.tsx:212 authlegacy
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in packages/ai/python/noise_removal.py:328
Found a known-risky pattern (eval_used). Review and replace if possible.
packages/ai/python/noise_removal.py:328 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/ai/python/dispatcher.py:235
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/ai/python/dispatcher.py:235 owaspexec_used
medium Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
apps/api/src/routes/docs.ts:147 deserializationlegacy
medium Legacy security auth conf 0.82 Browser storage is used for session token material
Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens.
apps/web/src/lib/api.ts:160 authlegacy
medium Legacy security auth conf 0.82 Browser storage is used for session token material
Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens.
apps/web/src/lib/api.ts:49 authlegacy
medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/landing/src/components/json-ld.tsx:6
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/landing/src/components/json-ld.tsx:6 owaspdangerous_innerhtml
{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/74b4c143-ebfb-420c-bd4a-ca532718732c/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/74b4c143-ebfb-420c-bd4a-ca532718732c/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.