Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

telagod/code-abyss

https://github.com/telagod/code-abyss.git · scanned 2026-05-16 08:42 UTC (4 weeks ago) · 10 languages

98 raw signals (9 security + 89 graph) 68th percentile · Javascript · small (2-20K LoC) System graph score 88 (lower by 11)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 weeks ago · v1 · 5 actionable findings from 1 signal source. 2 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
81.8
/100
Security checks
75
5 findings
System graph
88
88.9% cov · 0 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 2 Medium 1 Low 2 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 5 System graph 0 Crowd 0 Layer: Quality 3 Security 2
Scan summary Quality grade B+ (77/100). Dimensions: security 89, maintainability 60. 9 findings. 16,456 lines analyzed.

Showing 5 of 5 actionable findings. 7 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks security path traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
skills/processing-pdfs/scripts/create_validation_image.py:16
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
skills/creating-presentations/scripts/rearrange.py:124
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
skills/creating-presentations/scripts/inventory.py:384
medium Security checks security path traversal conf 1.00 3 occurrences [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
3 files, 3 locations
skills/processing-docx/ooxml/scripts/unpack.py:17
skills/processing-docx/ooxml/scripts/validation/base.py:891
skills/processing-docx/ooxml/scripts/validation/redlining.py:70
high Security checks quality Quality conf 0.74 Codex auth.json is read or copied without visible secret-file hardening
Tools that read or switch Codex CLI auth files handle OAuth/session material. Plain file copies, account switchers, and token readers should enforce narrow permissions and avoid printing or exporting token values.
bin/adapters/codex.js:464
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/8ccc99bd-26dd-4cf2-b4e8-79ed2b59c3b0/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/8ccc99bd-26dd-4cf2-b4e8-79ed2b59c3b0/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.