LearnPrompt/ai-news-radar

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

53 of your 58 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

https://github.com/LearnPrompt/ai-news-radar · scanned 2026-06-05 19:27 UTC (4 days, 15 hours ago) · 10 languages

124 raw signals (58 security + 66 graph) 11/13 scanners ran 71st percentile · Python · small (2-20K LoC) System graph score 92 (lower by 15)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 15 hours ago · v2 · 37 actionable findings from 2 signal sources. 29 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON

88.9% cov · 29 findings

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	55.0	0.15	8.25
`security_score`	100.0	0.25	25.00
`testing_score`	100.0	0.20	20.00
`documentation_score`	52.0	0.15	7.80
`practices_score`	72.0	0.15	10.80
`code_quality`	53.0	0.10	5.30
Overall		1.00	77.1

security_score may be inflated — optional security scanners were skipped on this fast scan

Severity distribution — click a segment to filter

Active filters: excluding tests × Reset all

Severity: Critical 0 High 1 Medium 4 Low 27 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 8 System graph 29 Crowd 0 Layer: Quality 10 Cicd 2 Software 22 Api 1 Frontend 1 Security 1

Exclude dismissed / FP Exclude test files

Scan summary Quality grade B+ (77/100). Dimensions: security 100, maintainability 55. 58 findings (2 security). 7,024 lines analyzed.

Showing 32 of 37 actionable findings. 66 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility [MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes.

Add `import html` at the top of the file.

scripts/update_news.py:1974

low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 4 occurrences GitHub Action is tag-pinned rather than SHA-pinned

[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lo…

lines 21, 24

.github/workflows/update-news.yml:21, 24 (4 hits)

CI/CD securitySupply chainGitHub Actions

medium Security checks quality Practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

Add a .gitignore appropriate for your language/framework.

low Security checks quality Error handling conf 0.55 ✓ Repobility 25 occurrences Broad exception handler needs review

This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.

lines 163, 202, 209, 235, 259, 311, 317, 369, +17 more

scripts/update_news.py:163, 202, 209, 235, 259, 311, 317, 369, +17 more (25 hits)

Error handlingquality

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — assets/app.js:1059

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph cicd CI/CD security conf 1.00 GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

.github/workflows/update-news.yml CI/CD securitySupply chainGithub actions

medium System graph security Coverage conf 1.00 No auth library detected

The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.

auth

low Security checks quality Documentation No LICENSE file

Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft).

low System graph software Dead code candidate conf 1.00 File has no detected symbols: assets/motion.js

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: tests/conftest.py

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph quality Integrity conf 1.00 3 occurrences Near-duplicate function bodies in 2 places

Functions with the same first-5-line body hash: scripts/ai_relevance.py:contains_meaningful_ai_signal, scripts/update_news.py:contains_meaningful_ai_signal This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why…

3 occurrences

repo-level (3 hits)

duplicatesduplication

low System graph software Dead code conf 1.00 Possibly dead Python function: env_float