Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Scan timing: clone 12.43s · analysis 4.41s · 33.5 MB · GitHub API rate-limit (preflight)

rohitg00/agentmemory

https://github.com/rohitg00/agentmemory · scanned 2026-05-24 01:20 UTC (2 weeks, 6 days ago) · 10 languages

359 raw signals (105 security + 254 graph) 11/13 scanners ran 98th percentile · Typescript · medium (20-100K LoC) System graph score 72 (higher by 18)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 2 weeks, 6 days ago · v2 · last Δ -14.9 (diff) · 157 actionable findings from 2 signal sources. 97 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
81.7
/100
Security checks
92
28 findings
System graph
72
100.0% cov · 129 findings
Critical
0
click to filter
Agents
6
16 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 100.0 0.25 25.00
testing_score 90.0 0.20 18.00
documentation_score 100.0 0.15 15.00
practices_score 82.0 0.15 12.30
code_quality 70.0 0.10 7.00
Overall 1.00 90.0
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: severity: medium × excluding tests × Reset all
Severity: Critical 0 High 9 Medium 14 Low 74 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 28 System graph 129 Crowd 0 Layer: Cicd 8 Quality 83 Security 2 Software 45 Api 1 Frontend 11 Hardware 7
Scan summary Quality grade A (90/100). Dimensions: security 100, maintainability 85. 105 findings (15 security). 65,916 lines analyzed.

Showing 14 of 157 actionable findings. 254 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
3 files, 3 locations
plugin/scripts/session-start.mjs:44
plugin/scripts/subagent-start.mjs:42
src/eval/metrics-store.ts:46
1.0 TP · 0 FP
medium Security checks quality Quality conf 0.73 Codex session log reader may expose prompts or tool-call content
Parse only usage metadata by default. Redact prompts, tool arguments, file paths, and message content before storage, telemetry, export, screenshots, or support bundles.
src/cli.ts:120
medium Security checks cicd CI/CD security conf 0.90 Docker build context has no .dockerignore
Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases.
.dockerignore CI/CD securitycontainers
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — eval/runner/adapters/agentmemory.ts:48
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — eval/runner/adapters/vector.ts:13
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — src/providers/openai.ts:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/integration.test.ts:44
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/mcp-standalone.test.ts:35
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — website/lib/github.ts:21
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph hardware Security conf 1.00 Dockerfile runs as root: deploy/coolify/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: deploy/fly/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: deploy/railway/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: deploy/render/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph cicd CI/CD security conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/publish.yml CI/CD securitySupply chainGithub actions
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/a3e7255e-87b7-421d-bfd1-aaa36403fd4c/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/a3e7255e-87b7-421d-bfd1-aaa36403fd4c/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.