Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

claude-code-templates

https://github.com/davila7/claude-code-templates.git · scanned 2026-05-17 03:09 UTC (13 hours, 11 minutes ago) · 10 languages

903 findings (15 legacy + 888 scanner) 8/10 scanners ran 68th percentile · Python · small (2-20K LoC) Scanner says 50 (higher by 28)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 13 hours, 11 minutes ago · v2 · 459 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
64.4
/100
Repobility
79
15 legacy
9-layer
50
100.0% cov · 444 gaps
Critical
10
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: severity: high × excluding tests × Reset all
Severity: Critical 10 High 49 Medium 101 Low 268 Source: Legacy 15 9-layer 444 Crowd 0 Layer: Quality 144 Security 37 Software 77 Frontend 93 Network 10 Hardware 1 Cicd 20 Api 77
Scan summary Repository scanned at 49.5/100 with 100.0% coverage. It contains 13159 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 444 findings — concentrated in quality (134), frontend (93), api (77). Risk profile is high: 10 critical, 44 high, 98 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 49 of 459 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
cli-tool/components/hooks/automation/telegram-pr-webhook.py:83 ssrflegacy
high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
cli-tool/.claude/sandbox/cloudflare/src/index.ts:34 ssrflegacy
high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
.claude/hooks/telegram-pr-webhook.py:83 ssrflegacy
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/live-task/control (dashboard/src/components/live-task/LiveTaskPanel.tsx:38)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:38` calls `GET /api/live-task/control` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/control` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/live-task/cycles?limit=20 (dashboard/src/components/live-task/LiveTaskPanel.tsx:30)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:30` calls `GET /api/live-task/cycles?limit=20` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/cycles` If this points at an external API, prefix it with…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/live-task/tools?cycle_id=${cycleId} (dashboard/src/components/live-task/LiveTaskPanel.tsx:46)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:46` calls `GET /api/live-task/tools?cycle_id=${cycleId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/tools` If this points at an external API, prefi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /claude-jobs.json (dashboard/src/components/JobsPreview.tsx:74)
`dashboard/src/components/JobsPreview.tsx:74` calls `GET /claude-jobs.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/claude-jobs.json` If this points at an external API, prefix it with `https://` so the matche…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /claude-jobs.json (dashboard/src/components/JobsView.tsx:96)
`dashboard/src/components/JobsView.tsx:96` calls `GET /claude-jobs.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/claude-jobs.json` If this points at an external API, prefix it with `https://` so the matcher s…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /trending-data.json (dashboard/src/components/TrendingView.tsx:59)
`dashboard/src/components/TrendingView.tsx:59` calls `GET /trending-data.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/trending-data.json` If this points at an external API, prefix it with `https://` so the m…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://aitmpl.com/api/agents.json (cli-tool/src/index.js:1464)
`cli-tool/src/index.js:1464` calls `GET https://aitmpl.com/api/agents.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/aitmpl.com/api/agents.json` If this points at an external API, prefix it with `https:…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://aitmpl.com/components.json (api/discord/interactions.js:24)
`api/discord/interactions.js:24` calls `GET https://aitmpl.com/components.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/aitmpl.com/components.json` If this points at an external API, prefix it with `ht…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/${GITHUB_CONFIG.owner}/${GITHUB_CONFIG.repo}/contents/cli-tool/components/${type}/${file.name} (docs/js/script.js:1256)
`docs/js/script.js:1256` calls `GET https://api.github.com/repos/${GITHUB_CONFIG.owner}/${GITHUB_CONFIG.repo}/contents/cli-tool/components/${type}/${file.name}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents (cli-tool/src/index.js:1479)
`cli-tool/src/index.js:1479` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/davi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents (cli-tool/src/sdk/global-agent-manager.js:546)
`cli-tool/src/sdk/global-agent-manager.js:546` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.git…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents (cli-tool/src/sdk/global-agent-manager.js:581)
`cli-tool/src/sdk/global-agent-manager.js:581` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.git…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name} (cli-tool/src/index.js:1523)
`cli-tool/src/index.js:1523` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.c…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name} (cli-tool/src/sdk/global-agent-manager.js:595)
`cli-tool/src/sdk/global-agent-manager.js:595` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/h…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://code.claude.com/docs (cloudflare-workers/docs-monitor/index.js:15)
`cloudflare-workers/docs-monitor/index.js:15` calls `GET https://code.claude.com/docs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/code.claude.com/docs` If this points at an external API, prefix it with `h…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://raw.githubusercontent.com/davila7/claude-code-templates/main/cli-tool/components/.claude-plugin/marketplace.json (docs/js/component-page.js:514)
`docs/js/component-page.js:514` calls `GET https://raw.githubusercontent.com/davila7/claude-code-templates/main/cli-tool/components/.claude-plugin/marketplace.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (api/claude-code-check.js:13)
`api/claude-code-check.js:13` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at an external API, pref…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (api/claude-code-monitor/check-version.js:13)
`api/claude-code-monitor/check-version.js:13` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at an ex…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (api/claude-code-monitor/webhook.js:24)
`api/claude-code-monitor/webhook.js:24` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at an external…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (dashboard/src/pages/api/claude-code-check.ts:10)
`dashboard/src/pages/api/claude-code-check.ts:10` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at a…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://www.aitmpl.com/components.json (dashboard/src/pages/api/discord/interactions.ts:29)
`dashboard/src/pages/api/discord/interactions.ts:29` calls `GET https://www.aitmpl.com/components.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/components.json` If this points at an exte…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/collections/share (dashboard/src/components/MyComponentsView.tsx:598)
`dashboard/src/components/MyComponentsView.tsx:598` calls `POST /api/collections/share` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collections/share` If this points at an external API, prefix it with `https://` …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/live-task/control (dashboard/src/components/live-task/LiveTaskPanel.tsx:112)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:112` calls `POST /api/live-task/control` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/control` If this points at an external API, prefix it with `htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://github.com/login/oauth/access_token (dashboard/src/pages/api/github/token.ts:24)
`dashboard/src/pages/api/github/token.ts:24` calls `POST https://github.com/login/oauth/access_token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/github.com/login/oauth/access_token` If this points at an e…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.aitmpl.com/api/track-command-usage (cli-tool/src/tracking-service.js:262)
`cli-tool/src/tracking-service.js:262` calls `POST https://www.aitmpl.com/api/track-command-usage` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/api/track-command-usage` If this points at an e…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.aitmpl.com/api/track-download-supabase (cli-tool/src/tracking-service.js:132)
`cli-tool/src/tracking-service.js:132` calls `POST https://www.aitmpl.com/api/track-download-supabase` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/api/track-download-supabase` If this points…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.aitmpl.com/api/track-installation-outcome (cli-tool/src/tracking-service.js:338)
`cli-tool/src/tracking-service.js:338` calls `POST https://www.aitmpl.com/api/track-installation-outcome` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/api/track-installation-outcome` If this …
wiringdangling-fetchfetch
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-00-49-17/humaneval-solutions/160.py:29
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-00-49-17/humaneval-solutions/160.py:29 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:894
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:894 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:902
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:902 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:1072
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:1072 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:1080
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:1080 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/humaneval-loki-solutions/160.py:34
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/humaneval-loki-solutions/160.py:34 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/scientific/torch_geometric/scripts/benchmark_model.py:97
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/scientific/torch_geometric/scripts/benchmark_model.py:97 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:63
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:63 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/utilities/playwright-skill/lib/helpers.js:174
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/utilities/playwright-skill/lib/helpers.js:174 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:304
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:304 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:312
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:312 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:364
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:364 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:372
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:372 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:64
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:64 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/src/analytics/core/ProcessDetector.js:32
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/src/analytics/core/ProcessDetector.js:32 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/src/claude-api-proxy.js:359
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/src/claude-api-proxy.js:359 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/src/console-bridge.js:130
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/src/console-bridge.js:130 owaspexec_used
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
cli-tool/components/hooks/monitoring/context-timeline.py:171 error_handlinglegacy
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
cli-tool/components/agents/obsidian-ops-team/Scripts/daily_notes_connector.py:264 error_handlinglegacy
{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/a656f031-2648-4f24-9993-6b291c9bf048/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/a656f031-2648-4f24-9993-6b291c9bf048/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.