Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

claude-code-templates

https://github.com/davila7/claude-code-templates.git · scanned 2026-05-17 03:09 UTC (14 hours, 14 minutes ago) · 10 languages

903 findings (15 legacy + 888 scanner) 8/10 scanners ran 68th percentile · Python · small (2-20K LoC) Scanner says 50 (higher by 28)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 14 hours, 14 minutes ago · v2 · 459 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
64.4
/100
Repobility
79
15 legacy
9-layer
50
100.0% cov · 444 gaps
Critical
10
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 10 High 49 Medium 101 Low 268 Source: Legacy 15 9-layer 444 Crowd 0 Layer: Quality 144 Security 37 Software 77 Frontend 93 Network 10 Hardware 1 Cicd 20 Api 77
Scan summary Repository scanned at 49.5/100 with 100.0% coverage. It contains 13159 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 444 findings — concentrated in quality (134), frontend (93), api (77). Risk profile is high: 10 critical, 44 high, 98 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 456 of 459 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical 9-layer security owasp conf 1.00 Insecure pattern 'private_key_in_repo' in cloudflare-workers/pulse/index.js:572
Found a known-risky pattern (private_key_in_repo). Review and replace if possible.
cloudflare-workers/pulse/index.js:572 owaspprivate_key_in_repo
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/cosmic-database/scripts/download_cosmic.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/cosmic-database/scripts/download_cosmic.py:14 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/cosmic-database/scripts/download_cosmic.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/cosmic-database/scripts/download_cosmic.py:203 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/labarchive-integration/scripts/setup_config.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/labarchive-integration/scripts/setup_config.py:52 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/labarchive-integration/scripts/setup_config.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/labarchive-integration/scripts/setup_config.py:58 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/labarchive-integration/scripts/setup_config.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/labarchive-integration/scripts/setup_config.py:60 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/research-lookup/lookup.py
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/research-lookup/lookup.py:61 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/research-lookup/research_lookup.py
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/research-lookup/research_lookup.py:333 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/scientific/research-lookup/scripts/research_lookup.py
Detected pattern matching generic_api_key. Rotate the credential and move to a secret manager.
cli-tool/components/skills/scientific/research-lookup/scripts/research_lookup.py:333 secrets
critical 9-layer security secrets conf 1.00 Possible secret in cli-tool/components/skills/utilities/playwright-skill/lib/helpers.js
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
cli-tool/components/skills/utilities/playwright-skill/lib/helpers.js:208 secrets
high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
cli-tool/components/hooks/automation/telegram-pr-webhook.py:83 ssrflegacy
high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
cli-tool/.claude/sandbox/cloudflare/src/index.ts:34 ssrflegacy
high Legacy software ssrf conf 1.00 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches.
Validate the URL against an allowlist BEFORE fetching: ALLOWED = {'images.example.com', 'cdn.example.com'} host = urlparse(url).hostname if host not in ALLOWED: abort(400) Or use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request h…
.claude/hooks/telegram-pr-webhook.py:83 ssrflegacy
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/live-task/control (dashboard/src/components/live-task/LiveTaskPanel.tsx:38)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:38` calls `GET /api/live-task/control` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/control` If this points at an external API, prefix it with `https…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/live-task/cycles?limit=20 (dashboard/src/components/live-task/LiveTaskPanel.tsx:30)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:30` calls `GET /api/live-task/cycles?limit=20` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/cycles` If this points at an external API, prefix it with…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /api/live-task/tools?cycle_id=${cycleId} (dashboard/src/components/live-task/LiveTaskPanel.tsx:46)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:46` calls `GET /api/live-task/tools?cycle_id=${cycleId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/tools` If this points at an external API, prefi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /claude-jobs.json (dashboard/src/components/JobsPreview.tsx:74)
`dashboard/src/components/JobsPreview.tsx:74` calls `GET /claude-jobs.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/claude-jobs.json` If this points at an external API, prefix it with `https://` so the matche…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /claude-jobs.json (dashboard/src/components/JobsView.tsx:96)
`dashboard/src/components/JobsView.tsx:96` calls `GET /claude-jobs.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/claude-jobs.json` If this points at an external API, prefix it with `https://` so the matcher s…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET /trending-data.json (dashboard/src/components/TrendingView.tsx:59)
`dashboard/src/components/TrendingView.tsx:59` calls `GET /trending-data.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/trending-data.json` If this points at an external API, prefix it with `https://` so the m…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://aitmpl.com/api/agents.json (cli-tool/src/index.js:1464)
`cli-tool/src/index.js:1464` calls `GET https://aitmpl.com/api/agents.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/aitmpl.com/api/agents.json` If this points at an external API, prefix it with `https:…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://aitmpl.com/components.json (api/discord/interactions.js:24)
`api/discord/interactions.js:24` calls `GET https://aitmpl.com/components.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/aitmpl.com/components.json` If this points at an external API, prefix it with `ht…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/${GITHUB_CONFIG.owner}/${GITHUB_CONFIG.repo}/contents/cli-tool/components/${type}/${file.name} (docs/js/script.js:1256)
`docs/js/script.js:1256` calls `GET https://api.github.com/repos/${GITHUB_CONFIG.owner}/${GITHUB_CONFIG.repo}/contents/cli-tool/components/${type}/${file.name}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents (cli-tool/src/index.js:1479)
`cli-tool/src/index.js:1479` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/davi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents (cli-tool/src/sdk/global-agent-manager.js:546)
`cli-tool/src/sdk/global-agent-manager.js:546` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.git…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents (cli-tool/src/sdk/global-agent-manager.js:581)
`cli-tool/src/sdk/global-agent-manager.js:581` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.git…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name} (cli-tool/src/index.js:1523)
`cli-tool/src/index.js:1523` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.c…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name} (cli-tool/src/sdk/global-agent-manager.js:595)
`cli-tool/src/sdk/global-agent-manager.js:595` calls `GET https://api.github.com/repos/davila7/claude-code-templates/contents/cli-tool/components/agents/${item.name}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/h…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://code.claude.com/docs (cloudflare-workers/docs-monitor/index.js:15)
`cloudflare-workers/docs-monitor/index.js:15` calls `GET https://code.claude.com/docs` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/code.claude.com/docs` If this points at an external API, prefix it with `h…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://raw.githubusercontent.com/davila7/claude-code-templates/main/cli-tool/components/.claude-plugin/marketplace.json (docs/js/component-page.js:514)
`docs/js/component-page.js:514` calls `GET https://raw.githubusercontent.com/davila7/claude-code-templates/main/cli-tool/components/.claude-plugin/marketplace.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (api/claude-code-check.js:13)
`api/claude-code-check.js:13` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at an external API, pref…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (api/claude-code-monitor/check-version.js:13)
`api/claude-code-monitor/check-version.js:13` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at an ex…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (api/claude-code-monitor/webhook.js:24)
`api/claude-code-monitor/webhook.js:24` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at an external…
wiringdangling-fetchaxios
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${NPM_PACKAGE}/latest (dashboard/src/pages/api/claude-code-check.ts:10)
`dashboard/src/pages/api/claude-code-check.ts:10` calls `GET https://registry.npmjs.org/${NPM_PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at a…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://www.aitmpl.com/components.json (dashboard/src/pages/api/discord/interactions.ts:29)
`dashboard/src/pages/api/discord/interactions.ts:29` calls `GET https://www.aitmpl.com/components.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/components.json` If this points at an exte…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/collections/share (dashboard/src/components/MyComponentsView.tsx:598)
`dashboard/src/components/MyComponentsView.tsx:598` calls `POST /api/collections/share` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/collections/share` If this points at an external API, prefix it with `https://` …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/live-task/control (dashboard/src/components/live-task/LiveTaskPanel.tsx:112)
`dashboard/src/components/live-task/LiveTaskPanel.tsx:112` calls `POST /api/live-task/control` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/live-task/control` If this points at an external API, prefix it with `htt…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://github.com/login/oauth/access_token (dashboard/src/pages/api/github/token.ts:24)
`dashboard/src/pages/api/github/token.ts:24` calls `POST https://github.com/login/oauth/access_token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/github.com/login/oauth/access_token` If this points at an e…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.aitmpl.com/api/track-command-usage (cli-tool/src/tracking-service.js:262)
`cli-tool/src/tracking-service.js:262` calls `POST https://www.aitmpl.com/api/track-command-usage` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/api/track-command-usage` If this points at an e…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.aitmpl.com/api/track-download-supabase (cli-tool/src/tracking-service.js:132)
`cli-tool/src/tracking-service.js:132` calls `POST https://www.aitmpl.com/api/track-download-supabase` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/api/track-download-supabase` If this points…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.aitmpl.com/api/track-installation-outcome (cli-tool/src/tracking-service.js:338)
`cli-tool/src/tracking-service.js:338` calls `POST https://www.aitmpl.com/api/track-installation-outcome` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.aitmpl.com/api/track-installation-outcome` If this …
wiringdangling-fetchfetch
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-00-49-17/humaneval-solutions/160.py:29
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-00-49-17/humaneval-solutions/160.py:29 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:894
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:894 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:902
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:902 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:1072
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:1072 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:1080
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:1080 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/humaneval-loki-solutions/160.py:34
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/humaneval-loki-solutions/160.py:34 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/scientific/torch_geometric/scripts/benchmark_model.py:97
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/scientific/torch_geometric/scripts/benchmark_model.py:97 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:63
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:63 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in cli-tool/components/skills/utilities/playwright-skill/lib/helpers.js:174
Found a known-risky pattern (eval_used). Review and replace if possible.
cli-tool/components/skills/utilities/playwright-skill/lib/helpers.js:174 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:304
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-predictions.json:304 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:312
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-01-24-17/swebench-results.json:312 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:364
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-predictions.json:364 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:372
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/ai-research/loki-mode/benchmarks/results/2026-01-05-10-37-54/swebench-loki-results.json:372 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:64
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:64 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/src/analytics/core/ProcessDetector.js:32
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/src/analytics/core/ProcessDetector.js:32 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/src/claude-api-proxy.js:359
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/src/claude-api-proxy.js:359 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in cli-tool/src/console-bridge.js:130
Found a known-risky pattern (exec_used). Review and replace if possible.
cli-tool/src/console-bridge.js:130 owaspexec_used
medium Legacy security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.
authlegacy
medium Legacy quality practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
Add a .gitignore appropriate for your language/framework.
practiceslegacy
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
cli-tool/components/hooks/monitoring/context-timeline.py:171 error_handlinglegacy
high Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
cli-tool/components/agents/obsidian-ops-team/Scripts/daily_notes_connector.py:264 error_handlinglegacy
medium Legacy quality quality conf 0.78 Public web service has no security.txt
Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored.
.well-known/security.txt qualitylegacy
medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — dashboard/src/components/MarkdownViewer.tsx:426
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
frontend-qualityfq.dangerous-html
medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — dashboard/src/components/SkillExplorer.tsx:490
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
frontend-qualityfq.dangerous-html
medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — dashboard/src/components/SkillSlideView.tsx:395
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
frontend-qualityfq.dangerous-html
medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — dashboard/src/components/TypeIcon.tsx:5
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
frontend-qualityfq.dangerous-html
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cli-tool/components/sandbox/cloudflare/launcher.ts:330
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cli-tool/components/sandbox/cloudflare/src/index.ts:33
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cli-tool/components/skills/ai-research/loki-mode/examples/todo-app-generated/frontend/src/api/todos.ts:15
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cli-tool/src/index.js:530
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cli-tool/src/sdk/global-agent-manager.js:63
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cli-tool/src/tracking-service.js:132
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cloudflare-workers/crons/index.js:24
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cloudflare-workers/docs-monitor/index.js:91
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — cloudflare-workers/pulse/index.js:28
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dashboard/src/components/live-task/LiveTaskPanel.tsx:112
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dashboard/src/lib/github-api.ts:32
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dashboard/src/pages/api/claude-code-check.ts:10
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — dashboard/src/pages/api/discord/interactions.ts:29
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — docs/js/component-page.js:514
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — docs/js/data-loader.js:37
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — docs/js/index-events.js:1150
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — docs/js/script.js:48
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — docs/js/search-functionality.js:172
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
anthropics/claude-code-action@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/claude-code-review.yml:36 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
anthropics/claude-code-action@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/claude.yml:35 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/claude-code-review.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/claude.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/release.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/publish-package.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/update-json-data.yml supply-chaingithub-actionsleast-privilege
medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:70
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:70 owaspdangerous_innerhtml
medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in dashboard/src/components/MarkdownViewer.tsx:426
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
dashboard/src/components/MarkdownViewer.tsx:426 owaspdangerous_innerhtml
medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in dashboard/src/components/SkillExplorer.tsx:490
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
dashboard/src/components/SkillExplorer.tsx:490 owaspdangerous_innerhtml
medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in dashboard/src/components/SkillSlideView.tsx:395
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
dashboard/src/components/SkillSlideView.tsx:395 owaspdangerous_innerhtml
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in cli-tool/components/skills/development/typescript-expert/scripts/ts_diagnostic.py:16
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
cli-tool/components/skills/development/typescript-expert/scripts/ts_diagnostic.py:16 owaspsubprocess_shell_true
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:67
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:67 owaspsubprocess_shell_true
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/hooks/monitoring/context-timeline.py:1109
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/hooks/security/secret-scanner.py:320
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/sandbox/e2b/e2b-launcher.py:37
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/settings/statusline/context-monitor.py:24
`subprocess.check_output(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/settings/statusline/deadline-countdown.py:35
`subprocess.check_output(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/development/skill-creator/scripts/run_eval.py:85
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/development/skill-development/scripts/run_eval.py:85
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/doc/scripts/render_docx.py:101
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/docx-official/scripts/office/soffice.py:14
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/docx-official/scripts/office/validators/redlining.py:138
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/docx/ooxml/scripts/validation/redlining.py:153
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/docx/scripts/office/soffice.py:14
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/docx/scripts/office/validators/redlining.py:138
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/pptx-official/scripts/office/soffice.py:14
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/pptx-official/scripts/office/validators/redlining.py:138
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/pptx-official/scripts/thumbnail.py:161
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/pptx/ooxml/scripts/validation/redlining.py:153
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/pptx/scripts/office/soffice.py:14
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/pptx/scripts/office/validators/redlining.py:138
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/pptx/scripts/thumbnail.py:161
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx-official/recalc.py:92
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx-official/scripts/office/soffice.py:14
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx-official/scripts/office/validators/redlining.py:138
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx-official/scripts/recalc.py:92
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx/recalc.py:92
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx/scripts/office/soffice.py:14
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx/scripts/office/validators/redlining.py:138
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/document-processing/xlsx/scripts/recalc.py:92
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/media/screenshot/scripts/take_screenshot.py:237
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/productivity/notebooklm/scripts/__init__.py:53
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/productivity/notebooklm/scripts/run.py:38
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/productivity/notebooklm/scripts/setup_environment.py:62
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/productivity/skill-creator/scripts/run_eval.py:85
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/biomni/scripts/setup_environment.py:47
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/clinicaltrials-database/scripts/query_clinicaltrials.py:87
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/clinpgx-database/scripts/query_clinpgx.py:36
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/document-skills/docx/ooxml/scripts/validation/redlining.py:153
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/document-skills/pptx/ooxml/scripts/validation/redlining.py:153
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/document-skills/pptx/scripts/thumbnail.py:219
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/document-skills/xlsx/recalc.py:92
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/ensembl-database/scripts/ensembl_query.py:159
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/generate-image/scripts/generate_image.py:144
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/labarchive-integration/scripts/entry_operations.py:172
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/reactome-database/scripts/reactome_query.py:36
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/uniprot-database/scripts/uniprot_client.py:61
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/scientific/uspto-database/scripts/patent_search.py:70
`requests.post(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/security/security-ownership-map/scripts/build_ownership_map.py:360
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:324
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — cli-tool/components/skills/security/security-ownership-map/scripts/run_ownership_map.py:195
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — scripts/generate_components_json.py:240
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer network security conf 1.00 Privileged port 10 in use
Port 10 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
cli-tool/components/skills/development/error-resolver/replay/solution-template.yaml securityports
medium 9-layer network security conf 1.00 Privileged port 11 in use
Port 11 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
.github/workflows/daily-component-discord.yml securityports
medium 9-layer network security conf 1.00 Privileged port 13 in use
Port 13 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
.github/workflows/daily-general-discord.yml securityports
medium 9-layer network security conf 1.00 Privileged port 14 in use
Port 14 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
.github/workflows/daily-community-help-discord.yml securityports
medium 9-layer network security conf 1.00 Privileged port 15 in use
Port 15 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
.github/workflows/daily-blog-discord.yml securityports
medium 9-layer network security conf 1.00 Privileged port 16 in use
Port 16 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
.github/workflows/daily-general-discord.yml securityports
medium 9-layer network security conf 1.00 Privileged port 17 in use
Port 17 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
cli-tool/components/hooks/monitoring/langsmith-tracing.sh securityports
medium 9-layer network security conf 1.00 Privileged port 30 in use
Port 30 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
cli-tool/components/skills/development/error-resolver/replay/solution-template.yaml securityports
medium 9-layer network security conf 1.00 Privileged port 44 in use
Port 44 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.
cli-tool/components/hooks/monitoring/langsmith-tracing.sh securityports
medium 9-layer quality tests conf 1.00 Very low test-to-source ratio
35 test file(s) for 1062 source file(s) (ratio 0.03). Consider adding integration or unit tests for critical paths.
testscoverage
low Legacy security auth conf 0.76 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior.
authlegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
cli-tool/components/settings/statusline/deadline-countdown.py:13 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
cli-tool/components/hooks/automation/telegram-pr-webhook.py:1 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
cli-tool/components/agents/obsidian-ops-team/Scripts/tag_standardizer.py:116 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
api/track-download-supabase.js:33 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
api/claude-code-monitor/parser.js:1 qualitylegacy
low Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
api/claude-code-monitor/check-version.js:4 qualitylegacy
low 9-layer quality maintenance conf 1.00 103 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
maintenance
low 9-layer quality integrity conf 1.00 37 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `API_BASE_URL`, `CCT_DEBUG`, `CCT_NO_ANALYTICS`, `CCT_NO_TRACKING`, `CI`, `CLOUDFLARE_WORKER_URL`, `CODEX_SANDBOX`, `CONTEXT_TIMELINE_LIMIT` + 29 more. Add them (with a placeholder/comment) to .env.example so onboarding doesn't break.
integrityconfig-drift
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:22-alpine
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
cli-tool/components/sandbox/docker/Dockerfile:2 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: api/__tests__/endpoints.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/hooks/git/conventional-commits.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/hooks/git/prevent-direct-push.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/hooks/git/validate-branch-name.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/hooks/security/dangerous-command-blocker.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/ai-research/loki-mode/examples/todo-app-generated/backend/src/routes/todos.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/ai-research/loki-mode/examples/todo-app-generated/frontend/src/main.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/ai-research/loki-mode/examples/todo-app-generated/frontend/src/vite-env.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/ai-research/loki-mode/examples/todo-app-generated/frontend/vite.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/creative-design/ui-design-system/scripts/design_token_generator.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/development/webapp-testing/examples/element_discovery.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/development/webapp-testing/examples/static_html_automation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/document-processing/docx/ooxml/scripts/unpack.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/document-processing/pdf-anthropic/scripts/check_fillable_fields.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/document-processing/pdf-official/scripts/check_fillable_fields.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/document-processing/pdf-processing/scripts/check_fillable_fields.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/document-processing/pdf/scripts/check_fillable_fields.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/document-processing/pptx/ooxml/scripts/unpack.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/productivity/notebooklm/scripts/config.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/scientific/brenda-database/scripts/brenda_queries.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/scientific/document-skills/docx/ooxml/scripts/unpack.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/scientific/document-skills/pdf/scripts/check_fillable_fields.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/scientific/document-skills/pptx/ooxml/scripts/unpack.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/scientific/pymc/assets/hierarchical_model_template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/scientific/pymc/assets/linear_regression_template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/scientific/scanpy/assets/analysis_template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/security/webapp-testing/examples/element_discovery.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/components/skills/security/webapp-testing/examples/static_html_automation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/jest.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/unit/DataCache.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/unit/PerformanceMonitor.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/unit/StateCalculator.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/unit/WebSocketServer.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/validation/IntegrityValidator.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/validation/ReferenceValidator.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/validation/SemanticValidator.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/validation/StructuralValidator.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: cli-tool/tests/validation/ValidationOrchestrator.test.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/lib/constants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/lib/live-task/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/lib/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/pages/api/collections/[id].ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/pages/api/collections/items.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/pages/api/live-task/control.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/pages/api/live-task/cycles.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: dashboard/src/pages/api/live-task/tools.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: scripts/dev-server.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/claude-code-review.yml:30 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/claude.yml:29 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
cli-tool/components/skills/ai-research/loki-mode/.github/workflows/release.yml:18 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish-package.yml:23 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish-package.yml:28 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/github-script@v8 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/component-pr-welcome.yml:19 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/update-json-data.yml:18 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/update-json-data.yml:23 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/update-json-data.yml:29 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/component-security-validation.yml:26 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/component-security-validation.yml:31 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v7 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/component-security-validation.yml:57 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/github-script@v9 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/component-security-validation.yml:65 supply-chaingithub-actionspinned-dependencies
low 9-layer frontend frontend-quality conf 1.00 Icon-only button without accessible name — cli-tool/src/analytics-web/components/App.js:66
A `<button>` whose only child is a single glyph or symbol needs `title=` or `aria-label=` so screen readers (and tooltips on hover) work. Why: P3 in CHECKLIST.md — icon-only buttons skipped a title. Rule id: fq.button.no-label
frontend-qualityfq.button.no-label
low 9-layer frontend frontend-quality conf 1.00 Icon-only button without accessible name — docs/js/component-page.js:1443
A `<button>` whose only child is a single glyph or symbol needs `title=` or `aria-label=` so screen readers (and tooltips on hover) work. Why: P3 in CHECKLIST.md — icon-only buttons skipped a title. Rule id: fq.button.no-label
frontend-qualityfq.button.no-label
low 9-layer frontend frontend-quality conf 1.00 Icon-only button without accessible name — docs/js/index-events.js:1488
A `<button>` whose only child is a single glyph or symbol needs `title=` or `aria-label=` so screen readers (and tooltips on hover) work. Why: P3 in CHECKLIST.md — icon-only buttons skipped a title. Rule id: fq.button.no-label
frontend-qualityfq.button.no-label
low 9-layer frontend frontend-quality conf 1.00 Icon-only button without accessible name — docs/js/modal-helpers.js:72
A `<button>` whose only child is a single glyph or symbol needs `title=` or `aria-label=` so screen readers (and tooltips on hover) work. Why: P3 in CHECKLIST.md — icon-only buttons skipped a title. Rule id: fq.button.no-label
frontend-qualityfq.button.no-label
low 9-layer frontend frontend-quality conf 1.00 Icon-only button without accessible name — docs/js/script.js:273
A `<button>` whose only child is a single glyph or symbol needs `title=` or `aria-label=` so screen readers (and tooltips on hover) work. Why: P3 in CHECKLIST.md — icon-only buttons skipped a title. Rule id: fq.button.no-label
frontend-qualityfq.button.no-label
low 9-layer frontend frontend-quality conf 1.00 Icon-only button without accessible name — docs/js/workflows.js:448
A `<button>` whose only child is a single glyph or symbol needs `title=` or `aria-label=` so screen readers (and tooltips on hover) work. Why: P3 in CHECKLIST.md — icon-only buttons skipped a title. Rule id: fq.button.no-label
frontend-qualityfq.button.no-label
low 9-layer quality integrity conf 1.00 Legacy-named symbol `button_v1` in cli-tool/components/skills/creative-design/executing-marketing-campaigns/scripts/marketing_utils.py:39
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `days_old` in cli-tool/components/skills/enterprise-communication/session-handoff/scripts/check_staleness.py:144
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `notebook_backup` in cli-tool/components/skills/scientific/labarchive-integration/scripts/notebook_operations.py:131
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/docx-official/scripts/office/validators/base.py:705
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/docx/ooxml/scripts/validation/base.py:769
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/docx/scripts/office/validators/base.py:705
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/pptx-official/scripts/office/validators/base.py:705
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/pptx/ooxml/scripts/validation/base.py:769
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/pptx/scripts/office/validators/base.py:705
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/xlsx-official/scripts/office/validators/base.py:705
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/document-processing/xlsx/scripts/office/validators/base.py:705
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/scientific/document-skills/docx/ooxml/scripts/validation/base.py:769
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `xml_copy` in cli-tool/components/skills/scientific/document-skills/pptx/ooxml/scripts/validation/base.py:769
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/security/webapp-testing/scripts/with_server.py:is_server_ready, cli-tool/components/skills/development/webapp-testing/scripts/with_server.py:is_server_ready This is *the* AI-coder failure mode (4× more duplication in vibe-c…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/security/webapp-testing/scripts/with_server.py:main, cli-tool/components/skills/development/webapp-testing/scripts/with_server.py:main This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/security/webapp-testing/examples/console_logging.py:handle_console_message, cli-tool/components/skills/development/webapp-testing/examples/console_logging.py:handle_console_message This is *the* AI-coder failure mode (4× mo…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:read_csv, cli-tool/components/skills/security/security-ownership-map/scripts/query_ownership.py:read_csv This is *the* AI-coder failure mode (4× more duplicat…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:main, cli-tool/components/skills/security/security-ownership-map/scripts/query_ownership.py:main This is *the* AI-coder failure mode (4× more duplication in v…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/security/security-ownership-map/scripts/query_ownership.py:handle_files, cli-tool/components/skills/security/security-ownership-map/scripts/query_ownership.py:handle_file This is *the* AI-coder failure mode (4× more duplica…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:linear, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:linear This is *the* AI-coder failure mode (4× more duplication in vibe-coded rep…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_quad, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_quad This is *the* AI-coder failure mode (4× more duplication in vi…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_out_quad, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_out_quad This is *the* AI-coder failure mode (4× more duplication in …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_out_quad, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_out_quad This is *the* AI-coder failure mode (4× more duplicati…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_cubic, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_cubic This is *the* AI-coder failure mode (4× more duplication in …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_out_cubic, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_out_cubic This is *the* AI-coder failure mode (4× more duplication i…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_out_cubic, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_out_cubic This is *the* AI-coder failure mode (4× more duplica…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_bounce, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_bounce This is *the* AI-coder failure mode (4× more duplication i…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_out_bounce, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_out_bounce This is *the* AI-coder failure mode (4× more duplication…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_out_bounce, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_out_bounce This is *the* AI-coder failure mode (4× more dupli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_elastic, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_elastic This is *the* AI-coder failure mode (4× more duplication…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_out_elastic, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_out_elastic This is *the* AI-coder failure mode (4× more duplicati…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:ease_in_out_elastic, cli-tool/components/skills/enterprise-communication/slack-gif-creator/core/easing.py:ease_in_out_elastic This is *the* AI-coder failure mode (4× more dup…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:in_bucket, cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:in_bucket, cli-tool/components/skills/security/security-…
integrityduplicatedry
low 9-layer software dead-code conf 1.00 Possibly dead Python function: do_GET
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/hooks/monitoring/context-timeline.py:982 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: do_OPTIONS
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/hooks/monitoring/context-timeline.py:1068 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: do_POST
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/hooks/monitoring/context-timeline.py:1050 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_back_in
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:140 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_back_in_out
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:154 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_back_out
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:147 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_in_cubic
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:34 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_in_elastic
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:78 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_in_out_bounce
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:71 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_in_out_cubic
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:44 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_in_out_elastic
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:92 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_in_out_quad
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:27 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_in_quad
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:17 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_out_cubic
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:39 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_out_elastic
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:85 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: ease_out_quad
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:22 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: fetch_comment
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/generate_claude_jobs.py:367 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: fetch_job_content
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/generate_claude_jobs.py:595 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: interpolate
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/creative-design/slack-gif-creator/core/easing.py:122 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: log_message
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/hooks/monitoring/context-timeline.py:970 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: month_key
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:137 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: quarter_end
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:162 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: quarter_key
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/security/security-ownership-map/scripts/community_maintainers.py:141 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: scan_code_patterns
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:236 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: scan_configuration
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:296 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: scan_dependencies
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/skills/security/vulnerability-scanner/scripts/security_scan.py:97 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: show_progress
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli-tool/components/sandbox/e2b/e2b-launcher.py:270 dead-code
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — api/claude-code-check.js:116
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — api/claude-code-monitor/check-version.js:116
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — api/claude-code-monitor/discord-notifier.js:244
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — api/claude-code-monitor/webhook.js:105
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — cli-tool/components/sandbox/cloudflare/launcher.ts:53
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — cli-tool/components/sandbox/cloudflare/monitor.ts:54
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — cli-tool/components/sandbox/cloudflare/src/index.ts:126
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak

Showing first 300 of 456. Refine filters or use the legacy findings page for deep search.

{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/a656f031-2648-4f24-9993-6b291c9bf048/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/a656f031-2648-4f24-9993-6b291c9bf048/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.