{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `create_env_file` has cognitive complexity 16 (SonarSource scale). Cogniti", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `create_env_file` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursi"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@types/react-dom` is 1 major version(s) behind (^18 -> 19.2.3)", "shortDescription": {"text": "npm package `@types/react-dom` is 1 major version(s) behind (^18 -> 19.2.3)"}, "fullDescription": {"text": "`@types/react-dom` is pinned/resolved at ^18 but the latest stable release on the npm registry is 19.2.3 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_node_modules", "shortDescription": {"text": "Phantom test coverage: test_node_modules"}, "fullDescription": {"text": "Test function `test_node_modules` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "curl-auth-header", "name": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed r", "shortDescription": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1245"}, "properties": {"repository": "BankrBot/skills", "repoUrl": "https://github.com/BankrBot/skills", "branch": "main"}, "results": [{"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 125633, "scanner": "repobility-threat-engine", "fingerprint": "f4a8d479a78c035f2a23df56a889e1ee4916879b2d897a7e2496350d1cfa5fb3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"your-api-key-here\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f4a8d479a78c035f2a23df56a889e1ee4916879b2d897a7e2496350d1cfa5fb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 125632, "scanner": "repobility-threat-engine", "fingerprint": "15f0fc634f2617614df2253f97083c3dfeb914947b0348d115bcbeaefa97ab34", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"your-api-key-here\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|15f0fc634f2617614df2253f97083c3dfeb914947b0348d115bcbeaefa97ab34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/setup-environment.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 125630, "scanner": "repobility-threat-engine", "fingerprint": "acb3120e5f2975299415f0afd4fe385c55d12a370322750aaaa8265fd89a21aa", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(cmd, shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|18|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/create-onchain-app.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `create_env_file` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: for=3, if=5, nested_bonus=8."}, "properties": {"repobilityId": 125629, "scanner": "repobility-threat-engine", "fingerprint": "007c05ce7a2a8f5a63e59f0925c599650de50be18bb62fea2ce554100d8f18df", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "create_env_file", "breakdown": {"if": 5, "for": 3, "nested_bonus": 8}, "complexity": 16, "correlation_key": "fp|007c05ce7a2a8f5a63e59f0925c599650de50be18bb62fea2ce554100d8f18df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/setup-environment.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 125617, "scanner": "repobility-agent-runtime", "fingerprint": "3e6a217e1110b1ff4e7651abfa9203f11e543a1d913ad5a0e87332d492346e47", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|3e6a217e1110b1ff4e7651abfa9203f11e543a1d913ad5a0e87332d492346e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gitlawb/scripts/setup.sh"}, "region": {"startLine": 12}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/react-dom` is 1 major version(s) behind (^18 -> 19.2.3)"}, "properties": {"repobilityId": 125616, "scanner": "repobility-dependency-currency", "fingerprint": "f8df30a609a67cac8fbc9ade6436d3f79df1e775ff90511d05832378f52d80ce", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/react-dom", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "19.2.3", "correlation_key": "fp|f8df30a609a67cac8fbc9ade6436d3f79df1e775ff90511d05832378f52d80ce", "current_version": "^18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/assets/templates/basic-app/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125614, "scanner": "repobility-ast-engine", "fingerprint": "7340360e2d1a8bb5e662b1b3b68bf877b95f1731a09780812e9229dd6a3c9d3f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7340360e2d1a8bb5e662b1b3b68bf877b95f1731a09780812e9229dd6a3c9d3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125613, "scanner": "repobility-ast-engine", "fingerprint": "f66edcb701c3ef383888c7aed0c6a9606d5db1197dd11ed3e34cba0f3aad5bed", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f66edcb701c3ef383888c7aed0c6a9606d5db1197dd11ed3e34cba0f3aad5bed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125612, "scanner": "repobility-ast-engine", "fingerprint": "869b31fa29d65a5a7810021753f0de9952fe27be0d923932155759fd5675756b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|869b31fa29d65a5a7810021753f0de9952fe27be0d923932155759fd5675756b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125611, "scanner": "repobility-ast-engine", "fingerprint": "fcc67926d637449006496e6a36ba8326e058301c8586f3bfa04e271410338ca7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fcc67926d637449006496e6a36ba8326e058301c8586f3bfa04e271410338ca7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125610, "scanner": "repobility-ast-engine", "fingerprint": "74681925b79d8652912a915f404d458b19a93e475036ad2205593338bb8c8552", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74681925b79d8652912a915f404d458b19a93e475036ad2205593338bb8c8552"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125609, "scanner": "repobility-ast-engine", "fingerprint": "8946c7491943e7963f34dc2f22f3c9f7b814903810b9af7fd60a89a600c4d5f9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8946c7491943e7963f34dc2f22f3c9f7b814903810b9af7fd60a89a600c4d5f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125607, "scanner": "repobility-ast-engine", "fingerprint": "dab51f604d83e5227e0e748b173271d27f33fb4152c62614e80d6bb128378b93", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dab51f604d83e5227e0e748b173271d27f33fb4152c62614e80d6bb128378b93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/create-onchain-app.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125606, "scanner": "repobility-ast-engine", "fingerprint": "80f72a937d7b496820fc57a605060736e8a358b216f1afb6c890246e88511f90", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|80f72a937d7b496820fc57a605060736e8a358b216f1afb6c890246e88511f90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/setup-environment.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125605, "scanner": "repobility-ast-engine", "fingerprint": "dd13a07502937a451eb50bbbfd02cddebbef5cf1c15a58de88d47913790bec91", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd13a07502937a451eb50bbbfd02cddebbef5cf1c15a58de88d47913790bec91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/setup-environment.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 125604, "scanner": "repobility-ast-engine", "fingerprint": "7511194970b009087bc3a08a4833937ee79fcbc3f47fb1d7b06301f2ef6f7424", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7511194970b009087bc3a08a4833937ee79fcbc3f47fb1d7b06301f2ef6f7424"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agenticbets/scripts/agenticbets.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 125603, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 125634, "scanner": "repobility-threat-engine", "fingerprint": "859183360bbec0a0eb24f3c1b4be447f30c55c40e6495edf550687e0762edc83", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'bankr-signals:signal:' + provider + ':${ACTION}:${TOKEN}:${TIMESTAMP}'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|859183360bbec0a0eb24f3c1b4be447f30c55c40e6495edf550687e0762edc83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "signals/scripts/publish-signal.sh"}, "region": {"startLine": 36}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, for=1, if=3, nested_bonus=1, ternary=1."}, "properties": {"repobilityId": 125628, "scanner": "repobility-threat-engine", "fingerprint": "5e33dc23efd3ec161e125c78e673106acd4abc2b975dbdd0629e982331c99170", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "for": 1, "else": 2, "ternary": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|5e33dc23efd3ec161e125c78e673106acd4abc2b975dbdd0629e982331c99170"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/component-generator.py"}, "region": {"startLine": 357}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@tanstack/react-query` is minor version(s) behind (^5.28.0 -> 5.101.0)"}, "properties": {"repobilityId": 125615, "scanner": "repobility-dependency-currency", "fingerprint": "67a240c4a1ca93a954a883279c7b346900202483aec63ba61314db35985ad861", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@tanstack/react-query", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.101.0", "correlation_key": "fp|67a240c4a1ca93a954a883279c7b346900202483aec63ba61314db35985ad861", "current_version": "^5.28.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/assets/templates/basic-app/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 125602, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 125636, "scanner": "repobility-threat-engine", "fingerprint": "1cd838334b009139f144d2560143dec45ff715d02905eb7b110678668928e822", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1cd838334b009139f144d2560143dec45ff715d02905eb7b110678668928e822"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "symbiosis/scripts/symbiosis-swap.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 125627, "scanner": "repobility-threat-engine", "fingerprint": "e764351cd62f5801fe9afe6ac92bd3e872db8a7158a58ad9a14763274e49aec0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e764351cd62f5801fe9afe6ac92bd3e872db8a7158a58ad9a14763274e49aec0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "productclank/scripts/create-campaign.mjs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 125626, "scanner": "repobility-threat-engine", "fingerprint": "f951ed627f9da65cb4f1f4f85fe48e3871538ea8d5a2bf94dcfa83c827c4c5eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f951ed627f9da65cb4f1f4f85fe48e3871538ea8d5a2bf94dcfa83c827c4c5eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "helixa/scripts/mint-agent.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 125621, "scanner": "repobility-threat-engine", "fingerprint": "d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 125620, "scanner": "repobility-threat-engine", "fingerprint": "dcd8b92b8b4ab422769413c469646bce809dbf0ffa3def9509e3a89ad5f2c673", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(f\"\u26a0\ufe0f Could not read tsconfig.json: {e}\")", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|14|print f could not read tsconfig.json: e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/setup-environment.py"}, "region": {"startLine": 148}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 125619, "scanner": "repobility-threat-engine", "fingerprint": "0eb525a654d25d8a315b218699eb8ec4631f3f4f5610454604897c35d3a9ff91", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"\\n=== Approving token for Symbiosis ===\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|14|print n approving token for symbiosis"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "symbiosis/scripts/symbiosis-swap.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 125618, "scanner": "repobility-threat-engine", "fingerprint": "7cbf59d10e3814f8a3354f2f51c8aca6339b583cafc9a33e1ec6c40878c03bbc", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(f\"ERROR: No apiKey in {config_path}\", file=sys.stderr)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|print f error: no apikey in config_path file sys.stderr"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agenticbets/scripts/agenticbets.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 125635, "scanner": "repobility-threat-engine", "fingerprint": "21f2ba5f06f27c96565205e8556681eb818f6747c39f74019889f3d58e0f2f52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "hdrs.update(headers)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|21f2ba5f06f27c96565205e8556681eb818f6747c39f74019889f3d58e0f2f52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "symbiosis/scripts/symbiosis-swap.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 125631, "scanner": "repobility-threat-engine", "fingerprint": "4e66549e020230abb9ffa9b4faa12c9ef6c0a4ebf1b95d16e17baa4a2a3738db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4e66549e020230abb9ffa9b4faa12c9ef6c0a4ebf1b95d16e17baa4a2a3738db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/create-onchain-app.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 125625, "scanner": "repobility-threat-engine", "fingerprint": "6b434eb8d1d969d2951471727b8fc0e1a395d68a2b8f465916e17fa8d25be4bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6b434eb8d1d969d2951471727b8fc0e1a395d68a2b8f465916e17fa8d25be4bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gitlawb/scripts/setup.sh"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 125624, "scanner": "repobility-threat-engine", "fingerprint": "5d1a3d630782c5c23aeb04330b2c254157fb861d7ded1e45ab2e070f60bd553b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5d1a3d630782c5c23aeb04330b2c254157fb861d7ded1e45ab2e070f60bd553b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "symbiosis/scripts/symbiosis-swap.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 125623, "scanner": "repobility-threat-engine", "fingerprint": "4854c62fc33663e44db53fbf6709d87b18c032f12a3525ffd3d9aafb57f71e3d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4854c62fc33663e44db53fbf6709d87b18c032f12a3525ffd3d9aafb57f71e3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "symbiosis/scripts/symbiosis-quote.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 125622, "scanner": "repobility-threat-engine", "fingerprint": "e2c3d40ccccc7518cbbf7332351de2aa3cc93f3e57a5ec5e5e6ffd31337d83ac", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e2c3d40ccccc7518cbbf7332351de2aa3cc93f3e57a5ec5e5e6ffd31337d83ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agenticbets/scripts/agenticbets.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_node_modules"}, "properties": {"repobilityId": 125608, "scanner": "repobility-ast-engine", "fingerprint": "c6b919915dbb53ee89792e1203be8a70123f6250a5517b7da6ad612247c2953e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6b919915dbb53ee89792e1203be8a70123f6250a5517b7da6ad612247c2953e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/scripts/validate-setup.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 125601, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125681, "scanner": "gitleaks", "fingerprint": "170fccbcbd7708fbfb44a781d6561e66bd44cdcf50952651430392ae555e291b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "api_key\": \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|11|api_key : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "productclank/references/API_REFERENCE.md"}, "region": {"startLine": 113}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125680, "scanner": "gitleaks", "fingerprint": "0ea282b2ec8250daae609b99920cf1ba4fd7bbfed3beaa4220646e9dfea57ea9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "apiKey\": \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|zyfai/skill.md|7|apikey : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "zyfai/SKILL.md"}, "region": {"startLine": 71}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125679, "scanner": "gitleaks", "fingerprint": "94557a5391f0a1867522de6c3921e0943834a4e0fcb2c90caa89417a83c423ec", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "PRIVATE_KEY=\"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|29|private_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "opensea/opensea-wallet/references/wallet-setup.md"}, "region": {"startLine": 295}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125678, "scanner": "gitleaks", "fingerprint": "816335b61dab20265ca5b74f4dc295aaaed0a23acacae075d0a83e023dc6bac3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "NEXT_PUBLIC_CDP_API_KEY=", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|next_public_cdp_api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/references/configuration.md"}, "region": {"startLine": 39}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125677, "scanner": "gitleaks", "fingerprint": "ec90c1b41212c7edd6a3ad1eb9f26915a5f234472d711cbbf245f2a3e4de9516", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "toToken=", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|trails/references/trails.md|4|totoken redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "trails/references/trails.md"}, "region": {"startLine": 41}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125676, "scanner": "gitleaks", "fingerprint": "88e512a33958deacb25949dc81e2f3a5b0bd5c13002080647f56ec6de9023997", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/agent/sign\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|signals/skill.md|7|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "signals/SKILL.md"}, "region": {"startLine": 79}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125675, "scanner": "gitleaks", "fingerprint": "d7e188d070079ef711131ec4b7fc88787f1e598e1ae9f86746d159217e13b2e7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/agent/sign\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|signals/skill.md|6|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "signals/SKILL.md"}, "region": {"startLine": 67}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125674, "scanner": "gitleaks", "fingerprint": "c018eba3a95bce696cbdd45987afe2b96e5d5bc5003ef242f724070f872c2971", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -s https://api.bankr.bot/agent/prompt \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|signals/skill.md|5|curl -s token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "signals/SKILL.md"}, "region": {"startLine": 51}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125673, "scanner": "gitleaks", "fingerprint": "53d7d51bf2754ad916f1eda955c5b8ab50b611d253aefff9ce8edd57db4e84a3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token\": \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|token : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "zerion/references/x402-reference.md"}, "region": {"startLine": 35}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125672, "scanner": "gitleaks", "fingerprint": "8fe20696d890207a507b3c111714cc1898b40b68b403a624289e73efdc1bee51", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "Token: ", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|versa/skill.md|7|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "versa/SKILL.md"}, "region": {"startLine": 77}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125671, "scanner": "gitleaks", "fingerprint": "2f2d881d5af406e376ad593d0bed649b565701fd28cfa173300243161de458d7", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: ", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|litcoin/docs.md|25|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litcoin/docs.md"}, "region": {"startLine": 251}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125670, "scanner": "gitleaks", "fingerprint": "2c4f09a792634269193a826174551aec7df4b94990f4565ccbaab34bda2969e8", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -H \"x-token: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|4|curl -h x-token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "quicknode/references/hypercore-hyperliquid-reference.md"}, "region": {"startLine": 48}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125669, "scanner": "gitleaks", "fingerprint": "8bcccd5c60f5c69ba3c36e367814e3205fcb13a4448b5f1d8405795bd6130805", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: ", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|23|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litcoin/references/protocol.md"}, "region": {"startLine": 240}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125668, "scanner": "gitleaks", "fingerprint": "a3f160f50bcae4673c5d23c517862b0f76b24e17a6c38c79eb4fa7eef11c5fea", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl https://api.litcoin.app/v1/chat/completions \\\n -H \"Content-Type: application/json\" \\\n -H \"X-Api-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|16|curl token -h content-type: application/json -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litcoin/references/protocol.md"}, "region": {"startLine": 164}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125667, "scanner": "gitleaks", "fingerprint": "97ca987db6f2d6905e733c2b1fbb3b9bcac1adc93adf9644ddd330af7a7a0655", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl \"https://api.productclank.com/api/v1/agents/credits/history?limit=50\" \\\n -H \"Authorization: Bearer \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|10|curl token limit 50 -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "productclank/references/FUNDING.md"}, "region": {"startLine": 109}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125666, "scanner": "gitleaks", "fingerprint": "f7f2875c2d83db0b3022c12ade52d9c188e77dfb4596abecf4029c378ed00890", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl https://api.productclank.com/api/v1/agents/credits/balance \\\n -H \"Authorization: Bearer \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|10|curl token -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "productclank/references/FUNDING.md"}, "region": {"startLine": 105}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125665, "scanner": "gitleaks", "fingerprint": "50e7d249ad132752b635ede1466bfa01b04e3e2a185422d20f3a43d9cf60f62b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.productclank.com/api/v1/agents/campaigns/{id}/generate-posts\" \\\n -H \"Authorization: Bearer \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|9|curl -x post token / id /generate-posts -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "productclank/references/FUNDING.md"}, "region": {"startLine": 93}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125664, "scanner": "gitleaks", "fingerprint": "d55c462de5e34060f219057cf5db6b81a1b3f32cddb174b871cfd107b4ccdd44", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.productclank.com/api/v1/agents/create-link\" \\\n -H \"Authorization: Bearer \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|7|curl -x post token -h authorization: bearer redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "productclank/references/FUNDING.md"}, "region": {"startLine": 73}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125663, "scanner": "gitleaks", "fingerprint": "cf4539686ab87e162f6b22f407dbb3af81cef7f5636e116da66cd6c103853e03", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "Token: ", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|litcoin/skill.md|37|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litcoin/SKILL.md"}, "region": {"startLine": 375}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125662, "scanner": "gitleaks", "fingerprint": "357c0ac82a85a496707368f619c4231f69342e90fb5dbf5d1a384f29d375d520", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: ''", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|6|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "onchainkit/references/examples.md"}, "region": {"startLine": 67}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125661, "scanner": "gitleaks", "fingerprint": "e8b23cc24ce69276e1803628b944ee6dc93d366f234373ed2342f444153eec54", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "budgetToken\": \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|budgettoken : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nookplot/references/collab-intents.md"}, "region": {"startLine": 41}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125660, "scanner": "gitleaks", "fingerprint": "6b30794ff39f2f11bac6b0934109361575dbdbc762e1560123e47313f7b4ff63", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "depositTokens=REDACTED`", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|3|deposittokens redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hydrex/references/single-sided-liquidity.md"}, "region": {"startLine": 38}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125659, "scanner": "gitleaks", "fingerprint": "4f7ce86e34616cb6b1469e2bf1e21953aae8b5394994d00ac0446ab37ae3a3f5", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "apiKey\": \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|apikey : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nookplot/references/identity-register.md"}, "region": {"startLine": 46}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125658, "scanner": "gitleaks", "fingerprint": "7d9081e29be51fc27260d63d3a175c45a2cf4aec7b99ea0816d03571c1498b5e", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl`, `fetch`, or any HTTP client.\n\n### Authentication\n\nAll requests require an `X-API-Key` header:\n\n```bash\ncurl -X POST \"https://api.bankr.bot/agent/prompt\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|bankr/skill.md|16|curl fetch or any http client. ### authentication all requests require an x-api-key header: bash curl -x post token -h x"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/SKILL.md"}, "region": {"startLine": 163}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125657, "scanner": "gitleaks", "fingerprint": "75a214df3a9298a67085afb0d4073f783c96e698bb07854ec9e501263796d676", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|4|tokenaddress : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nookplot/references/economy-bounties.md"}, "region": {"startLine": 42}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125656, "scanner": "gitleaks", "fingerprint": "4257dea87af4b4a07436cfb329998579bb79b4036f729793da9cee8729f568bf", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|9|tokenaddress : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "nookplot/references/economy-marketplace.md"}, "region": {"startLine": 95}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125655, "scanner": "gitleaks", "fingerprint": "a5ceb3af7882dacca6089e5f6f71a7dec2842ad53409f8706e13c8e1afd50df6", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress,\n 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|9|tokenaddress redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clanker/references/airdrops.md"}, "region": {"startLine": 100}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125654, "scanner": "gitleaks", "fingerprint": "5acfb6e5d2b616a52ed65bb0e0e917b1041f281540550eafaaf284a9ce72ded3", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "API version: `REDACTED`", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|hunch/skill.md|3|api version: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "hunch/SKILL.md"}, "region": {"startLine": 31}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125653, "scanner": "gitleaks", "fingerprint": "54b10431376762fe74be88cb95e49836681dcb91778027dc83cc46b650ee3a0a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token: ", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "darksol-random-oracle/SKILL.md"}, "region": {"startLine": 27}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125652, "scanner": "gitleaks", "fingerprint": "ed53cf0213456c4a7a8b1ca71c1de4ae114f1bc396fdcf80e0d1c83eaca22d0b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "TOKEN_ADDRESS = 'REDACTED'", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|23|token_address redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clanker/references/rewards.md"}, "region": {"startLine": 239}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125651, "scanner": "gitleaks", "fingerprint": "c2faf745c13239780f7f71ec76ebece7b554f460e50e456f47700a2ab01497d2", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/agent/prompt\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|bankr/references/safety.md|21|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/safety.md"}, "region": {"startLine": 220}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125650, "scanner": "gitleaks", "fingerprint": "185c1055b9e6c48ae856d1d69caa43bd0697031edf73d239a16eb82da95cd18b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/wallet/submit\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|19|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/sign-submit-api.md"}, "region": {"startLine": 197}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125649, "scanner": "gitleaks", "fingerprint": "c4628bf2e9b5d5d64defc8f3efe8741b6b4a84a17d7d04f62170ba241eedd20a", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/wallet/submit\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|17|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/sign-submit-api.md"}, "region": {"startLine": 180}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125648, "scanner": "gitleaks", "fingerprint": "a65f53deeb2a5f85ec701831b11721a73b57501a5f8ce6b2c3490d7088715468", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/wallet/submit\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|16|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/sign-submit-api.md"}, "region": {"startLine": 164}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125647, "scanner": "gitleaks", "fingerprint": "66875672e7ddaeaf42cd3fd45a237052cdf87ad329f87bc565182bbb922e297f", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/wallet/sign\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|8|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/sign-submit-api.md"}, "region": {"startLine": 83}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125646, "scanner": "gitleaks", "fingerprint": "b45d3e0b2c554693403fa87fb98a3eeee9d893476d64ebd5d9da60a643b44856", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/wallet/sign\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|3|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/sign-submit-api.md"}, "region": {"startLine": 35}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125645, "scanner": "gitleaks", "fingerprint": "ba3f48a9bbebf10f717e36c5d40120bb63e6195457b257a2ff31729d3e5b527b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|16|tokenaddress : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "alchemy/references/data-portfolio-apis.md"}, "region": {"startLine": 165}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125644, "scanner": "gitleaks", "fingerprint": "06daf3c4e14104d5751673854c46823ddd3e644d1eb03f8aea0ef08e362cbd04", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "tokenAddress\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|8|tokenaddress : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "alchemy/references/data-portfolio-apis.md"}, "region": {"startLine": 84}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125643, "scanner": "gitleaks", "fingerprint": "3ec117e57ad1a935806233fe4bfd76260611063d3bcc2c6e8ec5e550e11015c4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/agent/job/job_abc123/cancel\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|12|curl -x post token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/api-workflow.md"}, "region": {"startLine": 125}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125642, "scanner": "gitleaks", "fingerprint": "3806993786b47dcd70a45032e11e20451b7a46b0f3c8e904e616b6bec75c5971", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "curl -X GET \"https://api.bankr.bot/agent/job/job_abc123\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|8|curl -x get token -h x-api-key: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/api-workflow.md"}, "region": {"startLine": 86}}}]}, {"ruleId": "curl-auth-header", "level": "error", "message": {"text": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."}, "properties": {"repobilityId": 125641, "scanner": "gitleaks", "fingerprint": "bff929bf1bd40634e62873f3d2780d1562a3b370d40953601c2f2193a693b6aa", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "curl -X POST \"https://api.bankr.bot/agent/prompt\" \\\n -H \"X-API-Key: \"", "rule_id": "curl-auth-header", "scanner": "gitleaks", "detector": "curl-auth-header", "correlation_key": "secret|token|4|curl -x post token -h x-api-key: redacted", "duplicate_count": 2, "duplicate_rule_ids": ["curl-auth-header"], "duplicate_scanners": ["gitleaks"], "duplicate_fingerprints": ["73decdb5ab36f3ce71f35a63718f7fdb13afff8e421fd886969f6f793e95fdad", "a4af39d00c9028f7dc2b22c58d2053eb626e34f02bc610ff6041d4cfef5b9fa9", "bff929bf1bd40634e62873f3d2780d1562a3b370d40953601c2f2193a693b6aa"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bankr/references/api-workflow.md"}, "region": {"startLine": 42}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125640, "scanner": "gitleaks", "fingerprint": "078aea8256ef093f681a60e6338ee1edb0ce4a4adc66962e544fb0ccaf55e8be", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "pageKey\": \"REDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|9|pagekey : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "alchemy/references/data-transfers-api.md"}, "region": {"startLine": 93}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125639, "scanner": "gitleaks", "fingerprint": "4fef887f4f000e079968156eaac7d80484df4e1fb78d8ee2d962a53c77fc9155", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token\": \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|agenticbets/skill.md|25|token : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agenticbets/SKILL.md"}, "region": {"startLine": 252}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125638, "scanner": "gitleaks", "fingerprint": "5a47790c6fef8187bb3b7adb6ed024f2fbf7c1aa0416601fbe3559f14e02d11b", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "token\": \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|13|token : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agenticbets/references/agent-usage.md"}, "region": {"startLine": 138}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 125637, "scanner": "gitleaks", "fingerprint": "a043bc95263ceb0edeb8a9eb251e3ab759c86795c1cbef74cf2af02b1bbfb4db", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "AGBETS_TOKEN = \"\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|2|agbets_token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "agenticbets/scripts/agenticbets.py"}, "region": {"startLine": 27}}}]}]}]}