Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
33 of your 275 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 7.82s · analysis 12.76s · 15.4 MB · GitHub API rate-limit (preflight)

rustdesk/rustdesk

https://github.com/rustdesk/rustdesk · scanned 2026-06-05 05:20 UTC (1 week, 1 day ago) · 10 languages

348 raw signals (236 security + 112 graph) 3rd percentile · Rust · large (100-500K LoC) System graph score 75 (lower by 24)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 1 day ago · v2 · 155 actionable findings from 2 signal sources. 137 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
68.4
/100
Security checks
62
109 findings
System graph
75
88.9% cov · 46 findings
Critical
3
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 50.3 0.25 12.57
testing_score 22.0 0.20 4.40
documentation_score 49.0 0.15 7.35
practices_score 82.0 0.15 12.30
code_quality 10.6 0.10 1.06
Overall 1.00 50.4
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 3 High 74 Medium 18 Low 36 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 109 System graph 46 Crowd 0 Layer: Software 80 Cicd 2 Quality 61 Security 7 Api 1 Hardware 3 Frontend 1
Scan summary Quality grade C- (50/100). Dimensions: security 50, maintainability 85. 236 findings (85 security). 226,503 lines analyzed.

Showing 131 of 155 actionable findings. 292 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks security secrets conf 0.95 84 occurrences Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
12 files, 28 locations
src/custom_server.rs:139, 144, 156, 168, 180, 187 (6 hits)
src/lang/be.rs:562, 646 (2 hits)
src/lang/bg.rs:562, 646 (2 hits)
src/lang/cs.rs:562, 646 (2 hits)
src/lang/da.rs:562, 646 (2 hits)
src/lang/de.rs:562, 646 (2 hits)
src/lang/el.rs:562, 646 (2 hits)
src/lang/en.rs:202, 235 (2 hits)
critical Security checks software dependencies conf 0.90 ✓ Repobility Hardcoded Telegram bot webhook URL in source
File contains a hardcoded `Telegram bot` webhook URL: `https://api.telegram.org/bot123/sendMessage...`. Webhook URLs are unauthenticated POST endpoints — anyone with the URL can send messages. They are also a common data-exfiltration channel for compromised packages (malicious post-install collects…
src/common.rs:2800
critical System graph security Secrets conf 1.00 2 occurrences Possible secret in src/cli.rs
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 28, 69
src/cli.rs:28, 69 (2 hits)
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety.
Review and fix per the pattern semantics. See CWE-476 / for context.
flutter/android/app/src/main/kotlin/com/carriez/flutter_hbb/AudioRecordHandle.kt:101
high Security checks software dependencies conf 0.88 adler: RUSTSEC-2025-0056
adler crate is unmaintained, use adler2 instead
Cargo.lock
high Security checks software dependencies conf 0.88 ansi_term: RUSTSEC-2021-0139
ansi_term is Unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 atk-sys: RUSTSEC-2024-0416
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 atk: RUSTSEC-2024-0413
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 atty: RUSTSEC-2021-0145
Potential unaligned read
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 atty: RUSTSEC-2021-0145
Potential unaligned read
Cargo.lock
high Security checks software dependencies conf 0.88 atty: RUSTSEC-2024-0375
`atty` is unmaintained
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 atty: RUSTSEC-2024-0375
`atty` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 bincode: RUSTSEC-2025-0141
Bincode is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 bytes: RUSTSEC-2026-0007
Integer overflow in `BytesMut::reserve`
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 bytes: RUSTSEC-2026-0007
Integer overflow in `BytesMut::reserve`
Cargo.lock
high Security checks software dependencies conf 0.88 clipboard: RUSTSEC-2022-0056
clipboard is Unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 crossbeam-channel: RUSTSEC-2025-0024
crossbeam-channel: double free on Drop
Cargo.lock
high Security checks software dependencies conf 0.88 derivative: RUSTSEC-2024-0388
`derivative` is unmaintained; consider using an alternative
Cargo.lock
high Security checks software dependencies conf 0.88 dlopen_derive: RUSTSEC-2023-0051
`dlopen_derive` is unmaintained
Cargo.lock
high Security checks cicd CI/CD security conf 0.95 Docker final stage runs as root
The final runtime stage explicitly uses root. A compromised app process would have root inside the container.
Dockerfile:61 CI/CD securitycontainers
high Security checks software dependencies conf 0.90 ✓ Repobility Dockerfile FROM `debian:bullseye-slim` not pinned by digest
`FROM debian:bullseye-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Dockerfile:1
high Security checks software dependencies conf 0.88 fuser: RUSTSEC-2021-0154
Uninitalized memory read & leak caused by fuser crate
Cargo.lock
high Security checks software dependencies conf 0.88 gdk-sys: RUSTSEC-2024-0418
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 gdk: RUSTSEC-2024-0412
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 gdkwayland-sys: RUSTSEC-2024-0411
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 gdkx11-sys: RUSTSEC-2024-0414
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 git2: RUSTSEC-2026-0008
Potential undefined behavior when dereferencing Buf struct
Cargo.lock
high Security checks software dependencies conf 0.88 glib: RUSTSEC-2024-0429
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
Cargo.lock
high Security checks software dependencies conf 0.88 gtk-sys: RUSTSEC-2024-0420
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 gtk3-macros: RUSTSEC-2024-0419
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 gtk: RUSTSEC-2024-0415
gtk-rs GTK3 bindings - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 idna: RUSTSEC-2024-0421
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Cargo.lock
high Security checks software dependencies conf 0.88 instant: RUSTSEC-2024-0384
`instant` is unmaintained
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 instant: RUSTSEC-2024-0384
`instant` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 libgit2-sys: RUSTSEC-2024-0013
Memory corruption, denial of service, and arbitrary code execution in libgit2
Cargo.lock
high Security checks software dependencies conf 0.88 mio: RUSTSEC-2024-0019
Tokens for named pipes may be delivered after deregistration
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 openssl: GHSA-8c75-8mhr-p7r9
rust-openssl has incorrect bounds assertion in aes key wrap
Cargo.lock
high Security checks software dependencies conf 0.88 openssl: GHSA-ghm9-cr32-g9qj
rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check
Cargo.lock
high Security checks software dependencies conf 0.88 openssl: GHSA-hppc-g8h3-xhp3
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer
Cargo.lock
high Security checks software dependencies conf 0.88 openssl: GHSA-pqf5-4pqq-29f5
rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Cargo.lock
high Security checks software dependencies conf 0.88 openssl: GHSA-xp3w-r5p5-63rr
rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
Cargo.lock
high Security checks software dependencies conf 0.88 openssl: RUSTSEC-2025-0004
ssl::select_next_proto use after free
Cargo.lock
high Security checks software dependencies conf 0.88 openssl: RUSTSEC-2025-0022
Use-After-Free in `Md::fetch` and `Cipher::fetch`
Cargo.lock
high Security checks software dependencies conf 0.88 paste: RUSTSEC-2024-0436
paste - no longer maintained
Cargo.lock
high Security checks software dependencies conf 0.88 proc-macro-error: RUSTSEC-2024-0370
proc-macro-error is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 protobuf: RUSTSEC-2024-0437
Crash due to uncontrolled recursion in protobuf crate
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 quinn-proto: RUSTSEC-2026-0037
Denial of service in Quinn endpoints
Cargo.lock
high Security checks software dependencies conf 0.88 rand: RUSTSEC-2026-0097
Rand is unsound with a custom logger using `rand::rng()`
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 rand: RUSTSEC-2026-0097
Rand is unsound with a custom logger using `rand::rng()`
Cargo.lock
high Security checks software dependencies conf 0.88 rand_os: RUSTSEC-2025-0124
rand_os crate is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 remove_dir_all: RUSTSEC-2023-0018
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 rustls-webpki: RUSTSEC-2026-0049
CRLs not considered authoritative by Distribution Point due to faulty matching logic
Cargo.lock
high Security checks software dependencies conf 0.88 rustls-webpki: RUSTSEC-2026-0098
Name constraints for URI names were incorrectly accepted
Cargo.lock
high Security checks software dependencies conf 0.88 rustls-webpki: RUSTSEC-2026-0099
Name constraints were accepted for certificates asserting a wildcard name
Cargo.lock
high Security checks software dependencies conf 0.88 rustls-webpki: RUSTSEC-2026-0104
Reachable panic in certificate revocation list parsing
Cargo.lock
high Security checks software dependencies conf 0.88 serial: RUSTSEC-2017-0008
`serial` crate is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 sodiumoxide: RUSTSEC-2021-0137
sodiumoxide is deprecated
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 sodiumoxide: RUSTSEC-2021-0137
sodiumoxide is deprecated
Cargo.lock
high Security checks software dependencies conf 0.88 time: RUSTSEC-2020-0071
Potential segfault in the time crate
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 time: RUSTSEC-2020-0071
Potential segfault in the time crate
Cargo.lock
high Security checks software dependencies conf 0.88 time: RUSTSEC-2026-0009
Denial of Service via Stack Exhaustion
Cargo.lock
high Security checks software dependencies conf 0.88 tokio: RUSTSEC-2023-0001
reject_remote_clients Configuration corruption
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 tokio: RUSTSEC-2023-0005
`tokio::io::ReadHalf<T>::unsplit` is Unsound
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 tokio: RUSTSEC-2025-0023
Broadcast channel calls clone in parallel, but does not require `Sync`
libs/virtual_display/Cargo.lock
high Security checks software dependencies conf 0.88 tracing-subscriber: RUSTSEC-2025-0055
Logging user input may result in poisoning logs with ANSI escape sequences
Cargo.lock
high Security checks software dependencies conf 0.88 unic-bidi: RUSTSEC-2025-0096
`unic-bidi` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 unic-char-property: RUSTSEC-2025-0081
`unic-char-property` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 unic-char-range: RUSTSEC-2025-0075
`unic-char-range` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 unic-common: RUSTSEC-2025-0080
`unic-common` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 unic-ucd-bidi: RUSTSEC-2025-0083
`unic-ucd-bidi` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 unic-ucd-version: RUSTSEC-2025-0098
`unic-ucd-version` is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 users: RUSTSEC-2023-0040
`users` crate is unmaintained
Cargo.lock
high Security checks software dependencies conf 0.88 users: RUSTSEC-2023-0059
Unaligned read of `*const *const c_char` pointer
Cargo.lock
high Security checks software dependencies conf 0.88 users: RUSTSEC-2025-0040
`root` appended to group listings
Cargo.lock
high System graph security security conf 1.00 Insecure pattern 'eval_used' in libs/enigo/src/lib.rs:465
Found a known-risky pattern (eval_used). Review and replace if possible.
libs/enigo/src/lib.rs:465 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in libs/enigo/src/linux/xdo.rs:457
Found a known-risky pattern (eval_used). Review and replace if possible.
libs/enigo/src/linux/xdo.rs:457 Eval used
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
res/user-groups.py:225
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
res/device-groups.py:191
medium Security checks quality Quality Average file size is 516 lines (recommend <300)
Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle — each module should have one clear purpose.
low Security checks quality Error handling conf 0.55 ✓ Repobility Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
res/ab.py:278 Error handlingquality
medium Security checks cicd CI/CD security conf 0.90 Docker build context has no .dockerignore
Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts.
.dockerignore CI/CD securitycontainers
medium Security checks software dependencies conf 0.88 openssl: GHSA-phqj-4mhp-q6mq
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
Cargo.lock
medium Security checks software dependencies conf 0.88 openssl: GHSA-xv59-967r-8726
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding
Cargo.lock
high Security checks software dependencies conf 0.70 12 occurrences Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
12 files, 12 locations
README.md:118
docs/README-AR.md:104
docs/README-CS.md:96
docs/README-DA.md:93
docs/README-DE.md:118
docs/README-EO.md:89
docs/README-ES.md:114
docs/README-FA.md:98
medium Security checks software dependencies conf 0.90 ✓ Repobility requirements.txt: `brotli` has no version pin
Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.
libs/portable/requirements.txt:1
medium System graph hardware Security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in res/msi/preprocess.py:465
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
res/msi/preprocess.py:465 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in src/auth_2fa.rs:31
Found a known-risky pattern (weak_hash). Review and replace if possible.
src/auth_2fa.rs:31 Weak hash
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — build.py:217
`urllib.request.urlopen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/ab.py:13
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/audits.py:222
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/device-groups.py:49
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/devices.py:42
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/msi/preprocess.py:461
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/strategies.py:43
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/user-groups.py:49
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — res/users.py:57
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
0 test file(s) for 264 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks quality Quality conf 0.60 20 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 14 locations
flutter/lib/desktop/pages/view_camera_tab_page.dart:45, 327 (2 hits)
libs/scrap/src/common/x11.rs:27, 51 (2 hits)
flutter/lib/desktop/pages/remote_tab_page.dart:359
flutter/lib/desktop/pages/terminal_tab_page.dart:445
flutter/lib/desktop/screen/desktop_view_camera_screen.dart:10
flutter/lib/mobile/pages/connection_page.dart:44
flutter/lib/mobile/pages/terminal_page.dart:54
flutter/lib/models/web_model.dart:42
duplicationquality
low Security checks quality Quality conf 0.68 Multiple AI-agent scaffold marker files are present
Repositories with several agent instruction, progress, or completion marker files are often generated scaffolds. They are not automatically wrong, but they deserve a reachability and ownership review before users treat the code as production-ready.
AGENTS.md:1
low Security checks quality Documentation No LICENSE file
Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft).
low Security checks software dependencies conf 0.88 openssl: GHSA-xmgf-hq76-4vx2
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length
Cargo.lock
low Security checks software dependencies conf 0.88 rpassword: GHSA-2p6r-x3vv-xqm2
rpassword affected by partial password reveal when input is interrupted
Cargo.lock
low System graph quality Maintenance conf 1.00 55 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: debian:bullseye-slim
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:1 containersPinned dependencies
low System graph quality Integrity conf 1.00 10 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: build.py:build_flutter_deb, build.py:build_flutter_arch_manjaro This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
10 occurrences
repo-level (10 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: res/device-groups.py:check_response, res/strategies.py:check_response, res/user-groups.py:check_response This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why th…
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: res/msi/preprocess.py:func, res/msi/preprocess.py:func, res/msi/preprocess.py:func, res/msi/preprocess.py:func This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document …
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `usbmmidd_v2` in res/job.py:208
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: generate_build_script_for_docker
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
build.py:160
low System graph software Dead code conf 1.00 Possibly dead Python function: parse_color
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
res/ab.py:484
low System graph software Dead code conf 1.00 Possibly dead Python function: parse_permission
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
res/ab.py:491
low System graph quality Complexity conf 1.00 Very large file: libs/scrap/src/wayland/pipewire.rs (1537 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/client.rs (4264 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/client/io_loop.rs (2506 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/common.rs (3007 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/flutter.rs (2367 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/flutter_ffi.rs (3142 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/ipc.rs (2195 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/keyboard.rs (1598 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/platform/linux.rs (2330 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/platform/windows.rs (4673 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/server/connection.rs (6162 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/server/input_service.rs (2475 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/server/portable_service.rs (1612 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/server/terminal_service.rs (2166 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/server/uinput.rs (1350 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/ui_cm_interface.rs (1798 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/ui_interface.rs (1706 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: src/ui_session_interface.rs (2058 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/dc3aa337-7dbc-4b80-bd2a-9fd64681f653/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/dc3aa337-7dbc-4b80-bd2a-9fd64681f653/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.