https://github.com/pardnchiu/Agenvoy ·
lang: go ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
AGT015 Remote install command pipes network code directly to a she… |
medium | 9 |
MINED111 Bare except continues silently |
medium | 7 |
MINED016 Go Error Ignored |
high | 4 |
SEC132 String concat where the language has interpolation (AI styl… |
low | 4 |
ERR003 [ERR003] Ignored Error (Go): Ignoring error return values. |
medium | 4 |
MINED060 Go Context No Cancel |
info | 4 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 4 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 4 |
MINED001
Bare Except Pass
CWE-755
extensions/skills/code-reviewer/scripts/analyze_go.py:27
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
extensions/skills/code-reviewer/scripts/analyze_js_ts.py:47
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED004
Weak Crypto
CWE-327
extensions/skills/code-reviewer/scripts/common.py:71
· conf 1.00
[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).MINED012
Curl Pipe Bash
CWE-494
internal/runtime/tui/commandKuradb.go:76
· conf 1.00
[MINED012] Curl Pipe Bash: curl ... | sh / bash — runs unverified network code.MINED016
Go Error Ignored
CWE-754
internal/agents/provider/claude/send.go:90
· conf 1.00
[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern.MINED016
Go Error Ignored
CWE-754
internal/agents/provider/compat/send.go:38
· conf 1.00
[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern.MINED016
Go Error Ignored
CWE-754
internal/agents/provider/copilot/login.go:52
· conf 1.00
[MINED016] Go Error Ignored: _, err := fn() with err not checked. Go anti-pattern.MINED033
Go Recover Without Log
CWE-755
internal/runtime/tui/handlerExec.go:51
· conf 1.00
[MINED033] Go Recover Without Log: defer func() { recover() }() that silently swallows panic.MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:35
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `setUp` of class `TestPackageSkillSecurity` reads `self.temp_dir`, but no assignment to it exists in __init__ (and no class-leve…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:40
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `tearDown` of class `TestPackageSkillSecurity` reads `self.temp_dir`, but no assignment to it exists in __init__ (and no class-l…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:41
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `tearDown` of class `TestPackageSkillSecurity` reads `self.temp_dir`, but no assignment to it exists in __init__ (and no class-l…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:44
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `create_skill` of class `TestPackageSkillSecurity` reads `self.temp_dir`, but no assignment to it exists in __init__ (and no cla…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:53
· conf 1.00
[MINED108] `self.create_skill` used but never assigned in __init__: Method `test_packages_normal_files` of class `TestPackageSkillSecurity` reads `self.create_skill`, but no assignment to it exists i…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:54
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `test_packages_normal_files` of class `TestPackageSkillSecurity` reads `self.temp_dir`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:59
· conf 1.00
[MINED108] `self.assertIsNotNone` used but never assigned in __init__: Method `test_packages_normal_files` of class `TestPackageSkillSecurity` reads `self.assertIsNotNone`, but no assignment to it ex…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:61
· conf 1.00
[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_packages_normal_files` of class `TestPackageSkillSecurity` reads `self.assertTrue`, but no assignment to it exists in __…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:64
· conf 1.00
[MINED108] `self.assertIn` used but never assigned in __init__: Method `test_packages_normal_files` of class `TestPackageSkillSecurity` reads `self.assertIn`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:65
· conf 1.00
[MINED108] `self.assertIn` used but never assigned in __init__: Method `test_packages_normal_files` of class `TestPackageSkillSecurity` reads `self.assertIn`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:68
· conf 1.00
[MINED108] `self.create_skill` used but never assigned in __init__: Method `test_skips_symlink_to_external_file` of class `TestPackageSkillSecurity` reads `self.create_skill`, but no assignment to it…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:69
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `test_skips_symlink_to_external_file` of class `TestPackageSkillSecurity` reads `self.temp_dir`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:72
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `test_skips_symlink_to_external_file` of class `TestPackageSkillSecurity` reads `self.temp_dir`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:81
· conf 1.00
[MINED108] `self.assertIsNotNone` used but never assigned in __init__: Method `test_skips_symlink_to_external_file` of class `TestPackageSkillSecurity` reads `self.assertIsNotNone`, but no assignment…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_package_skill.py:83
· conf 1.00
[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_skips_symlink_to_external_file` of class `TestPackageSkillSecurity` reads `self.assertTrue`, but no assignment to it exi…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:15
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `setUp` of class `TestQuickValidate` reads `self.temp_dir`, but no assignment to it exists in __init__ (and no class-level fallb…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:20
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `tearDown` of class `TestQuickValidate` reads `self.temp_dir`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:21
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `tearDown` of class `TestQuickValidate` reads `self.temp_dir`, but no assignment to it exists in __init__ (and no class-level fa…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:24
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `test_accepts_crlf_frontmatter` of class `TestQuickValidate` reads `self.temp_dir`, but no assignment to it exists in __init__ (…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:31
· conf 1.00
[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_accepts_crlf_frontmatter` of class `TestQuickValidate` reads `self.assertTrue`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:34
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `test_rejects_missing_frontmatter_closing_fence` of class `TestQuickValidate` reads `self.temp_dir`, but no assignment to it exi…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:41
· conf 1.00
[MINED108] `self.assertFalse` used but never assigned in __init__: Method `test_rejects_missing_frontmatter_closing_fence` of class `TestQuickValidate` reads `self.assertFalse`, but no assignment to …MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:42
· conf 1.00
[MINED108] `self.assertEqual` used but never assigned in __init__: Method `test_rejects_missing_frontmatter_closing_fence` of class `TestQuickValidate` reads `self.assertEqual`, but no assignment to …MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:45
· conf 1.00
[MINED108] `self.temp_dir` used but never assigned in __init__: Method `test_fallback_parser_handles_multiline_frontmatter_without_pyyaml` of class `TestQuickValidate` reads `self.temp_dir`, but no a…MINED108
self.attribute used but never assigned in __init__
CWE-476
extensions/skills/skill-creator/scripts/test_quick_validate.py:68
· conf 1.00
[MINED108] `self.assertTrue` used but never assigned in __init__: Method `test_fallback_parser_handles_multiline_frontmatter_without_pyyaml` of class `TestQuickValidate` reads `self.assertTrue`, but …SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
internal/agents/provider/claude/send.go:124
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
internal/agents/provider/compat/new.go:48
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
internal/agents/provider/gemini/youtube/register.go:29
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC093
Go: exec.Command with non-literal
internal/filesystem/git.go:32
· conf 1.00
[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) — variable command name allows command injection. Ported from gosec G204 (Apache-2.0).SEC093
Go: exec.Command with non-literal
internal/runtime/kuradb/run.go:31
· conf 1.00
[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) — variable command name allows command injection. Ported from gosec G204 (Apache-2.0).SEC093
Go: exec.Command with non-literal
internal/runtime/monitor/monitor.go:113
· conf 1.00
[SEC093] Go: exec.Command with non-literal: exec.Command(<var>) — variable command name allows command injection. Ported from gosec G204 (Apache-2.0).AGT015
Remote install command pipes network code directly to a shell
doc/README.zh.md:57
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
index.html:223
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
static/scripts/install.sh:4
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
wiki/CLI-Reference.md:96
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
wiki/CLI-Reference.zh.md:96
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
wiki/KuraDB-RAG.md:76
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
wiki/KuraDB-RAG.zh.md:76
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
wiki/Security-and-Sandbox.md:62
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
wiki/Security-and-Sandbox.zh.md:62
· conf 0.70
Remote install command pipes network code directly to a shellAUC001
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.AUC002
[AUC002] Low visible authorization coverage in route inventory: Only 0.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
[AUC002] Low visible authorization coverage in route inventory: Only 41.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
internal/agents/exec/execute.go:226
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
internal/agents/exec/execute.go:231
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC004
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: ANY /plugins/<slug:plugin_slug>/.
internal/agents/exec/execute.go:235
· conf 0.66
[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin acc…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
internal/agents/exec/execute.go:223
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
internal/agents/provider/gemini/stt/handler.go:58
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…AUC009
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
internal/agents/provider/gemini/youtube/fetch.go:40
· conf 0.68
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
extensions/skills/code-reviewer/scripts/analyze_go.py:51
· conf 0.95
[COMP001] High cognitive complexity: Function `_parse_go_mod` has cognitive complexity 24 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — neste…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
extensions/skills/code-reviewer/scripts/analyze_js_ts.py:95
· conf 0.95
[COMP001] High cognitive complexity: Function `_iter_source_files` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — …CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundMINED111
Bare except continues silently
extensions/skills/skill-creator/scripts/init_skill.py:280
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
extensions/skills/skill-creator/scripts/init_skill.py:292
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
extensions/skills/skill-creator/scripts/init_skill.py:300
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
extensions/skills/skill-creator/scripts/package_skill.py:109
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
extensions/skills/tool-reviewer/scripts/scan_tools.py:251
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
extensions/skills/tool-reviewer/scripts/scan_tools.py:280
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
extensions/skills/tool-reviewer/scripts/scan_tools.py:517
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.SEC045
eval()/exec() on stored or user-supplied data
internal/tools/calculator/calculate.go:24
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC091
Go: net/http server without timeouts
cmd/app/cmdDeamon.go:258
· conf 1.00
[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0).SEC091
Go: net/http server without timeouts
internal/agents/provider/openaiCodex/login.go:183
· conf 1.00
[SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/ReadTimeout/WriteTimeout is vulnerable to Slowloris. Ported from gosec G112 + G114 (Apache-2.0).WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtWEB015
Public web app has no Content Security Policy
index.html
· conf 0.70
Public web app has no Content Security PolicyAIC003
Duplicated implementation block across source files
cmd/app/newTUI.go:29
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/compat/send.go:10
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/copilot/send.go:17
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/deepseek/new.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/deepseek/send.go:15
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/gemini/new.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/gemini/new.go:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/gemini/send.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/gemini/youtube/fetch.go:19
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/grok/new.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/grok/new.go:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/grok/send.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/grok/send.go:15
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/nvidia/new.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/nvidia/new.go:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/nvidia/send.go:14
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/nvidia/send.go:18
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/openaiCodex/send.go:22
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/openai/new.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/openai/new.go:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/openai/send.go:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/agents/provider/openai/send.go:17
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/runtime/kuradb/tool/semantic.go:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/runtime/scheduler.go:209
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/runtime/telegram/chunk.go:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/runtime/telegram/new.go:74
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/runtime/telegram/run.go:179
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/runtime/tui/commandTaskRemove.go:17
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/toolAdapter/mcp/stdio.go:190
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
internal/toolAdapter/script/translator.go:38
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
extensions/skills/code-reviewer/scripts/analyze_code.py:40
· conf 0.95
[COMP001] High cognitive complexity: Function `detect_language` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nes…ERR003
[ERR003] Ignored Error (Go): Ignoring error return values.
cmd/app/cmdDeamon.go:77
· conf 1.00
[ERR003] Ignored Error (Go): Ignoring error return values.ERR003
[ERR003] Ignored Error (Go): Ignoring error return values.
cmd/app/main.go:78
· conf 1.00
[ERR003] Ignored Error (Go): Ignoring error return values.ERR003
[ERR003] Ignored Error (Go): Ignoring error return values.
extensions/skills/code-reviewer/scripts/go_ast.go:66
· conf 1.00
[ERR003] Ignored Error (Go): Ignoring error return values.SEC132
String concat where the language has interpolation (AI style drift)
internal/agents/exec/systemPrompt.go:32
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
internal/agents/provider/openaiCodex/image2/handler.go:106
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…SEC132
String concat where the language has interpolation (AI style drift)
internal/runtime/telegram/push.go:97
· conf 1.00
[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template liter…WEB001
Public web app has no robots.txt
robots.txt
· conf 0.74
Public web app has no robots.txtWEB002
Public web app has no sitemap
sitemap.xml
· conf 0.72
Public web app has no sitemapWEB008
Public docs site has no llms.txt
llms.txt
· conf 0.64
Public docs site has no llms.txtWEB011
Public web app has no humans.txt
humans.txt
· conf 0.50
Public web app has no humans.txtCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 7 more): Same pattern found in 7 additional files. Review if needed.ERR003
[ERR003] Ignored Error (Go): Ignoring error return values.
[ERR003] Ignored Error (Go) (and 14 more): Same pattern found in 14 additional files. Review if needed.MINED016
Go Error Ignored
CWE-754
[MINED016] Go Error Ignored (and 7 more): Same pattern found in 7 additional files. Review if needed.MINED043
Http Not Https
CWE-319
internal/tools/downloadFile.go:30
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED050
Stub Only Function
CWE-1188
extensions/skills/code-reviewer/scripts/analyze_go.py:28
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
extensions/skills/code-reviewer/scripts/analyze_js_ts.py:48
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED060
Go Context No Cancel
CWE-401
[MINED060] Go Context No Cancel (and 20 more): Same pattern found in 20 additional files. Review if needed.MINED060
Go Context No Cancel
CWE-401
cmd/app/cmdDeamon.go:153
· conf 1.00
[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.MINED060
Go Context No Cancel
CWE-401
cmd/app/main.go:109
· conf 1.00
[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.MINED060
Go Context No Cancel
CWE-401
cmd/app/newTUI.go:81
· conf 1.00
[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.MINED064
Python Input Call
extensions/skills/readme-generate/scripts/setup_config.py:58
· conf 1.00
[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 5 more): Same pattern found in 5 additional files. Review if needed.SEC132
String concat where the language has interpolation (AI style drift)
[SEC132] String concat where the language has interpolation (AI style drift) (and 1 more): Same pattern found in 1 additional files. Review if needed.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/1ff33bf4-f2fc-4a9a-bdbf-25c857b0ef2b/.