https://github.com/HKUDS/CLI-Anything.git ·
lang: python ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
AGT015 Remote install command pipes network code directly to a she… |
medium | 6 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 3 |
ERR001 [ERR001] Silent Exception Swallowing (and 2 more): Same pat… |
info | 3 |
SEC013 Path Traversal — User Input in File Path |
high | 3 |
SEC020 Secret Printed to Logs |
high | 2 |
SEC012 ZipSlip — Archive Path Traversal |
medium | 1 |
SEC014 SSL Verification Disabled |
medium | 1 |
SEC007 Unsafe Deserialization |
medium | 1 |
SEC013
Path Traversal — User Input in File Path
anygen/agent-harness/cli_anything/anygen/anygen_cli.py:284
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
cloudcompare/agent-harness/cli_anything/cloudcompare/utils/cc_backend.py:928
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC013
Path Traversal — User Input in File Path
mubu/agent-harness/mubu_probe.py:162
· conf 0.80
[SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.SEC020
Secret Printed to Logs
sketch/agent-harness/src/builder.js:73
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
sketch/agent-harness/src/cli.js:51
· conf 0.85
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
adguardhome/agent-harness/cli_anything/adguardhome/adguardhome_cli.py:307
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
adguardhome/agent-harness/cli_anything/adguardhome/core/filtering.py:29
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
.github/scripts/update_registry_dates.py:33
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…AGT015
Remote install command pipes network code directly to a shell
adguardhome/agent-harness/cli_anything/adguardhome/README.md:11
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
adguardhome/agent-harness/cli_anything/adguardhome/skills/SKILL.md:23
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
adguardhome/agent-harness/cli_anything/adguardhome/utils/adguardhome_backend.py:40
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
cli-hub/cli_hub/installer.py:41
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
iterm2/agent-harness/cli_anything/iterm2_ctl/core/prompt.py:5
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
iterm2/agent-harness/cli_anything/iterm2_ctl/skills/references/session-shell-integration.md:3
· conf 0.70
Remote install command pipes network code directly to a shellERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
browser/agent-harness/cli_anything/browser/utils/domshell_backend.py:212
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
cli-hub/cli_hub/analytics.py:348
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.ERR001
[ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
gimp/agent-harness/cli_anything/gimp/core/export.py:76
· conf 1.00
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.SEC007
Unsafe Deserialization
unimol_tools/agent-harness/cli_anything/unimol_tools/utils/unimol_backend.py:113
· conf 1.00
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.SEC012
ZipSlip — Archive Path Traversal
unimol_tools/agent-harness/cli_anything/unimol_tools/core/cleanup.py:194
· conf 1.00
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.SEC014
SSL Verification Disabled
obsidian/agent-harness/cli_anything/obsidian/utils/obsidian_backend.py:5
· conf 1.00
[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.AIC003
Duplicated implementation block across source files
adguardhome/agent-harness/cli_anything/adguardhome/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
anygen/agent-harness/cli_anything/anygen/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
anygen/agent-harness/cli_anything/anygen/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
audacity/agent-harness/cli_anything/audacity/audacity_cli.py:35
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
audacity/agent-harness/cli_anything/audacity/core/session.py:9
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
audacity/agent-harness/cli_anything/audacity/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
audacity/agent-harness/cli_anything/audacity/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
blender/agent-harness/cli_anything/blender/core/session.py:7
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
blender/agent-harness/cli_anything/blender/core/session.py:31
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
blender/agent-harness/cli_anything/blender/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
blender/agent-harness/cli_anything/blender/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
browser/agent-harness/cli_anything/browser/browser_cli.py:24
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
browser/agent-harness/cli_anything/browser/browser_cli.py:28
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
browser/agent-harness/cli_anything/browser/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
browser/agent-harness/cli_anything/browser/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
chromadb/agent-harness/cli_anything/chromadb/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
chromadb/agent-harness/cli_anything/chromadb/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
cli-anything-plugin/preview_bundle.py:6
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
cli-anything-plugin/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
cli-anything-plugin/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
cloudanalyzer/agent-harness/cli_anything/cloudanalyzer/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
cloudanalyzer/agent-harness/cli_anything/cloudanalyzer/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
cloudcompare/agent-harness/cli_anything/cloudcompare/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
cloudcompare/agent-harness/cli_anything/cloudcompare/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
comfyui/agent-harness/cli_anything/comfyui/comfyui_cli.py:27
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dify-workflow/agent-harness/cli_anything/dify_workflow/utils/repl_skin.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dify-workflow/agent-harness/cli_anything/dify_workflow/utils/repl_skin.py:20
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dify-workflow/agent-harness/setup.py:22
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
dify-workflow/agent-harness/setup.py:28
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
drawio/agent-harness/cli_anything/drawio/core/session.py:15
· conf 0.86
Duplicated implementation block across source filesReading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/30025c18-b95f-40cd-b8d3-a89cc0c712a8/.