← Legacy view v2 (rp.*)

significant-gravitas/autogpt

https://github.com/Significant-Gravitas/AutoGPT.git · lang: typescript · LOC: · source: both

Quality
79.5
Grade B+
Security
100.0
Findings
146
14 critical · 15 high
Status
completed
May 17, 2026 20:06
low: 62 medium: 55 high: 15 critical: 14
Top rules by occurrence
RuleSeverityCount
AIC003 Duplicated implementation block across source files low 30
JRN003 Frontend API reference is not matched by discovered backend… medium 15
DKC007 Compose service contains a literal secret environment value medium 11
AUC009 [AUC009] Sensitive function route lacks elevated authorizat… medium 10
DKC006 Compose service does not declare a runtime user low 8
DKC010 Compose service lacks no-new-privileges hardening low 7
DKR011 Dockerfile installs recommended OS packages low 7
DKC015 Database service has no healthcheck low 5
DKR001 Docker final stage has no non-root USER medium 4
DKC013 Database service has no persistent data volume medium 4
First 146 findings (severity-sorted)
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:31 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:91 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:174 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:198 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:245 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:316 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:357 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:408 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
autogpt_platform/db/docker/docker-compose.yml:494 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
classic/original_autogpt/docker-compose.yml:22 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC007 Compose service contains a literal secret environment value
classic/original_autogpt/docker-compose.yml:40 · conf 0.96 
Compose service contains a literal secret environment value
critical DKC008 Compose service mounts the Docker socket
autogpt_platform/db/docker/docker-compose.yml:464 · conf 0.98 
Compose service mounts the Docker socket
critical SEC019 Raw Authorization Token in Example
autogpt_platform/db/docker/docker-compose.yml:218 · conf 1.00 
[SEC019] Raw Authorization Token in Example: A real-looking API token appears in an Authorization-style header or service-key example. Use placeholders in docs and CI snippets; never paste live token…
critical SEC022 Database URL With Embedded Credential
autogpt_platform/backend/scripts/run_tests.py:98 · conf 0.45 
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…
high AGT002 LLM memory extraction can be prompt-injected into storing fake facts
autogpt_platform/backend/backend/copilot/graphiti/ingest.py:136 · conf 0.82 
LLM memory extraction can be prompt-injected into storing fake facts
high DKC011 Database service publishes a host port
classic/original_autogpt/docker-compose.yml:40 · conf 0.84 
Database service publishes a host port
high DKC013 Database service has no persistent data volume
autogpt_platform/db/docker/docker-compose.yml:174 · conf 0.90 
Database service has no persistent data volume
high DKC013 Database service has no persistent data volume
autogpt_platform/db/docker/docker-compose.yml:316 · conf 0.90 
Database service has no persistent data volume
high SEC004 SQL Injection Risk
autogpt_platform/backend/backend/api/features/admin/diagnostics_admin_routes.py:785 · conf 0.85 
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.
high SEC004 SQL Injection Risk
autogpt_platform/backend/backend/copilot/tools/add_understanding.py:114 · conf 0.50 
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.
high SEC016 LLM Prompt Injection — User Input in AI Prompt
autogpt_platform/backend/backend/blocks/llm.py:1205 · conf 0.90 
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…
high SEC016 LLM Prompt Injection — User Input in AI Prompt
autogpt_platform/backend/backend/data/graph.py:1806 · conf 0.90 
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…
high SEC016 LLM Prompt Injection — User Input in AI Prompt
autogpt_platform/backend/backend/executor/simulator.py:304 · conf 0.90 
[SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL i…
high SEC018 AI-Agent Secret Retrieval Command
autogpt_platform/backend/scripts/refresh_claude_token.sh:45 · conf 1.00 
[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but the…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
autogpt_platform/backend/backend/api/features/integrations/router.py:121 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
autogpt_platform/backend/backend/api/features/mcp/routes.py:92 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
autogpt_platform/backend/backend/api/features/oauth.py:194 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC030 Open Redirect — user-controlled redirect target
autogpt_platform/frontend/src/app/(platform)/auth/confirm/route.ts:27 · conf 1.00 
[SEC030] Open Redirect — user-controlled redirect target: Redirect target is taken directly from user input without validating that the destination is local to the site. Attackers craft phishing URLs…
high SEC033 Prototype Pollution — unfiltered merge of user object
autogpt_platform/frontend/src/app/(platform)/copilot/components/SetupRequirementsCard/helpers.ts:240 · conf 1.00 
[SEC033] Prototype Pollution — unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject propert…
medium AGT012 Agent control bridge may listen on a network interface without visible auth
autogpt_platform/backend/backend/cli.py:222 · conf 0.72 
Agent control bridge may listen on a network interface without visible auth
medium AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
· conf 0.92 
[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/api/auth/provider/route.ts:6 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/api/auth/user/route.ts:4 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/api/auth/user/route.ts:15 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/api/chat/sessions/[sessionId]/stream/route.ts:22 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/api/chat/sessions/[sessionId]/stream/route.ts:103 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/api/transcribe/route.ts:12 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/api/workspace/files/upload/route.ts:5 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/(platform)/auth/callback/route.ts:8 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/(platform)/auth/confirm/route.ts:8 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /items/{item_id}.
autogpt_platform/frontend/src/app/(platform)/auth/integrations/mcp_callback/route.ts:22 · conf 0.68 
[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without el…
medium DKC013 Database service has no persistent data volume
autogpt_platform/docker-compose.yml:63 · conf 0.74 
Database service has no persistent data volume
medium DKC013 Database service has no persistent data volume
autogpt_platform/docker-compose.yml:158 · conf 0.74 
Database service has no persistent data volume
medium DKC015 Database service has no healthcheck
autogpt_platform/db/docker/docker-compose.yml:174 · conf 0.88 
Database service has no healthcheck
medium DKC015 Database service has no healthcheck
autogpt_platform/db/docker/docker-compose.yml:316 · conf 0.88 
Database service has no healthcheck
medium DKR001 Docker final stage has no non-root USER
autogpt_platform/backend/Dockerfile:90 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
classic/Dockerfile.autogpt:55 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
classic/forge/Dockerfile:30 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
classic/original_autogpt/.devcontainer/Dockerfile:2 · conf 0.82 
Docker final stage has no non-root USER
medium DKR002 Dockerfile base image has no explicit tag
autogpt_platform/docker-compose.yml:191 · conf 0.90 
Compose service `deps` image has no explicit tag
medium DKR002 Dockerfile base image has no explicit tag
autogpt_platform/docker-compose.yml:211 · conf 0.90 
Compose service `deps_backend` image has no explicit tag
medium DKR002 Dockerfile base image has no explicit tag
classic/original_autogpt/docker-compose.yml:40 · conf 0.90 
Compose service `minio` image has no explicit tag
medium DKR003 Dockerfile base image uses the latest tag
autogpt_platform/docker-compose.yml:111 · conf 0.94 
Compose service `clamav` image uses the latest tag
medium DKR014 Dockerfile copies the entire context without .dockerignore
classic/forge/Dockerfile:33 · conf 0.76 
Dockerfile copies broad context with incomplete .dockerignore
medium ERR001 [ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
autogpt_platform/backend/backend/api/conn_manager.py:105 · conf 1.00 
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
medium ERR001 [ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
autogpt_platform/backend/backend/blocks/branching.py:207 · conf 1.00 
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
medium ERR001 [ERR001] Silent Exception Swallowing (and 2 more): Same pattern found in 2 additional files. Review if needed.
autogpt_platform/backend/backend/blocks/github/ci.py:319 · conf 1.00 
[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
medium ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
autogpt_platform/frontend/public/gtag.js:38 · conf 1.00 
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
medium ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
autogpt_platform/frontend/src/app/(platform)/admin/platform-costs/components/LogsTable.tsx:134 · conf 1.00 
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
medium ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
autogpt_platform/frontend/src/app/(platform)/auth/integrations/oauth_callback/route.ts:58 · conf 1.00 
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/public/push-sw.js:229 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/public/push-sw.js:258 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/api/chat/sessions/[sessionId]/stream/route.ts:43 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/api/chat/sessions/[sessionId]/stream/route.ts:114 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatInput/useVoiceRecording.ts:87 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/copilot/components/ChatMessagesContainer/helpers.ts:367 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/copilot/helpers/convertChatSessionToUiMessages.ts:106 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/copilot/store.ts:29 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/copilot/useSendMessage.ts:90 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/copilot/useWorkflowImportAutoSubmit.ts:41 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/library/agents/[id]/components/NewAgentLibraryView/components/selected-views/SelectedScheduleView/components/EditScheduleModal/useEditScheduleModal.ts:74 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/library/components/LibraryAgentCard/helpers.ts:23 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/library/components/LibraryAgentCard/helpers.ts:53 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/library/components/LibraryAgentCard/useLibraryAgentCard.ts:35 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium JRN003 Frontend API reference is not matched by discovered backend routes
autogpt_platform/frontend/src/app/(platform)/library/components/LibraryAgentList/useLibraryAgentList.ts:90 · conf 0.74 
Frontend API reference is not matched by discovered backend routes
medium SEC007 Unsafe Deserialization
autogpt_platform/backend/backend/util/cache.py:252 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC012 ZipSlip — Archive Path Traversal
classic/forge/forge/components/archive_handler/archive_handler.py:264 · conf 1.00 
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
medium SEC017 Unbounded Input to LLM/External API
autogpt_platform/backend/backend/data/graph.py:1806 · conf 0.80 
[SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Co…
medium SEC031 Catastrophic Backtracking Regex (ReDoS)
autogpt_platform/frontend/public/gtag.js:397 · conf 1.00 
[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit expon…
medium SEC034 Log Injection / Log Forging — unsanitized user input in log
autogpt_platform/backend/backend/api/features/admin/credit_admin_routes.py:45 · conf 1.00 
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…
medium SEC034 Log Injection / Log Forging — unsanitized user input in log
autogpt_platform/backend/backend/api/features/admin/diagnostics_admin_routes.py:399 · conf 1.00 
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…
medium SEC034 Log Injection / Log Forging — unsanitized user input in log
autogpt_platform/backend/backend/api/features/admin/execution_analytics_routes.py:225 · conf 1.00 
[SEC034] Log Injection / Log Forging — unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\n` to forge fake log entries, hide tra…
medium WEB003 Public web service has no security.txt
.well-known/security.txt · conf 0.78 
Public web service has no security.txt
medium WEB015 Public web app has no Content Security Policy
index.html · conf 0.70 
Public web app has no Content Security Policy
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/agent_mail/pods.py:7 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/agent_mail/pods.py:424 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/agent_mail/threads.py:6 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/agent_mail/threads.py:248 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ai_image_generator_block.py:311 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/airtable/bases.py:3 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ai_shortform_video_block.py:7 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/apollo/people.py:2 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/apollo/person.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_facebook.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_gmb.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_instagram.py:2 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_linkedin.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_pinterest.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_reddit.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_snapchat.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_telegram.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_telegram.py:76 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_threads.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_tiktok.py:2 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_x.py:1 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_youtube.py:2 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/ayrshare/post_to_youtube.py:3 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/code_executor.py:7 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/codex.py:6 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/dataforseo/related_keywords.py:3 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/exa/research.py:10 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/exa/search.py:5 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/exa/similar.py:2 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
autogpt_platform/backend/backend/blocks/exa/similar.py:4 · conf 0.86 
Duplicated implementation block across source files
low AIC009 Multiple AI-agent scaffold marker files are present
.github/copilot-instructions.md:1 · conf 0.68 
Multiple AI-agent scaffold marker files are present
low DKC006 Compose service does not declare a runtime user
autogpt_platform/db/docker/docker-compose.yml:64 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
autogpt_platform/db/docker/docker-compose.yml:357 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
autogpt_platform/db/docker/docker-compose.yml:494 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
autogpt_platform/docker-compose.yml:111 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
autogpt_platform/docker-compose.yml:158 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
classic/original_autogpt/.devcontainer/docker-compose.yml:5 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
classic/original_autogpt/docker-compose.yml:7 · conf 0.56 
Compose service does not declare a runtime user
low DKC006 Compose service does not declare a runtime user
classic/original_autogpt/docker-compose.yml:22 · conf 0.56 
Compose service does not declare a runtime user
low DKC010 Compose service lacks no-new-privileges hardening
autogpt_platform/db/docker/docker-compose.yml:64 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
autogpt_platform/db/docker/docker-compose.yml:357 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
autogpt_platform/db/docker/docker-compose.yml:494 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
autogpt_platform/docker-compose.yml:111 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
classic/original_autogpt/.devcontainer/docker-compose.yml:5 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
classic/original_autogpt/docker-compose.yml:7 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC010 Compose service lacks no-new-privileges hardening
classic/original_autogpt/docker-compose.yml:22 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKC015 Database service has no healthcheck
autogpt_platform/docker-compose.yml:63 · conf 0.72 
Database service has no healthcheck
low DKC015 Database service has no healthcheck
autogpt_platform/docker-compose.yml:158 · conf 0.72 
Database service has no healthcheck
low DKC015 Database service has no healthcheck
classic/original_autogpt/docker-compose.yml:40 · conf 0.72 
Database service has no healthcheck
low DKC016 App service does not wait for database health
classic/original_autogpt/docker-compose.yml:22 · conf 0.68 
App service does not wait for database health
low DKR008 .dockerignore misses sensitive defaults
.dockerignore · conf 0.72 
.dockerignore misses sensitive defaults
low DKR010 Dockerfile leaves apt package indexes in the image layer
autogpt_platform/backend/Dockerfile:15 · conf 0.74 
Dockerfile leaves apt package indexes in the image layer
low DKR010 Dockerfile leaves apt package indexes in the image layer
classic/original_autogpt/.devcontainer/Dockerfile:5 · conf 0.74 
Dockerfile leaves apt package indexes in the image layer
low DKR011 Dockerfile installs recommended OS packages
autogpt_platform/backend/Dockerfile:15 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
autogpt_platform/backend/Dockerfile:22 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
classic/Dockerfile.autogpt:8 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
classic/Dockerfile.autogpt:13 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
classic/forge/Dockerfile:8 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
classic/original_autogpt/.devcontainer/Dockerfile:5 · conf 0.72 
Dockerfile installs recommended OS packages
low DKR011 Dockerfile installs recommended OS packages
classic/original_autogpt/.devcontainer/Dockerfile:10 · conf 0.72 
Dockerfile installs recommended OS packages
low WEB008 Public docs site has no llms.txt
llms.txt · conf 0.64 
Public docs site has no llms.txt
low WEB011 Public web app has no humans.txt
humans.txt · conf 0.50 
Public web app has no humans.txt

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/550145b0-bad0-483c-ba98-256a38bf90e5/.