← Legacy view v2 (rp.*)

stablyai/orca

https://github.com/stablyai/orca.git · lang: typescript · source: corpus_mined

Quality
77.4
Grade B+
Security
79.8
Findings
9
0 critical · 1 high
Status
completed
May 16, 2026 01:58
info: 5 medium: 3 high: 1
Top rules by occurrence
RuleSeverityCount
SEC015 Insecure Randomness for Security medium 4
SEC005 Command Injection Risk high 2
SEC020 Secret Printed to Logs high 2
SEC006 XSS Risk high 1
First 9 findings (severity-sorted)
high SEC020 Secret Printed to Logs
mobile/scripts/mock-server.ts:319 · conf 0.92 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
medium SEC005 Command Injection Risk
mobile/src/terminal/TerminalWebView.tsx:427 · conf 0.50 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
medium SEC005 Command Injection Risk
src/main/persistence.ts:455 · conf 0.50 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
medium SEC015 Insecure Randomness for Security
src/renderer/src/runtime/runtime-file-client.ts:474 · conf 1.00 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC006 XSS Risk
src/renderer/src/components/editor/MermaidBlock.tsx:60 · conf 0.10 
[SEC006] XSS Risk: Direct HTML injection without sanitization.
info SEC015 Insecure Randomness for Security
· conf 0.20 
[SEC015] Insecure Randomness for Security (and 1 more): Same pattern found in 1 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
mobile/src/hooks/use-mobile-dictation.ts:40 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
src/main/persistence.ts:1477 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC020 Secret Printed to Logs
src/shared/browser-annotation-viewport-bridge.ts:135 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/88a6d1fc-0db6-4008-b0ba-7049edc67514/.