https://github.com/luongnv89/claude-howto.git ·
lang: python ·
LOC: ·
source: both
| Rule | Severity | Count |
|---|---|---|
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 25 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
AIC003 Duplicated implementation block across source files |
low | 21 |
MINED106 Phantom test coverage (assertion-free test) |
high | 9 |
MINED111 Bare except continues silently |
medium | 5 |
MINED050 Stub Only Function |
info | 4 |
MINED049 Print Pii |
info | 4 |
MINED001 Bare Except Pass |
high | 4 |
AGT013 Agent auto-approve or skip-permissions mode is easy to enab… |
medium | 4 |
SEC020 Secret Printed to Logs |
high | 4 |
MINED001
Bare Except Pass
CWE-755
06-hooks/context-tracker.py:95
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
06-hooks/context-tracker-tiktoken.py:117
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED001
Bare Except Pass
CWE-755
uk/06-hooks/context-tracker-tiktoken.py:117
· conf 1.00
[MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.MINED104
Chmod 777
CWE-732CWE-276
06-hooks/pre-tool-check.sh:103
· conf 1.00
[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks.MINED104
Chmod 777
CWE-732CWE-276
ja/06-hooks/pre-tool-check.sh:101
· conf 1.00
[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks.MINED104
Chmod 777
CWE-732CWE-276
uk/06-hooks/pre-tool-check.sh:75
· conf 1.00
[MINED104] Chmod 777: chmod 777 makes a file or directory world-readable, world-writable, AND world-executable. Local privilege escalation surface; audit-failing for most compliance frameworks.MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:119
· conf 1.00
[MINED106] Phantom test coverage: test_valid_inputs: Test function `test_valid_inputs` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage …MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:124
· conf 1.00
[MINED106] Phantom test coverage: test_missing_root_path: Test function `test_missing_root_path` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:133
· conf 1.00
[MINED106] Phantom test coverage: test_root_path_is_file: Test function `test_root_path_is_file` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:144
· conf 1.00
[MINED106] Phantom test coverage: test_no_markdown_files: Test function `test_no_markdown_files` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:155
· conf 1.00
[MINED106] Phantom test coverage: test_missing_output_directory: Test function `test_missing_output_directory` runs code but contains no assert / expect / should call — it passes regardless of behavi…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:416
· conf 1.00
[MINED106] Phantom test coverage: test_render_all_mmdc_not_found: Test function `test_render_all_mmdc_not_found` runs code but contains no assert / expect / should call — it passes regardless of beha…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:428
· conf 1.00
[MINED106] Phantom test coverage: test_render_all_mmdc_failure: Test function `test_render_all_mmdc_failure` runs code but contains no assert / expect / should call — it passes regardless of behaviou…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_epub.py:464
· conf 1.00
[MINED106] Phantom test coverage: test_render_all_timeout: Test function `test_render_all_timeout` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds li…MINED106
Phantom test coverage (assertion-free test)
CWE-1126
scripts/tests/test_build_website.py:515
· conf 1.00
[MINED106] Phantom test coverage: test_download_rejects_non_http_scheme: Test function `test_download_rejects_non_http_scheme` runs code but contains no assert / expect / should call — it passes rega…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/build_epub.py:338
· conf 1.00
[MINED108] `self._resolve_mmdc` used but never assigned in __init__: Method `render_all` of class `MermaidRenderer` reads `self._resolve_mmdc`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/build_epub.py:345
· conf 1.00
[MINED108] `self._render_one` used but never assigned in __init__: Method `render_all` of class `MermaidRenderer` reads `self._render_one`, but no assignment to it exists in __init__ (and no class-le…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/build_epub.py:468
· conf 1.00
[MINED108] `self._collect_folder` used but never assigned in __init__: Method `collect_all_chapters` of class `ChapterCollector` reads `self._collect_folder`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_epub.py:399
· conf 1.00
[MINED108] `self._make_renderer` used but never assigned in __init__: Method `test_render_all_success` of class `TestMermaidRenderer` reads `self._make_renderer`, but no assignment to it exists in __…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_epub.py:420
· conf 1.00
[MINED108] `self._make_renderer` used but never assigned in __init__: Method `test_render_all_mmdc_not_found` of class `TestMermaidRenderer` reads `self._make_renderer`, but no assignment to it exist…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_epub.py:432
· conf 1.00
[MINED108] `self._make_renderer` used but never assigned in __init__: Method `test_render_all_mmdc_failure` of class `TestMermaidRenderer` reads `self._make_renderer`, but no assignment to it exists …MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_epub.py:447
· conf 1.00
[MINED108] `self._make_renderer` used but never assigned in __init__: Method `test_render_all_deduplication` of class `TestMermaidRenderer` reads `self._make_renderer`, but no assignment to it exists…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_epub.py:470
· conf 1.00
[MINED108] `self._make_renderer` used but never assigned in __init__: Method `test_render_all_timeout` of class `TestMermaidRenderer` reads `self._make_renderer`, but no assignment to it exists in __…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:313
· conf 1.00
[MINED108] `self._state` used but never assigned in __init__: Method `test_internal_markdown_link_rewritten` of class `TestRewriteLinks` reads `self._state`, but no assignment to it exists in __init_…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:313
· conf 1.00
[MINED108] `self._config` used but never assigned in __init__: Method `test_internal_markdown_link_rewritten` of class `TestRewriteLinks` reads `self._config`, but no assignment to it exists in __ini…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:332
· conf 1.00
[MINED108] `self._state` used but never assigned in __init__: Method `test_anchor_preserved` of class `TestRewriteLinks` reads `self._state`, but no assignment to it exists in __init__ (and no class-…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:332
· conf 1.00
[MINED108] `self._config` used but never assigned in __init__: Method `test_anchor_preserved` of class `TestRewriteLinks` reads `self._config`, but no assignment to it exists in __init__ (and no clas…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:352
· conf 1.00
[MINED108] `self._state` used but never assigned in __init__: Method `test_non_markdown_link_uses_github_blob` of class `TestRewriteLinks` reads `self._state`, but no assignment to it exists in __ini…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:352
· conf 1.00
[MINED108] `self._config` used but never assigned in __init__: Method `test_non_markdown_link_uses_github_blob` of class `TestRewriteLinks` reads `self._config`, but no assignment to it exists in __i…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:372
· conf 1.00
[MINED108] `self._state` used but never assigned in __init__: Method `test_repo_directory_link_uses_github_tree` of class `TestRewriteLinks` reads `self._state`, but no assignment to it exists in __i…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:372
· conf 1.00
[MINED108] `self._config` used but never assigned in __init__: Method `test_repo_directory_link_uses_github_tree` of class `TestRewriteLinks` reads `self._config`, but no assignment to it exists in _…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:391
· conf 1.00
[MINED108] `self._state` used but never assigned in __init__: Method `test_repo_root_link_uses_github_tree` of class `TestRewriteLinks` reads `self._state`, but no assignment to it exists in __init__…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:391
· conf 1.00
[MINED108] `self._config` used but never assigned in __init__: Method `test_repo_root_link_uses_github_tree` of class `TestRewriteLinks` reads `self._config`, but no assignment to it exists in __init…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:410
· conf 1.00
[MINED108] `self._config` used but never assigned in __init__: Method `test_external_link_left_alone` of class `TestRewriteLinks` reads `self._config`, but no assignment to it exists in __init__ (and…MINED108
self.attribute used but never assigned in __init__
CWE-476
scripts/tests/test_build_website.py:410
· conf 1.00
[MINED108] `self._state` used but never assigned in __init__: Method `test_external_link_left_alone` of class `TestRewriteLinks` reads `self._state`, but no assignment to it exists in __init__ (and n…MINED108
self.attribute used but never assigned in __init__
CWE-476
uk/03-skills/code-review-specialist/scripts/compare-complexity.py:73
· conf 1.00
[MINED108] `self.calculate_cyclomatic_complexity` used but never assigned in __init__: Method `calculate_maintainability_index` of class `ComplexityAnalyzer` reads `self.calculate_cyclomatic_complexi…MINED108
self.attribute used but never assigned in __init__
CWE-476
uk/03-skills/code-review-specialist/scripts/compare-complexity.py:74
· conf 1.00
[MINED108] `self.calculate_cognitive_complexity` used but never assigned in __init__: Method `calculate_maintainability_index` of class `ComplexityAnalyzer` reads `self.calculate_cognitive_complexity…MINED108
self.attribute used but never assigned in __init__
CWE-476
uk/03-skills/code-review-specialist/scripts/compare-complexity.py:89
· conf 1.00
[MINED108] `self.calculate_cyclomatic_complexity` used but never assigned in __init__: Method `get_complexity_report` of class `ComplexityAnalyzer` reads `self.calculate_cyclomatic_complexity`, but n…MINED108
self.attribute used but never assigned in __init__
CWE-476
uk/03-skills/doc-generator/generate-docs.py:19
· conf 1.00
[MINED108] `self._extract_return_type` used but never assigned in __init__: Method `visit_FunctionDef` of class `APIDocExtractor` reads `self._extract_return_type`, but no assignment to it exists in …MINED108
self.attribute used but never assigned in __init__
CWE-476
uk/03-skills/doc-generator/generate-docs.py:22
· conf 1.00
[MINED108] `self.generic_visit` used but never assigned in __init__: Method `visit_FunctionDef` of class `APIDocExtractor` reads `self.generic_visit`, but no assignment to it exists in __init__ (and …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:33
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:36
· conf 0.90
[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:51
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:54
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:68
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:71
· conf 0.90
[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:79
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:93
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/docs-check.yml:96
· conf 0.90
[MINED115] Action `actions/setup-python` pinned to mutable ref `@v4`: `uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/release.yml:20
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:35
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:38
· conf 0.90
[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v4`: `uses: astral-sh/setup-uv@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:53
· conf 0.90
[MINED115] Action `codecov/codecov-action` pinned to mutable ref `@v3`: `uses: codecov/codecov-action@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that m…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:63
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:76
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:79
· conf 0.90
[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v4`: `uses: astral-sh/setup-uv@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:100
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:103
· conf 0.90
[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v4`: `uses: astral-sh/setup-uv@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:117
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:129
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:132
· conf 0.90
[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v4`: `uses: astral-sh/setup-uv@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:153
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:156
· conf 0.90
[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v4`: `uses: astral-sh/setup-uv@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:185
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/test.yml:200
· conf 0.90
[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; …MINED131
pre-commit hook pinned to branch/tag instead of SHA
CWE-829
.pre-commit-config.yaml:10
· conf 0.90
[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.8.2`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: …MINED131
pre-commit hook pinned to branch/tag instead of SHA
CWE-829
.pre-commit-config.yaml:24
· conf 0.90
[MINED131] pre-commit hook `https://github.com/PyCQA/bandit` pinned to mutable rev `1.7.10`: `.pre-commit-config.yaml` references `https://github.com/PyCQA/bandit` at `rev: 1.7.10`. If `{rev}` is a b…MINED131
pre-commit hook pinned to branch/tag instead of SHA
CWE-829
.pre-commit-config.yaml:36
· conf 0.90
[MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v5.0.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `r…MINED131
pre-commit hook pinned to branch/tag instead of SHA
CWE-829
.pre-commit-config.yaml:55
· conf 0.90
[MINED131] pre-commit hook `https://github.com/pre-commit/mirrors-mypy` pinned to mutable rev `v1.13.0`: `.pre-commit-config.yaml` references `https://github.com/pre-commit/mirrors-mypy` at `rev: v1.…SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
scripts/check_links.py:73
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…AGT012
Agent control bridge may listen on a network interface without visible auth
scripts/vendor_assets.py:1
· conf 0.72
Agent control bridge may listen on a network interface without visible authAGT013
Agent auto-approve or skip-permissions mode is easy to enable
ja/INDEX.md:404
· conf 0.68
Agent auto-approve or skip-permissions mode is easy to enableAGT013
Agent auto-approve or skip-permissions mode is easy to enable
ja/QUICK_REFERENCE.md:104
· conf 0.68
Agent auto-approve or skip-permissions mode is easy to enableAGT013
Agent auto-approve or skip-permissions mode is easy to enable
zh/INDEX.md:396
· conf 0.68
Agent auto-approve or skip-permissions mode is easy to enableAGT013
Agent auto-approve or skip-permissions mode is easy to enable
zh/QUICK_REFERENCE.md:100
· conf 0.68
Agent auto-approve or skip-permissions mode is easy to enableAGT015
Remote install command pipes network code directly to a shell
ja/09-advanced-features/README.md:461
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
uk/09-advanced-features/README.md:399
· conf 0.70
Remote install command pipes network code directly to a shellAGT015
Remote install command pipes network code directly to a shell
vi/09-advanced-features/README.md:393
· conf 0.70
Remote install command pipes network code directly to a shellCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
06-hooks/context-tracker.py:40
· conf 0.95
[COMP001] High cognitive complexity: Function `read_transcript` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nes…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
06-hooks/context-tracker-tiktoken.py:62
· conf 0.95
[COMP001] High cognitive complexity: Function `read_transcript` has cognitive complexity 22 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nes…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
scripts/check_cross_references.py:62
· conf 0.95
[COMP001] High cognitive complexity: Function `main` has cognitive complexity 19 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branche…MINED111
Bare except continues silently
03-skills/refactor/scripts/analyze-complexity.py:479
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
03-skills/refactor/scripts/detect-smells.py:646
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
scripts/check_links.py:80
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
uk/03-skills/refactor/scripts/analyze-complexity.py:479
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.MINED111
Bare except continues silently
uk/03-skills/refactor/scripts/detect-smells.py:646
· conf 1.00
[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.SEC031
Catastrophic Backtracking Regex (ReDoS)
scripts/check_markdown_rendering.py:46
· conf 1.00
[SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit expon…AIC003
Duplicated implementation block across source files
06-hooks/context-tracker.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
scripts/build_website.py:83
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/03-skills/code-review-specialist/scripts/analyze-metrics.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/03-skills/code-review-specialist/scripts/compare-complexity.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/03-skills/doc-generator/generate-docs.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/03-skills/refactor/scripts/analyze-complexity.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/03-skills/refactor/scripts/detect-smells.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/06-hooks/context-tracker.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/06-hooks/context-tracker.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/06-hooks/context-tracker-tiktoken.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/07-plugins/devops-automation/hooks/post-deploy.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/07-plugins/devops-automation/hooks/pre-deploy.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/07-plugins/pr-review/hooks/pre-review.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
uk/09-advanced-features/setup-auto-mode-permissions.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vi/06-hooks/context-tracker.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vi/06-hooks/context-tracker.py:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vi/06-hooks/context-tracker-tiktoken.py:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vi/07-plugins/devops-automation/hooks/post-deploy.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vi/07-plugins/devops-automation/hooks/pre-deploy.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vi/07-plugins/pr-review/hooks/pre-review.js:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
vi/09-advanced-features/setup-auto-mode-permissions.py:1
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
[COMP001] High cognitive complexity (and 10 more): Same pattern found in 10 additional files. Review if needed.MINED001
Bare Except Pass
CWE-755
[MINED001] Bare Except Pass (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED043
Http Not Https
CWE-319
[MINED043] Http Not Https (and 6 more): Same pattern found in 6 additional files. Review if needed.MINED043
Http Not Https
CWE-319
07-plugins/devops-automation/scripts/deploy.sh:26
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
07-plugins/devops-automation/scripts/health-check.sh:10
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED043
Http Not Https
CWE-319
07-plugins/devops-automation/scripts/rollback.sh:23
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED044
Js Console Log Prod
CWE-532
[MINED044] Js Console Log Prod (and 6 more): Same pattern found in 6 additional files. Review if needed.MINED044
Js Console Log Prod
CWE-532
07-plugins/devops-automation/hooks/post-deploy.js:9
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
07-plugins/devops-automation/hooks/pre-deploy.js:9
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
07-plugins/pr-review/hooks/pre-review.js:9
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED049
Print Pii
CWE-532
[MINED049] Print Pii (and 3 more): Same pattern found in 3 additional files. Review if needed.MINED049
Print Pii
CWE-532
06-hooks/context-tracker.py:110
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED049
Print Pii
CWE-532
06-hooks/context-tracker-tiktoken.py:29
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED049
Print Pii
CWE-532
uk/06-hooks/context-tracker-tiktoken.py:29
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED050
Stub Only Function
CWE-1188
[MINED050] Stub Only Function (and 4 more): Same pattern found in 4 additional files. Review if needed.MINED050
Stub Only Function
CWE-1188
06-hooks/context-tracker.py:96
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
06-hooks/context-tracker-tiktoken.py:118
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.MINED050
Stub Only Function
CWE-1188
scripts/sync_translations.py:163
· conf 1.00
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.SEC020
Secret Printed to Logs
[SEC020] Secret Printed to Logs (and 3 more): Same pattern found in 3 additional files. Review if needed.SEC020
Secret Printed to Logs
06-hooks/context-tracker.py:110
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
06-hooks/context-tracker-tiktoken.py:133
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…SEC020
Secret Printed to Logs
uk/06-hooks/context-tracker-tiktoken.py:133
· conf 0.15
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/8b67872a-a5da-4289-a507-147fcb4d2911/.