← Legacy view v2 (rp.*)

cloakhq/cloakbrowser

https://github.com/CloakHQ/CloakBrowser · lang: python · LOC: · source: user_submitted

Quality
83.0
Grade A-
Security
88.3
Findings
5
0 critical · 0 high
Status
completed
May 15, 2026 21:23
info: 4 medium: 1
Top rules by occurrence
RuleSeverityCount
SEC015 Insecure Randomness for Security medium 4
SEC012 ZipSlip — Archive Path Traversal medium 1
First 5 findings (severity-sorted)
medium SEC012 ZipSlip — Archive Path Traversal
cloakbrowser/download.py:330 · conf 1.00 
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
info SEC015 Insecure Randomness for Security
· conf 0.20 
[SEC015] Insecure Randomness for Security (and 12 more): Same pattern found in 12 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
cloakbrowser/config.py:46 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
cloakbrowser/human/keyboard.py:87 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
cloakbrowser/human/mouse_async.py:48 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/cfdf1e0b-d1d5-4db9-a83e-a85ff5af3caf/.