Close Open Privacy Scan

bolt Snapshot: commit 643fb05
science engine v1.4
schedule 2026-07-14T00:44:03.606010+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

App Privacy Score

27 /100
High privacy risk — application leak confirmed

High risk · 302 finding(s)

Dependency score: 97 (Low risk)

bar_chart Score Breakdown

pii_flow −30
telemetry −25
egress −15
env_fs −3

list Scan Summary

1 high 4 medium 297 low
First-party packages: 5
Dependency packages: 2
Ecosystem: python

swap_horiz Confirmed data exfiltration in application code

External domains: 169.254.169.254169.254.170.2192.168.0.10::ffff:192.168.0.1a.coabc.comabc123.atlassian.netaka.msalice.contoso.comaomedia.orgapiapi-inference.huggingface.coapi.cloudflare.comapi.github.comapi.gradio.appapi.mswjs.ioapi.sql.cloudflarestorage.comassets.babylonjs.comaws.amazon.combabel.devbabeljs.iobec81a83-5b5c-471e.gradio.livebrotlipy.readthedocs.iocas.cocas.localcatalog-staging.cloudflarestorage.comcatalog.cloudflarestorage.comcdn-avatars.huggingface.cocdn-media.huggingface.cocdn-thumbnails.huggingface.cocdn.babylonjs.comcdn.bokeh.orgcdn.jsdelivr.netcdn.pixabay.comcdn.pydata.orgcdnjs.cloudflare.comchallenges.cloudflare.comcloud.google.comcommonmark.orgcompat.spec.whatwg.orgcontacts.contoso.comcustom.github.comdash.cloudflare.comdashboard.contoso.comdatasets-server.huggingface.codatatracker.ietf.orgdeveloper.mozilla.orgdevelopers.cloudflare.comdevtools.devprod.cloudflare.devdocker.iodocs.aws.amazon.comdocs.docker.comdocs.iodocs.python.orgdogs.are.greatdrafts.csswg.orgdummydummy.comen.wikipedia.orgeslint.orgeslint.styleevilmartians.comexample-image-search.orgfd00:ec2::254fetch.coffmpeg.orgfonts.googleapis.comfoo.comfoor.barframework-info.netlify.appgit-lfs.github.comgit.iogithub.comgoogle.comgradio-builds.s3.amazonaws.comgradio-docs-json.s3.us-west-2.amazonaws.comgradio-lite-previews.s3.amazonaws.comgradio-space-api-fetcher-v2.hf.spacegradio-static-files.s3.us-west-2.amazonaws.comgradio.appgradio.livegradio.s3-us-west-2.amazonaws.comhandlebarsjs.comhf.cohf.spacehosthttpbin.orghub-ci.huggingface.cohub.localhuggingface.coiconscout.comiframe-resizer.comimage_url.jpgimg.shields.iojestjs.iojigsaw.w3.orgjson-schema.orgkatex.orgkit.svelte.devkroki.iolezer.codemirror.netmermaid-js.github.iomermaid.js.orgmermaidjs.github.iomsdn.microsoft.commswjs.commswjs.iomy-malicious-site.examplemy.sitemydomain.commüller.denodejs.orgnot-the-base-url.comnotify.bugsnag.comnotify.insighthub.smartbear.comnpmjs.comoidcoidc-fipsoncall.contoso.comopencode.aiother.comowasp.orgowner-repo.hf.spaceowner-some-repo-name.hf.spacepillow.readthedocs.ioplaceholderplatform.dash.cloudflare.complayground-worker.pages.devplaywright.devportal.ssoportal.sso-fipsprettier.iopypi.orgraw.githubusercontent.comreact-native.canny.ioregistry.cloudflare.comregistry.npmjs.orgrepo.contoso.comrollupjs.orgrouter.huggingface.cos3s3-fipss3-fips.dualstacks3-fips.dualstack.us-east-1s3-fips.us-east-1s3-object-lambdas3-object-lambda-fipss3.amazonaws.coms3.dualstacks3.dualstack.us-east-1s3express-controls3express-control-fipssentry10.cfdata.orgsessions.bugsnag.comsessions.insighthub.smartbear.comsnippet.babylonjs.comstackoverflow.comstatic.cloudflareinsights.comstatus.gradio.appstssts-fipssts.amazonaws.comsvelte.devsveltejs.github.iosvgwg.orgswagger.contoso.comtailwindcss.comtest.mswjs.iotests.contoso.comthis-base-url-works.comtools.ietf.orgtransformer.huggingface.cotry.cloudflare.comtseslint.comtwitter.comtypescript-eslint.iounpkg.comupdate.argotunnel.comv4.svelte.devvega.github.iovolta.shw3c.github.iowebplatform.github.iowelcome.developers.workers.devwiki.contoso.comworkers.cloudflare.comwww.cloudflare.comwww.contoso.comwww.domain.comwww.ffmpeg.orgwww.geeksforgeeks.orgwww.github.comwww.gradio.appwww.huggingface.cowww.mozilla.orgwww.npmjs.comwww.rfc-editor.orgwww.typescriptlang.orgwww.w3.orgwww.w3ctech.comxxn--fiqs8s.icom.museumyargs.js.orgyarnpkg.com中国.icom.museum

high first-party (npm): gradio User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/gradio/blocks.py:2837 repo/gradio/blocks.py:3066

</> First-Party Code

first-party (npm): gradio

python first-party
high pii_flow production #dd7f93241dc8ca79 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/gradio/blocks.py:3066 · flow /tmp/closeopen-9qraakxv/repo/gradio/blocks.py:2837 → /tmp/closeopen-9qraakxv/repo/gradio/blocks.py:3066
            resp = httpx.get(
                f"{self.local_api_url}startup-events",
                verify=ssl_verify,
                timeout=None,
            )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #6ad60d5e79abfb7f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/gradio/ipython_ext.py:86
            reloader.track(demo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bd41a48e8f987951 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/gradio/route_utils.py:581
            self.track(upload_id)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #40ff636e1eae4475 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/gradio/route_utils.py:600
            self.track(upload_id)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #73ced874b1e4fdbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/gradio/route_utils.py:1375
        upload_progress.track(upload_id)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 197 low-confidence finding(s)
low env_fs production #55e4a410379c8f92 Environment-variable access.
repo/gradio/analytics.py:46
    return os.getenv("GRADIO_ANALYTICS_ENABLED", "True") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5c3cb21f1692687 Environment-variable access.
repo/gradio/blocks.py:1114
            os.environ["HF_HUB_DISABLE_TELEMETRY"] = "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3546c30208f7d287 Environment-variable access.
repo/gradio/blocks.py:1148
        self.dev_mode = bool(os.getenv("GRADIO_WATCH_DIRS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #524dbb8deef48c07 Environment-variable access.
repo/gradio/blocks.py:1149
        self.vibe_mode = bool(os.getenv("GRADIO_VIBE_MODE", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fac0fdf009d51cf0 Environment-variable access.
repo/gradio/blocks.py:1166
        self.root_path = os.environ.get("GRADIO_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8f2897994bf16c8 Filesystem access.
repo/gradio/blocks.py:2581
            with open(css_path, encoding="utf-8") as css_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1b07a0f264a633d Filesystem access.
repo/gradio/blocks.py:2587
            with open(head_path, encoding="utf-8") as head_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03eb8b15de1fc2c6 Environment-variable access.
repo/gradio/blocks.py:2602
            else os.getenv("GRADIO_SSR_MODE", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9809d252ab99aa36 Environment-variable access.
repo/gradio/blocks.py:2783
            self.root_path = os.environ.get("GRADIO_ROOT_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a94b009c711ff56 Environment-variable access.
repo/gradio/blocks.py:2793
            allowed_paths_env = os.environ.get("GRADIO_ALLOWED_PATHS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bab84336c2b387ec Environment-variable access.
repo/gradio/blocks.py:2804
            blocked_paths_env = os.environ.get("GRADIO_BLOCKED_PATHS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5feaa64ad847415a Environment-variable access.
repo/gradio/blocks.py:2837
            env_val = os.environ.get("GRADIO_NUM_WORKERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e638c1aa2f7ba829 Environment-variable access.
repo/gradio/blocks.py:2851
            self.node_path = os.environ.get("GRADIO_NODE_PATH", get_node_path())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #736ac79ab6cf5ea5 Environment-variable access.
repo/gradio/blocks.py:2852
            is_dev_mode = os.getenv("GRADIO_LOCAL_DEV_MODE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d45b0fa35a3c927 Environment-variable access.
repo/gradio/blocks.py:2876
                    os.getenv("GRADIO_SERVER_PORT", str(INITIAL_PORT_VALUE))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edcbde0157ff8312 Environment-variable access.
repo/gradio/blocks.py:2878
                python_host = server_name or os.getenv(
                    "GRADIO_SERVER_NAME", "127.0.0.1"
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb68f205d6951325 Environment-variable access.
repo/gradio/blocks.py:3085
                share_env = os.getenv("GRADIO_SHARE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a739746dc0decda2 Environment-variable access.
repo/gradio/blocks.py:3260
            or int(os.getenv("GRADIO_DEBUG", "0")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d21651cf9ef2803f Environment-variable access.
repo/gradio/chat_interface.py:226
            flagging_mode = os.getenv("GRADIO_CHAT_FLAGGING_MODE", "never")  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3acd7480cf371311 Environment-variable access.
repo/gradio/cli/cli.py:74
        os.environ["GRADIO_VIBE_MODE"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32900cae21b54140 Filesystem access.
repo/gradio/cli/cli.py:86
            with open(demo_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29e5e16b91d81895 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:262
        Path(local_js_dir / name.split("/")[1] / "package.json").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #408c80340b023b35 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:344
    source_package_json = json.loads(Path(frontend / "package.json").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c27b19f11cf5c0d0 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:350
    (frontend / "package.json").write_text(json.dumps(source_package_json, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f633a8857d4e77e3 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:419
    (directory / "README.md").write_text(readme_contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb35d9b232d2f3b2 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:425
    gitignore_contents = gitignore.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce169d90875907d6 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:427
    gitignore_dest.write_text(gitignore_contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #090eb62f4c5ad846 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:430
    pyproject_contents = pyproject.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a06b783bfca09de4 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:435
    pyproject_dest.write_text(pyproject_contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c56d21877f942882 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:440
    (demo_dir / "app.py").write_text(
        f"""
import gradio as gr
from {package_name} import {name}

{component.demo_code.format(name=name)}

if __name__ == "__main__":
    demo.launch()
"""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7563ba2f79c750 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:454
    init.write_text(
        f"""
from .{name.lower()} import {name}

__all__ = ['{name}']
"""
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4395addd062e063 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:475
    content = python_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #281d8fe5acc22b07 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:478
    python_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e4bf8e86a4514df Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:480
        pyi_content = pyi_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdca32d4fcd00031 Filesystem access.
repo/gradio/cli/commands/components/_create_utils.py:483
        pyi_file.write_text(pyi_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f710ef361509f358 Filesystem access.
repo/gradio/cli/commands/components/build.py:62
        pyproject_toml = parse((path / "pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c2bc4e1471ac8dc Filesystem access.
repo/gradio/cli/commands/components/build.py:81
            pyproject_toml = parse((path / "pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56aeb87744abb299 Filesystem access.
repo/gradio/cli/commands/components/build.py:90
            with open(path / "pyproject.toml", "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f465e3cffd2d0377 Filesystem access.
repo/gradio/cli/commands/components/create.py:145
            pyproject_toml = parse((directory / "pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e8c6b6dc5198cf1 Filesystem access.
repo/gradio/cli/commands/components/create.py:187
                with open(directory / "pyproject.toml", "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0506e518f018e521 Filesystem access.
repo/gradio/cli/commands/components/create.py:190
        (directory / "demo" / "requirements.txt").write_text(package_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c85b96594c1ee3fd Filesystem access.
repo/gradio/cli/commands/components/create.py:193
        readme_contents = readme_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b3bf8ea086f3a3c Filesystem access.
repo/gradio/cli/commands/components/create.py:202
        (directory / "README.md").write_text(readme_contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cef7866fd51bc72 Filesystem access.
repo/gradio/cli/commands/components/docs.py:89
        with open(_component_dir / "pyproject.toml", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e451e3a870c050 Filesystem access.
repo/gradio/cli/commands/components/docs.py:133
    with open(_demo_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62501fe493fc772b Filesystem access.
repo/gradio/cli/commands/components/docs.py:174
        with open(_demo_dir / "space.py", "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db833767437c7a1c Filesystem access.
repo/gradio/cli/commands/components/docs.py:180
        with open(_demo_dir / "css.css", "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279e8c2a0540032f Filesystem access.
repo/gradio/cli/commands/components/docs.py:190
        readme_content = Path(_readme_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #815e8a1c63bf35ef Filesystem access.
repo/gradio/cli/commands/components/docs.py:192
        with open(_readme_path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #932ec061a7f6fd05 Filesystem access.
repo/gradio/cli/commands/components/publish.py:243
            pyproject_toml = parse(pyproject_toml_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #669e7de71b808cd6 Filesystem access.
repo/gradio/cli/commands/deploy_space.py:42
            with open(file_path, encoding="utf-8", errors="ignore") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d78eb7718b6c563 Filesystem access.
repo/gradio/cli/commands/deploy_space.py:86
            with open(requirements_file, "a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1462fecad17bdfe Filesystem access.
repo/gradio/cli/commands/deploy_space.py:100
        with open(github_action_template, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fe1f9260a9722c3 Filesystem access.
repo/gradio/cli/commands/deploy_space.py:103
        with open(github_action_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7116c74405720dee Filesystem access.
repo/gradio/cli/commands/deploy_space.py:204
            with open(requirements_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20f5eff1e666e324 Filesystem access.
repo/gradio/cli/commands/deploy_space.py:211
        with open(requirements_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e25b9841d9e448e9 Filesystem access.
repo/gradio/cli/commands/deploy_space.py:220
            with open(requirements_file, "a", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8bdf7f57a13f2f9 Environment-variable access.
repo/gradio/cli/commands/deploy_space.py:273
    if os.getenv("SYSTEM") == "spaces":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30872aaf62ea6bb9 Environment-variable access.
repo/gradio/cli/commands/hf_login.py:11
                os.environ["GRADIO_AUTO_LOGOUT"] = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #429180c5fe97f2df Environment-variable access.
repo/gradio/cli/commands/hf_login.py:15
                os.environ["GRADIO_AUTO_LOGOUT"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b59a52c1d1ca763c Environment-variable access.
repo/gradio/cli/commands/hf_login.py:20
        os.environ["GRADIO_AUTO_LOGOUT"] = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31d6b4b6111790df Environment-variable access.
repo/gradio/cli/commands/hf_login.py:24
    if os.getenv("HF_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a054e7699b1a761 Environment-variable access.
repo/gradio/cli/commands/hf_login.py:26
            user = whoami(token=os.getenv("HF_TOKEN")).get("name")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7bb2e5cc4a8b1db Environment-variable access.
repo/gradio/cli/commands/load_chat.py:43
    resolved_token = token or os.getenv("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #041571bd132fadf4 Environment-variable access.
repo/gradio/cli/commands/reload.py:31
    if os.getenv("GRADIO_VIBE_MODE") and os.getenv("GRADIO_AUTO_LOGOUT") == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83d7daeed6b9646e Environment-variable access.
repo/gradio/cli/commands/reload.py:124
        os.environ,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f15eb04a43c58fe Environment-variable access.
repo/gradio/cli/commands/reload.py:132
    if "GRADIO_VIBE_MODE" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1ab28e0b1c3f9f8 Environment-variable access.
repo/gradio/cli/commands/reload.py:133
        env_vars["GRADIO_VIBE_MODE"] = os.environ["GRADIO_VIBE_MODE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13f37871ef1a6115 Filesystem access.
repo/gradio/cli/commands/skills.py:110
        (dest / fname).write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2decb86bf4065cae Filesystem access.
repo/gradio/cli/commands/skills.py:117
        (references_dir / fname).write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #236b15741a4b9051 Filesystem access.
repo/gradio/cli/commands/skills.py:134
        (dest / fname).write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ec6586b34c6e62a Filesystem access.
repo/gradio/cli/commands/skills.py:278
    (dest / "SKILL.md").write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffa0f1563b56614a Filesystem access.
repo/gradio/cli/commands/upload_mcp.py:32
        with open(target_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51d4fc47b01275bd Filesystem access.
repo/gradio/component_meta.py:122
    source_code = source_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d822350c94df95a Filesystem access.
repo/gradio/component_meta.py:146
            pyi_file.write_text("\n".join(lines))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03285458e8bbf01c Filesystem access.
repo/gradio/component_meta.py:149
            pyi_file.read_text(), class_name

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fb89aec685a324a Filesystem access.
repo/gradio/component_meta.py:152
            with open(str(pyi_file), mode="a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de65e9ff9214d218 Filesystem access.
repo/gradio/component_meta.py:155
            contents = pyi_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c15f95d0a8ed108a Filesystem access.
repo/gradio/component_meta.py:157
            current_contents = pyi_file.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d7327e5570a6add Filesystem access.
repo/gradio/component_meta.py:159
                pyi_file.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec253543f16fb6bb Filesystem access.
repo/gradio/components/audio.py:361
            with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61d49989bd6d27e7 Filesystem access.
repo/gradio/components/audio.py:421
                with open(file_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87959cd20f0cf501 Filesystem access.
repo/gradio/components/file.py:156
            with open(file_name, "rb") as file_data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ad4d923e1568593 Filesystem access.
repo/gradio/components/html.py:371
            with open(manifest_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60fd3689045c1f69 Filesystem access.
repo/gradio/components/label.py:141
            return LabelData(**json.loads(Path(value).read_text()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #706c92cfa314e26c Filesystem access.
repo/gradio/components/upload_button.py:164
            with open(file_name, "rb") as file_data:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d98fe3d3b55bc79 Filesystem access.
repo/gradio/components/video.py:414
                open(srt_file_path, encoding="utf-8") as srt_file,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e42630f83b66d15c Filesystem access.
repo/gradio/components/video.py:415
                open(vtt_file_path, "w", encoding="utf-8") as vtt_file,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab95c92b69991ce0 Filesystem access.
repo/gradio/components/video.py:428
                with open(file_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d353529e047b529 Filesystem access.
repo/gradio/components/video.py:615
            "data": Path(ts_file).read_bytes(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b898b76ae3afdef Environment-variable access.
repo/gradio/external.py:87
        and os.environ.get("HF_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8170687752edb7b5 Environment-variable access.
repo/gradio/external.py:89
        token = os.environ.get("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58672e80ba622efe Environment-variable access.
repo/gradio/external.py:209
    GRADIO_CACHE = os.environ.get("GRADIO_TEMP_DIR") or str(  # noqa: N806

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4b7b2665e62034d Filesystem access.
repo/gradio/external.py:809
                f"\n## {Path(file).name}\n{Path(file).read_text()}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #950d9c3714b0bbe8 Filesystem access.
repo/gradio/external.py:961
            with open(openapi_spec) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f325b325d5452cd2 Filesystem access.
repo/gradio/flagging.py:109
        with open(log_filepath, "a", encoding="utf-8", newline="") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c51a24643e1e53e8 Filesystem access.
repo/gradio/flagging.py:113
        with open(log_filepath, encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c16f1890fa661d22 Filesystem access.
repo/gradio/flagging.py:186
        with open(log_filepath, "a", newline="", encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9940bf20471461bb Filesystem access.
repo/gradio/flagging.py:192
        with open(log_filepath, encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de4976c93f20a1d5 Filesystem access.
repo/gradio/flagging.py:268
                with open(latest_file, newline="", encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c27f50c6ab9813d Filesystem access.
repo/gradio/flagging.py:283
            with open(
                self.dataset_filepath, "w", newline="", encoding="utf-8"
            ) as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2722bad52ed0413 Filesystem access.
repo/gradio/flagging.py:337
            with open(
                self.dataset_filepath, "a", newline="", encoding="utf-8"
            ) as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279e5db32f9b3605 Filesystem access.
repo/gradio/flagging.py:342
            with open(self.dataset_filepath, encoding="utf-8") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba3d24b400ec4113 Filesystem access.
repo/gradio/flagging.py:384
        with open(log_filepath, "a", encoding="utf-8", newline="") as csvfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8bad49678ced683 Environment-variable access.
repo/gradio/helpers.py:158
                os.getenv("GRADIO_CACHE_EXAMPLES", "").lower() in ["true", "lazy"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1472e5489ea8efb5 Environment-variable access.
repo/gradio/helpers.py:172
        if (cache_mode_env := os.getenv("GRADIO_CACHE_MODE")) and cache_mode is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f644f48e49c0695 Filesystem access.
repo/gradio/helpers.py:219
                with open(Path(examples) / LOG_FILE) as logs:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98177991c8225d90 Environment-variable access.
repo/gradio/helpers.py:294
            os.environ.get("GRADIO_RESET_EXAMPLES_CACHE") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe55827e17b5fcbb Filesystem access.
repo/gradio/helpers.py:490
            with open(self.cached_indices_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #478f2bb35f57de7e Filesystem access.
repo/gradio/helpers.py:576
                with open(self.cached_indices_file, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ef9fb7ec672cdb6 Filesystem access.
repo/gradio/helpers.py:590
            with open(self.cached_indices_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed60bece673c9ff3 Filesystem access.
repo/gradio/helpers.py:593
        with open(self.cached_file, encoding="utf-8") as cache:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f6cb007290fda99 Filesystem access.
repo/gradio/helpers.py:851
                kwargs["file"] = open(os.devnull, "w")  # noqa: SIM115

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8c51187c5cdc4de Environment-variable access.
repo/gradio/http_server.py:31
INITIAL_PORT_VALUE = int(os.getenv("GRADIO_SERVER_PORT", "7860"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca27880662e4e161 Environment-variable access.
repo/gradio/http_server.py:32
TRY_NUM_PORTS = int(os.getenv("GRADIO_NUM_PORTS", "100"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1886d97dc384a3d Environment-variable access.
repo/gradio/http_server.py:33
LOCALHOST_NAME = os.getenv("GRADIO_SERVER_NAME", "127.0.0.1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbd0f29dcbed1650 Environment-variable access.
repo/gradio/http_server.py:35
GRADIO_HOT_RELOAD = os.getenv("GRADIO_HOT_RELOAD", "false").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e41de4e795a84d4e Environment-variable access.
repo/gradio/http_server.py:37
should_watch = bool(os.getenv("GRADIO_WATCH_DIRS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c93326bc9c9aee5d Environment-variable access.
repo/gradio/http_server.py:39
    os.getenv("GRADIO_WATCH_DIRS", "").split(",") if should_watch else []

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6d4cf7f7026db3c Environment-variable access.
repo/gradio/http_server.py:41
GRADIO_WATCH_MODULE_NAME = os.getenv("GRADIO_WATCH_MODULE_NAME", "app")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0bb89822129fa03 Environment-variable access.
repo/gradio/http_server.py:42
GRADIO_WATCH_DEMO_NAME = os.getenv("GRADIO_WATCH_DEMO_NAME", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a1b0d38f044e7bb Environment-variable access.
repo/gradio/http_server.py:43
GRADIO_WATCH_DEMO_PATH = os.getenv("GRADIO_WATCH_DEMO_PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2563ee9b7fdac4cc Environment-variable access.
repo/gradio/http_server.py:172
                    encoding=os.getenv("GRADIO_WATCH_ENCODING", "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee3db760c5450992 Filesystem access.
repo/gradio/image_utils.py:237
    with open(image_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61503e605a49bef3 Filesystem access.
repo/gradio/image_utils.py:259
        with open(image_file) as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1a423a84472d37a Environment-variable access.
repo/gradio/interface.py:392
            self.flagging_mode = os.getenv("GRADIO_FLAGGING_MODE", "manual")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e2d53710078177a Environment-variable access.
repo/gradio/mcp.py:44
DEFAULT_TEMP_DIR = os.environ.get("GRADIO_TEMP_DIR") or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb08bafb38628d2d Environment-variable access.
repo/gradio/networking.py:20
GRADIO_SHARE_SERVER_ADDRESS = os.getenv("GRADIO_SHARE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b0359b58c61911a8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/gradio/networking.py:37
            response = httpx.get(GRADIO_API_SERVER, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b670c508d2be7948 Filesystem access.
repo/gradio/networking.py:47
            with open(CERTIFICATE_PATH, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5824a8532363cae1 Environment-variable access.
repo/gradio/node_server.py:21
INITIAL_PORT_VALUE = int(os.getenv("GRADIO_SERVER_PORT", "7860"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03d07c8d3f79d51d Environment-variable access.
repo/gradio/node_server.py:22
TRY_NUM_PORTS = int(os.getenv("GRADIO_NODE_NUM_PORTS", "100"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35fbd9b2a935eab9 Environment-variable access.
repo/gradio/node_server.py:23
LOCALHOST_NAME = os.getenv(
    "GRADIO_NODE_SERVER_NAME", os.getenv("GRADIO_SERVER_NAME", "127.0.0.1")
)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f02dcb56b4055c3 Environment-variable access.
repo/gradio/node_server.py:24
    "GRADIO_NODE_SERVER_NAME", os.getenv("GRADIO_SERVER_NAME", "127.0.0.1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb60d04e330ca5df Environment-variable access.
repo/gradio/node_server.py:70
        node_path=node_path or os.getenv("GRADIO_NODE_PATH"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7c7d53a3140d74e Environment-variable access.
repo/gradio/node_server.py:82
GRADIO_LOCAL_DEV_MODE = os.getenv("GRADIO_LOCAL_DEV_MODE") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00d8ae62177d4084 Environment-variable access.
repo/gradio/node_server.py:115
            env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81636f3d0dfaf34f Environment-variable access.
repo/gradio/oauth.py:17
OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84b158c028cf0728 Environment-variable access.
repo/gradio/oauth.py:18
OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39ec32927a6ff702 Environment-variable access.
repo/gradio/oauth.py:19
OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45cbb0560a63082e Environment-variable access.
repo/gradio/oauth.py:20
OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9c175f221c7b846 Environment-variable access.
repo/gradio/oauth.py:133
                host = os.environ.get("SPACE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57755d6cfb23a73d Environment-variable access.
repo/gradio/oauth.py:207
    if space_host := os.getenv("SPACE_HOST"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc06377bcec290c0 Filesystem access.
repo/gradio/processing_utils.py:130
    with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e4dbb0c0c997a86 Filesystem access.
repo/gradio/processing_utils.py:355
        open(full_temp_file_path, "wb") as f,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e60ae99fa099a8e Filesystem access.
repo/gradio/processing_utils.py:401
        with open(full_temp_file_path, "wb") as fb:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc11bb14d9405e91 Environment-variable access.
repo/gradio/profiling.py:12
PROFILING_ENABLED = os.environ.get("GRADIO_PROFILING", "").strip() in ("1", "true")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #640282ef622abf4a Environment-variable access.
repo/gradio/queueing.py:157
            os.getenv("GRADIO_ANALYTICS_CACHE_FREQUENCY", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14a79f6f336705ce Environment-variable access.
repo/gradio/queueing.py:263
        if default_concurrency_limit_env := os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4371f5170265195e Environment-variable access.
repo/gradio/queueing.py:263
        if default_concurrency_limit_env := os.environ.get(
            "GRADIO_DEFAULT_CONCURRENCY_LIMIT"
        ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f77e08a2568d1bb7 Environment-variable access.
repo/gradio/route_utils.py:920
        if not strict_cors or os.getenv("GRADIO_LOCAL_DEV_MODE") is not None:  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceff10c8316d9e9f Environment-variable access.
repo/gradio/route_utils.py:1181
DEFAULT_TEMP_DIR = os.environ.get("GRADIO_TEMP_DIR") or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #359e1259e479201b Environment-variable access.
repo/gradio/routes.py:322
            mcp_server = os.environ.get("GRADIO_MCP_SERVER", "False").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e61e7bcf3c3e19d9 Filesystem access.
repo/gradio/routes.py:589
                    components = orjson.loads(path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8804614cd009c4c Filesystem access.
repo/gradio/routes.py:710
                with open(directory / "state.json", "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2558b6d27f8fd89b Filesystem access.
repo/gradio/routes.py:1034
                    Path(path).read_text(encoding="utf-8").encode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e3a571a4aa30d6d Filesystem access.
repo/gradio/routes.py:2124
            with open(GRADIO_WATCH_DEMO_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5bd3261bb83191e Filesystem access.
repo/gradio/routes.py:2130
            with open(snapshot_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #881c3c84eb166f1d Filesystem access.
repo/gradio/routes.py:2194
            with open(GRADIO_WATCH_DEMO_PATH, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d59789bfe353c82b Filesystem access.
repo/gradio/routes.py:2223
            with open(snapshot_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f82700668bebe690 Filesystem access.
repo/gradio/routes.py:2226
            with open(GRADIO_WATCH_DEMO_PATH, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce0eb108f520f8db Filesystem access.
repo/gradio/routes.py:2245
                with open(GRADIO_WATCH_DEMO_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b746a56654f8ac4 Filesystem access.
repo/gradio/routes.py:2269
                with open(GRADIO_WATCH_DEMO_PATH, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ca1f2a0f58db1bc Filesystem access.
repo/gradio/routes.py:2288
            with open(GRADIO_WATCH_DEMO_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b085436387e6d2d6 Environment-variable access.
repo/gradio/routes.py:2581
        blocks.node_path = os.environ.get("GRADIO_NODE_PATH", get_node_path())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81f1a8e3d9a6cd48 Environment-variable access.
repo/gradio/screen_recording_utils.py:8
DEFAULT_TEMP_DIR = os.environ.get("GRADIO_TEMP_DIR") or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa200219df2a5e29 Filesystem access.
repo/gradio/screen_recording_utils.py:69
                with open(concat_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce8655573333c2eb Environment-variable access.
repo/gradio/server.py:288
        os.environ["GRADIO_SERVER_MODE_ENABLED"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d37f665eb4504a44 Environment-variable access.
repo/gradio/state_holder.py:80
            1 if os.getenv("GRADIO_IS_E2E_TEST", None) else 3600

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7143a7d537c077b9 Filesystem access.
repo/gradio/themes/base.py:147
        with open(path, encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #beebc8c2ac892e28 Filesystem access.
repo/gradio/themes/base.py:189
        Path(filename).write_text(json.dumps(self.to_dict(), cls=fonts.FontEncoder))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ba81fdc1f9d6cf4 Filesystem access.
repo/gradio/themes/base.py:322
            contents = (Path(__file__).parent / "app.py").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b1e2120e51bed6c Filesystem access.
repo/gradio/tunneling.py:97
            with open(BINARY_PATH, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f9948f73c6475f8 Filesystem access.
repo/gradio/tunneling.py:104
                with open(BINARY_PATH, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb69e5d228a01a08 Filesystem access.
repo/gradio/utils.py:397
    no_reload_source_code = Path(str(reloader.demo_file)).read_text(
        encoding=reloader.encoding
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6fbccfef1cb5a57 Filesystem access.
repo/gradio/utils.py:441
                no_reload_source_code = Path(str(reloader.demo_file)).read_text(
                    encoding=reloader.encoding
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #382fe1a7b3857ef3 Environment-variable access.
repo/gradio/utils.py:542
        os.environ.get("KAGGLE_KERNEL_RUN_TYPE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8d3cd85dee8c79f Environment-variable access.
repo/gradio/utils.py:564
    if os.getenv("SYSTEM") == "spaces":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0aee5ecaa0aa9695 Environment-variable access.
repo/gradio/utils.py:565
        return os.getenv("SPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f878157c53140794 Environment-variable access.
repo/gradio/utils.py:570
    return os.getenv("SPACES_ZERO_GPU") == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2686cf83fef4e65 Filesystem access.
repo/gradio/utils.py:615
            with open(HASH_SEED_PATH) as j:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bf8304689b099e9 Filesystem access.
repo/gradio/utils.py:618
            with open(HASH_SEED_PATH, "w") as j:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #871c314f384a786d Environment-variable access.
repo/gradio/utils.py:1450
    return Path(os.environ.get("GRADIO_EXAMPLES_CACHE", ".gradio/cached_examples"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52e43eaaa4ae62e0 Environment-variable access.
repo/gradio/utils.py:1505
    return os.environ.get("GRADIO_TEMP_DIR") or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c0946751377f6f0 Environment-variable access.
repo/gradio/utils.py:1628
    interval = os.getenv("GRADIO_HEARTBEAT_INTERVAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #462390edb0d2e41e Environment-variable access.
repo/gradio/utils.py:1648
    return 0.25 if os.getenv("GRADIO_IS_E2E_TEST") else 15

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #335b2c029bb0a236 Environment-variable access.
repo/gradio/utils.py:1825
    env_node_path = os.environ.get("GRADIO_NODE_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffeb1507ae584857 Environment-variable access.
repo/gradio/utils.py:1870
    env_path = os.environ.get("PATH", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #deb4e170f6440772 Filesystem access.
repo/gradio/workflow.py:79
        with open(_bundled_snapshot_path(), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d296e0a0af6a5e2 Filesystem access.
repo/gradio/workflow.py:97
        with open(local, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73714c55ebe99a44 Environment-variable access.
repo/gradio/workflow.py:321
    owner = os.getenv("SPACE_AUTHOR_NAME") or space_id.split("/")[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f1bf201052e35f2 Filesystem access.
repo/gradio/workflow.py:368
        with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52c8b93c5fdde8fc Environment-variable access.
repo/gradio/workflow.py:501
        if get_space() is not None and bool(os.getenv("OAUTH_CLIENT_ID"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3c4b1d573688cbb Filesystem access.
repo/gradio/workflow.py:1331
                with open(self._workflow_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44c9444155704ed4 Filesystem access.
repo/gradio/workflow.py:1462
                with open(workflow_file, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64f059c5c44c6b17 Environment-variable access.
repo/gradio/workflow.py:1516
            if get_space() is not None and os.getenv("OAUTH_CLIENT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1f21a5940fa9503 Environment-variable access.
repo/gradio/workflow.py:1580
            or int(os.getenv("GRADIO_DEBUG", "0")) == 1

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): client/python/gradio_client

python first-party
expand_more 9 low-confidence finding(s)
low env_fs production #c31198dc1e8f5c9f Environment-variable access.
repo/client/python/gradio_client/client.py:56
DEFAULT_TEMP_DIR = os.environ.get("GRADIO_TEMP_DIR") or str(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb7982cfaa801625 Environment-variable access.
repo/client/python/gradio_client/client.py:204
            analytics_enabled or os.getenv("GRADIO_ANALYTICS_ENABLED", "True") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c816038065b16b7 Filesystem access.
repo/client/python/gradio_client/client.py:1304
            with open(file_path, "rb") as f_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4978bc6cd67d09d8 Filesystem access.
repo/client/python/gradio_client/client.py:1352
            with open(temp_dir / Path(url_path).name, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b766b72b43cddea Environment-variable access.
repo/client/python/gradio_client/templates/discord_chat.py:17
DISCORD_TOKEN = os.getenv("DISCORD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd3b36508941c71c Environment-variable access.
repo/client/python/gradio_client/templates/discord_chat.py:26
    client = grc.Client("<<app-src>>", token=os.getenv("HF_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d2aa6439043b4ff Filesystem access.
repo/client/python/gradio_client/utils.py:651
        with open(file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32ae0bf14bcf902f Filesystem access.
repo/client/python/gradio_client/utils.py:698
    with open(f, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4143c08bea819b0a Filesystem access.
repo/client/python/gradio_client/utils.py:834
    with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): js/_website

python first-party
expand_more 25 low-confidence finding(s)
low env_fs production #93cd159213c7cd23 Filesystem access.
repo/js/_website/generate_jsons/check_lite_demos.py:9
            with open(os.path.join("demo", demo, "requirements.txt"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a6be196097c01a0 Environment-variable access.
repo/js/_website/generate_jsons/embed.py:11
url = os.getenv("TURSO_DATABASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6db32b087e5bc48d Environment-variable access.
repo/js/_website/generate_jsons/embed.py:12
auth_token = os.getenv("TURSO_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9ceafbb1013136d Filesystem access.
repo/js/_website/generate_jsons/embed.py:129
        with open(os.path.join("demo", demo, "requirements.txt"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d24e11fe6e1eef8 Filesystem access.
repo/js/_website/generate_jsons/generate.py:60
    with open(make_dir(ROOT_DIR, "client/js/package.json")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f5dc57bfaae9966 Filesystem access.
repo/js/_website/generate_jsons/generate.py:62
    with open(make_dir(GRADIO_DIR, "package.json")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62a9c3cbb00889ea Filesystem access.
repo/js/_website/generate_jsons/generate.py:64
        with open(make_dir(WEBSITE_DIR, "src/lib/json/version.json"), "w+") as j:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18cb625e8cf6028c Filesystem access.
repo/js/_website/generate_jsons/generate.py:66
        with open(make_dir(WEBSITE_DIR, "src/lib/json/wheel.json"), "w+") as j:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aeef9001e9d142bb Filesystem access.
repo/js/_website/generate_jsons/generate.py:128
with open(make_dir(WEBSITE_DIR, "src/lib/json/system_prompt.json"), "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b1f248a0ef1f2b3 Filesystem access.
repo/js/_website/generate_jsons/src/changelog/__init__.py:10
    with open(CHANGELOG_FILE) as change_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dacfbc94880d2e01 Filesystem access.
repo/js/_website/generate_jsons/src/changelog/__init__.py:22
    with open(json_path, 'w+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #396e7708981c3dcb Filesystem access.
repo/js/_website/generate_jsons/src/demos/__init__.py:150
    with open(json_path, "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60236722f6abf062 Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:60
                with open(demo_file) as run_py:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e4931f961acd0ac Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:235
                with open(os.path.join(JS_DIR, js_component, "package.json")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd26b6e8d69bf2b6 Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:240
                with open(os.path.join(JS_DIR, js_component, "README.md")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ca337b3ae113311 Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:256
    with open(JS_CLIENT_README) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c873793e8da07a61 Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:339
    with open(demo_file) as run_py:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0fab59c0b2a7418 Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:352
    with open(demo_file) as run_py:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d0135e3d7046c9b Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:364
    with open(demo_file) as run_py:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfd7a1bdde717e87 Filesystem access.
repo/js/_website/generate_jsons/src/docs/__init__.py:421
    with open(json_path, "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74e0ddf1926dcc9d Filesystem access.
repo/js/_website/generate_jsons/src/guides/__init__.py:19
    with open(runfile) as run_py:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec8b9a89ad558dea Filesystem access.
repo/js/_website/generate_jsons/src/guides/__init__.py:57
        with open(os.path.join(GUIDES_DIR, guide_folder, guide_file)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da57d5e3dfbee9f5 Filesystem access.
repo/js/_website/generate_jsons/src/guides/__init__.py:175
    with open(json_path + "guides_by_category.json", "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c2d2f4e6450a8e6 Filesystem access.
repo/js/_website/generate_jsons/src/guides/__init__.py:183
        with open(json_path + guide["name"] + ".json", "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b9946d55af5b327 Filesystem access.
repo/js/_website/generate_jsons/src/guides/__init__.py:185
    with open(json_path + "guide_names.json", "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): js/preview

python first-party
expand_more 2 low-confidence finding(s)
low env_fs production #639be2bd58b360fd Filesystem access.
repo/js/preview/src/examine.py:19
        with open("../pyproject.toml") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eebfc1856f78bfca Filesystem access.
repo/js/preview/src/examine.py:72
            with open("../pyproject.toml", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python)

python first-party
expand_more 59 low-confidence finding(s)
low env_fs test-only #d20d83b365322710 Environment-variable access.
repo/demo/all_demos/run.py:9
os.environ["GRADIO_ANALYTICS_ENABLED"] = "False"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #890fbf94df4b092c Hardcoded external endpoint. Review what data is sent to this destination.
repo/demo/annotatedimage_component/run.py:8
building_image = requests.get("https://gradio-docs-json.s3.us-west-2.amazonaws.com/buildings.png")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #a64f8bf27d39423b Environment-variable access.
repo/demo/autocomplete/run.py:5
hf_token = os.getenv("hf_token")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #34667661e07381ea Environment-variable access.
repo/demo/automatic-speech-recognition/run.py:5
hf_token = os.getenv("hf_token")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eb65d38f68ca3862 Filesystem access.
repo/demo/cancel_events/run.py:10
    log_file.write_text("")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a521f4d5228fb21e Environment-variable access.
repo/demo/chicago-bikeshare-dashboard/run.py:5
DB_USER = os.getenv("DB_USER")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e65832a4f1dd9cf6 Environment-variable access.
repo/demo/chicago-bikeshare-dashboard/run.py:6
DB_PASSWORD = os.getenv("DB_PASSWORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e807f729871b58ab Environment-variable access.
repo/demo/chicago-bikeshare-dashboard/run.py:7
DB_HOST = os.getenv("DB_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fdab33439324dd56 Filesystem access.
repo/demo/code/run.py:13
    return gr.Code(open(css_file).read(), language="css")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4dcbdfa38f324d82 Environment-variable access.
repo/demo/custom_path/run.py:57
    port = int(os.environ.get("GRADIO_SERVER_PORT", 8000))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ca77d51dec1457f Filesystem access.
repo/demo/file_explorer/run.py:11
    return Path(file).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9635f2a26fe585eb Filesystem access.
repo/demo/html_upload/run.py:29
    view_content_btn.click(lambda path: Path(path).read_text(), file_uploader, upload_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #da45ebc08ebc9200 Hardcoded external endpoint. Review what data is sent to this destination.
repo/demo/image_classification/run.py:7
response = requests.get("https://git.io/JJkYN")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #9d9c708d8dfe061a Hardcoded external endpoint. Review what data is sent to this destination.
repo/demo/image_classifier/run.py:11
response = requests.get("https://git.io/JJkYN")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only #21ee9be1f43b0376 Hardcoded external endpoint. Review what data is sent to this destination.
repo/demo/image_classifier_2/run.py:11
response = requests.get("https://git.io/JJkYN")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #c7e01e8ac2954f02 Filesystem access.
repo/demo/image_editor_story/run.py:8
    with open(path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #71781c847681004a Filesystem access.
repo/demo/image_editor_story/run.py:9
        f.write(Path(im["composite"]).read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3fa7f2786de0fefb Environment-variable access.
repo/demo/llm_hyperbolic/run.py:9
api_key = os.getenv("HYPERBOLIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12671fd4ba097e60 Environment-variable access.
repo/demo/llm_minimax/run.py:9
api_key = os.getenv("MINIMAX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f994830ebfa07bff Environment-variable access.
repo/demo/llm_sambanova/run.py:9
api_key = os.getenv("SAMBANOVA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8625794847dab85 Environment-variable access.
repo/demo/magic_8_ball/run.py:36
client = InferenceClient(token=os.getenv("HF_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02acd17ae8dd5a6f Environment-variable access.
repo/demo/stable-diffusion/run.py:7
auth_token = os.getenv("HF_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2f10c3015742188 Filesystem access.
repo/demo/stream_audio_out/run.py:49
                with open(audio_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e898c598b1ea2618 Filesystem access.
repo/demo/unload_event_test/run.py:11
    with open(log_file, "a") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41e1c827a26a27af Filesystem access.
repo/demo/unload_event_test/run.py:29
    demo.load(lambda: log_file.write_text(""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #ff96f291dd1aeeb2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/demo/yolov10_webcam_stream/inference.py:135
            requests.get(
                "https://live.staticflickr.com/13/19041780_d6fd803de0_3k.jpg"
            ).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #afda717685c17564 Environment-variable access.
repo/demo/yolov10_webcam_stream/run.py:15
account_sid = os.environ.get("TWILIO_ACCOUNT_SID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7c6eed0b84f6605a Environment-variable access.
repo/demo/yolov10_webcam_stream/run.py:16
auth_token = os.environ.get("TWILIO_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae2d40edd4f097be Filesystem access.
repo/render_readme.py:9
readme_template = Path(README_TEMPLATE_FILEPATH).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4bc44d1b7a67e9c Filesystem access.
repo/render_readme.py:10
getting_started_template = Path(GETTING_STARTED_TEMPLATE_FILEPATH).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eade4c24de8f5216 Filesystem access.
repo/render_readme.py:21
    context = Path(f"demo/{src}/run.py").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5814436afaf6202e Filesystem access.
repo/render_readme.py:41
Path("README.md").write_text(f"{EDITING_NOTE}\n\n{readme_template}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9422eb764fec3ad Filesystem access.
repo/scripts/build_workflow_curated.py:228
    with open(args.out, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #814dafc8537d5c2c Filesystem access.
repo/scripts/copy_demos.py:94
    pathlib.Path(reqs_file_path).write_text(textwrap.dedent(requirements))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d333efd497f5dbe Filesystem access.
repo/scripts/download_artifacts.py:57
    with open(f"{artifact_name}.zip", "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #838c83c6e1d1bd09 Filesystem access.
repo/scripts/format_release_notes.py:26
    with open(upcoming, "r") as latest:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b09ab78d7c4d4a79 Filesystem access.
repo/scripts/format_release_notes.py:29
    with open(upcoming, "w") as latest:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5659acc29b5100a Filesystem access.
repo/scripts/generate_css_vars_docs.py:89
    content = GUIDE_PATH.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #908904f0d1e5595c Filesystem access.
repo/scripts/generate_css_vars_docs.py:102
    GUIDE_PATH.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51f2a4f25ded8a4b Filesystem access.
repo/scripts/generate_skill.py:93
        with open(runfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af47fc11914c15ec Filesystem access.
repo/scripts/generate_skill.py:353
    with open(os.path.join(output_dir, "SKILL.md"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ffd1968404b4673 Filesystem access.
repo/scripts/generate_skill.py:358
    with open(os.path.join(references_dir, "examples.md"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d227178a831ca5c8 Filesystem access.
repo/scripts/generate_skill.py:362
    with open(os.path.join(references_dir, "api-signatures.md"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #745f5e46dc722498 Filesystem access.
repo/scripts/generate_skill.py:366
    with open(os.path.join(references_dir, "event-listeners.md"), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e12d3bef66a757e Filesystem access.
repo/scripts/generate_skill.py:375
    with open(path1) as f1, open(path2) as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8de517a672d0b77 Filesystem access.
repo/scripts/generate_skill.py:432
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9e6a704d76ce1ba Filesystem access.
repo/scripts/overwrite_xray_config.py:112
    with open(j, "w") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a872ae7d9d7c3a0 Filesystem access.
repo/scripts/profile_e2e/analyze.py:72
        return json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce0ff9c1ccf0aa58 Filesystem access.
repo/scripts/sync_frontend.py:22
    version = json.load(open(pathlib.Path(root) / "gradio" / "package.json"))["version"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caab0676ee8faf7e Filesystem access.
repo/scripts/upload_demo_to_space.py:71
            readme.write_text(textwrap.dedent(readme_content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4caa10b1ed103988 Filesystem access.
repo/scripts/upload_docs_json.py:97
                    html = file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef395e7ed33175e0 Filesystem access.
repo/scripts/upload_docs_json.py:111
                    markdown = file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #019bc596b3921f34 Filesystem access.
repo/scripts/upload_docs_json.py:129
    with open((ROOT / "scripts/docs.json").resolve(), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf3bda8231e79d50 Filesystem access.
repo/scripts/upload_website_demos.py:91
                with open(os.path.join(requirements_path), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd5f0ffd19c6d446 Filesystem access.
repo/scripts/upload_website_demos.py:94
                with open(os.path.join(requirements_path), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e618e196d4becde6 Filesystem access.
repo/scripts/upload_website_demos.py:96
                with open(os.path.join(requirements_path), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #066079f0f3f677c7 Filesystem access.
repo/scripts/validate_workflow_curated.py:320
        with open(local_path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b3167749b167670 Filesystem access.
repo/scripts/validate_workflow_curated.py:330
    with open(local, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a29038439479b9d Environment-variable access.
repo/scripts/validate_workflow_curated.py:379
    hf_token = os.environ.get("HF_TOKEN") or os.environ.get("HF_JOBS_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #852e7b35b4da1a3b Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9651e480fd8bbea Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b09cc13dd763a51 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae346ceb85591e80 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

katex

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #2f9de062ff639d12 Filesystem access.
pkgs/python/[email protected]/src/metrics/parse_tfm.py:134
    with open(file_name, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @csstools/postcss-global-data prod — dist-only: no readable source
  • @self/build prod — registry 404
  • @self/tootils prod — registry 404
  • @types/testing-library__jest-dom prod — no javascript source
  • plotly.js-dist-min prod — dist-only: no readable source
  • postcss-custom-media prod — dist-only: no readable source
  • svelte-i18n prod — dist-only: no readable source
  • typescript-svelte-plugin prod — dist-only: no readable source
  • @self/spa prod — registry 404
  • @codemirror/autocomplete prod — dist-only: no readable source
  • @codemirror/commands prod — dist-only: no readable source
  • @codemirror/language prod — dist-only: no readable source
  • @codemirror/lint prod — dist-only: no readable source
  • @codemirror/search prod — dist-only: no readable source
  • @codemirror/state prod — dist-only: no readable source
  • @codemirror/view prod — dist-only: no readable source
  • cm6-theme-basic-dark prod — dist-only: no readable source
  • cm6-theme-basic-light prod — dist-only: no readable source
  • @ffmpeg/util prod — dist-only: no readable source
  • anyio prod — scan budget exceeded
  • audioop-lts prod — scan budget exceeded
  • brotli prod — scan budget exceeded
  • fastapi prod — scan budget exceeded
  • groovy prod — scan budget exceeded
  • gradio_client prod — scan budget exceeded
  • hf-gradio prod — scan budget exceeded
  • huggingface_hub prod — scan budget exceeded
  • Jinja2 prod — scan budget exceeded
  • markupsafe prod — scan budget exceeded
  • numpy prod — scan budget exceeded
  • orjson prod — scan budget exceeded
  • packaging prod — scan budget exceeded
  • pandas prod — scan budget exceeded
  • pillow prod — scan budget exceeded
  • pydantic prod — scan budget exceeded
  • python-multipart prod — scan budget exceeded
  • pydub prod — scan budget exceeded
  • pyyaml prod — scan budget exceeded
  • safehttpx prod — scan budget exceeded
  • semantic_version prod — scan budget exceeded
  • starlette prod — scan budget exceeded
  • tomlkit prod — scan budget exceeded
  • typer prod — scan budget exceeded
  • typing_extensions prod — scan budget exceeded
  • uvicorn prod — scan budget exceeded
  • pytz prod — scan budget exceeded
  • fsspec prod — scan budget exceeded
  • gradio prod — scan budget exceeded