Close Open Privacy Scan

bolt Snapshot: commit ed888c7
science engine v1.21
schedule 2026-07-18T16:06:30.050050+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

97 /100
Low privacy risk

Low risk · 3 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

env_fs −3

list Scan Summary

0 high 0 medium 3 low
First-party packages: 1
Dependency packages: 0
Ecosystem: npm

swap_horiz Application data flows

No high- or medium-confidence application data-flow findings in this scan.

</> First-Party Code

first-party (npm): desktop

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #f7160a8b3ca28e33 Filesystem access.
repo/desktop/main.js:4
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98332c614bf9cd1d Filesystem access.
repo/desktop/main.js:64
  try { return JSON.parse(fs.readFileSync(stateFile, "utf8")); } catch { return null; }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67def81f4296a5ab Filesystem access.
repo/desktop/main.js:71
    fs.writeFileSync(stateFile, JSON.stringify(state));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.