Close Open Privacy Scan
App Privacy Score
High risk · 677 finding(s)
Dependency score: 100 (Low risk)
bar_chart Score Breakdown
list Scan Summary
swap_horiz Confirmed data exfiltration in application code
External domains:
api.app.predibase.comapi.brightdata.comapi.keywordsai.codashscope.aliyuncs.comeutils.ncbi.nlm.nih.govicanhazdadjoke.comnla.zapier.com
repo/llama-index-integrations/embeddings/llama-index-embeddings-yandexgpt/llama_index/embeddings/yandexgpt/base.py:114 → repo/llama-index-integrations/embeddings/llama-index-embeddings-yandexgpt/llama_index/embeddings/yandexgpt/base.py:123repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:111 → repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:126repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:111 → repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:141repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:202 → repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:204repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:289 → repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:292repo/llama-index-integrations/llms/llama-index-llms-mymagic/llama_index/llms/mymagic/base.py:190 → repo/llama-index-integrations/llms/llama-index-llms-mymagic/llama_index/llms/mymagic/base.py:193repo/llama-index-integrations/node_parser/llama-index-node-parser-relational-dashscope/llama_index/node_parser/dashscope/base.py:77 → repo/llama-index-integrations/node_parser/llama-index-node-parser-relational-dashscope/llama_index/node_parser/dashscope/base.py:91repo/llama-index-integrations/readers/llama-index-readers-google/llama_index/readers/google/maps/base.py:131 → repo/llama-index-integrations/readers/llama-index-readers-google/llama_index/readers/google/maps/base.py:141repo/llama-index-integrations/readers/llama-index-readers-hatena-blog/llama_index/readers/hatena_blog/base.py:74 → repo/llama-index-integrations/readers/llama-index-readers-hatena-blog/llama_index/readers/hatena_blog/base.py:74repo/llama-index-integrations/readers/llama-index-readers-linear/llama_index/readers/linear/base.py:24 → repo/llama-index-integrations/readers/llama-index-readers-linear/llama_index/readers/linear/base.py:30repo/llama-index-integrations/readers/llama-index-readers-microsoft-outlook-emails/llama_index/readers/microsoft_outlook_emails/base.py:75 → repo/llama-index-integrations/readers/llama-index-readers-microsoft-outlook-emails/llama_index/readers/microsoft_outlook_emails/base.py:76repo/llama-index-integrations/readers/llama-index-readers-mondaydotcom/llama_index/readers/mondaydotcom/base.py:40 → repo/llama-index-integrations/readers/llama-index-readers-mondaydotcom/llama_index/readers/mondaydotcom/base.py:57repo/llama-index-integrations/readers/llama-index-readers-openalex/llama_index/readers/openalex/base.py:40 → repo/llama-index-integrations/readers/llama-index-readers-openalex/llama_index/readers/openalex/base.py:43repo/llama-index-integrations/readers/llama-index-readers-openalex/llama_index/readers/openalex/base.py:60 → repo/llama-index-integrations/readers/llama-index-readers-openalex/llama_index/readers/openalex/base.py:63repo/llama-index-integrations/readers/llama-index-readers-upstage/llama_index/readers/upstage/base.py:169 → repo/llama-index-integrations/readers/llama-index-readers-upstage/llama_index/readers/upstage/base.py:171repo/llama-index-integrations/readers/llama-index-readers-upstage/llama_index/readers/upstage/document_parse.py:185 → repo/llama-index-integrations/readers/llama-index-readers-upstage/llama_index/readers/upstage/document_parse.py:187repo/llama-index-integrations/readers/llama-index-readers-web/llama_index/readers/web/agentql_web/base.py:59 → repo/llama-index-integrations/readers/llama-index-readers-web/llama_index/readers/web/agentql_web/base.py:65repo/llama-index-integrations/readers/llama-index-readers-web/llama_index/readers/web/olostep_web/base.py:95 → repo/llama-index-integrations/readers/llama-index-readers-web/llama_index/readers/web/olostep_web/base.py:107repo/llama-index-integrations/readers/llama-index-readers-web/llama_index/readers/web/olostep_web/base.py:135 → repo/llama-index-integrations/readers/llama-index-readers-web/llama_index/readers/web/olostep_web/base.py:145repo/llama-index-integrations/readers/llama-index-readers-wordpress/llama_index/readers/wordpress/base.py:130 → repo/llama-index-integrations/readers/llama-index-readers-wordpress/llama_index/readers/wordpress/base.py:132repo/llama-index-integrations/tools/llama-index-tools-azure-code-interpreter/llama_index/tools/azure_code_interpreter/base.py:166 → repo/llama-index-integrations/tools/llama-index-tools-azure-code-interpreter/llama_index/tools/azure_code_interpreter/base.py:176repo/llama-index-integrations/tools/llama-index-tools-azure-cv/llama_index/tools/azure_cv/base.py:41 → repo/llama-index-integrations/tools/llama-index-tools-azure-cv/llama_index/tools/azure_cv/base.py:39repo/llama-index-integrations/tools/llama-index-tools-bing-search/llama_index/tools/bing_search/base.py:27 → repo/llama-index-integrations/tools/llama-index-tools-bing-search/llama_index/tools/bing_search/base.py:25repo/llama-index-integrations/tools/llama-index-tools-brave-search/llama_index/tools/brave_search/base.py:37 → repo/llama-index-integrations/tools/llama-index-tools-brave-search/llama_index/tools/brave_search/base.py:41repo/llama-index-integrations/tools/llama-index-tools-serpex/llama_index/tools/serpex/base.py:132 → repo/llama-index-integrations/tools/llama-index-tools-serpex/llama_index/tools/serpex/base.py:128repo/llama-index-integrations/tools/llama-index-tools-wolfram-alpha/llama_index/tools/wolfram_alpha/base.py:80 → repo/llama-index-integrations/tools/llama-index-tools-wolfram-alpha/llama_index/tools/wolfram_alpha/base.py:81repo/llama-index-integrations/llms/llama-index-llms-mymagic/llama_index/llms/mymagic/base.py:190 → repo/llama-index-integrations/llms/llama-index-llms-mymagic/llama_index/llms/mymagic/base.py:193repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:202 → repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:204repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:289 → repo/llama-index-integrations/llms/llama-index-llms-maritalk/llama_index/llms/maritalk/base.py:292repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:111 → repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:126repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:111 → repo/llama-index-integrations/indices/llama-index-indices-managed-dashscope/llama_index/indices/managed/dashscope/base.py:141repo/llama-index-integrations/node_parser/llama-index-node-parser-relational-dashscope/llama_index/node_parser/dashscope/base.py:77 → repo/llama-index-integrations/node_parser/llama-index-node-parser-relational-dashscope/llama_index/node_parser/dashscope/base.py:91</> First-Party Code
first-party (python)
python first-party response = requests.post(
DEFAULT_YANDEXGPT_API_BASE, json=payload, headers=header
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.put(
base_url + UPSERT_PIPELINE_ENDPOINT,
data=json.dumps(pipeline_create),
headers=headers,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
base_url + START_PIPELINE_ENDPOINT.format(pipeline_id=pipeline_id),
headers=headers,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(self._endpoint, json=data, headers=headers)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
self._endpoint, json=data, headers=headers, stream=True
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
resp = requests.post(
self.completion_url,
json=question_data,
headers=headers,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
service_url, data=json.dumps(my_input), headers=headers
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(SEARCH_TEXT_BASE_URL, headers=headers, data=payload)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
res = requests.get(url, auth=HTTPBasicAuth(self.username, self.api_key))
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(graphql_endpoint, json=payload, headers=headers)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(url, headers=self._authorization_headers)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(url=self.api_url, json=data, headers=headers)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(full_url, timeout=10)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(full_url, timeout=10)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
LAYOUT_ANALYSIS_URL, headers=headers, files=files, data=options
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
self.base_url,
headers=headers,
files=files,
data={
"ocr": self.ocr,
"model": self.model,
"output_formats": f"['{self.output_format}']",
"coordinates": self.coordinates,
"base64_encoding": f"{self.base64_encoding}",
},
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = httpx.post(
QUERY_DATA_ENDPOINT,
headers=headers,
json=payload,
timeout=API_TIMEOUT_SECONDS,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(api_url, headers=headers, json=data)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(api_url, headers=headers, json=data)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(url, auth=auth)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(api_url, headers=headers, json=body)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
f"{self.cv_url}?features={','.join(features)}&language={self.language}&api-version={self.api_version}",
headers={"Ocp-Apim-Subscription-Key": self.api_key},
json={"url": url},
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(
ENDPOINT_BASE_URL + endpoint,
headers={"Ocp-Apim-Subscription-Key": self.api_key},
params={"q": query, "mkt": self.lang, "count": self.results},
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(url, headers=headers)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(
self.base_url,
params=params,
headers={
"Authorization": f"Bearer {self.api_key}",
},
timeout=30,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.get(url, headers=headers)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
self._run.track(
Text(llm_input),
name="prompt",
step=self._llm_response_step,
context={"event_id": event_id},
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
self._run.track(
Text(llm_output),
name="response",
step=self._llm_response_step,
context={"event_id": event_id},
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
self._run.track(
Text(chunk),
name="chunk",
step=self._llm_response_step,
context={"chunk_id": chunk_id, "event_id": event_id},
)
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
OTLPSpanExporter,
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk import trace as trace_sdk
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk.trace.export import SimpleSpanProcessor
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry import context, propagate, trace
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk.resources import SERVICE_NAME, Resource
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk.trace import SpanProcessor, TracerProvider
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk.trace.export import (
BatchSpanProcessor,
ConsoleSpanExporter,
SimpleSpanProcessor,
SpanExporter,
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.trace import set_span_in_context
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
expand_more 461 low-confidence finding(s)
with open(data_file, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("conversation_docs.json", "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(MKDOCS_YML) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(toml_path) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(os.path.join(full_path, module_name), "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(MKDOCS_YML, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("./src/content/docs/framework/CHANGELOG.md", "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("./src/content/docs/framework/CHANGELOG.md", "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env = os.environ.copy()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(repo_root / "CHANGELOG.md", "r+") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(repo_root / "llama-index-core" / "pyproject.toml", "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with urllib.request.urlopen(url, timeout=10) as response:
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(pyproject_path, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif env_key and env_key in os.environ and os.environ[env_key]:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.environ[env_key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(mappings_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if os.getenv("IS_TESTING"):
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
save_file = open(
os.path.join(dataset_full_path, "dev_distractor.json"), "wb"
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
f = open(dataset_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["COHERE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
base_url = base_url or os.environ.get("LLAMA_CLOUD_BASE_URL", DEFAULT_BASE_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_url = app_url or os.environ.get("LLAMA_CLOUD_APP_URL", DEFAULT_APP_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("LLAMA_CLOUD_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
base_url = base_url or os.environ.get("LLAMA_CLOUD_BASE_URL", DEFAULT_BASE_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_url = app_url or os.environ.get("LLAMA_CLOUD_APP_URL", DEFAULT_APP_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("LLAMA_CLOUD_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if os.getenv("IS_TESTING"):
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(image_path, "rb") as image_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(obj_node_mapping_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(obj_node_mapping_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(input_file, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
img_bytes = self.image_resource.path.read_bytes()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "NLTK_DATA" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._nltk_data_dir = str(Path(os.environ["NLTK_DATA"]))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "TIKTOKEN_CACHE_DIR" not in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKTOKEN_CACHE_DIR"] = os.path.join(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
del os.environ["TIKTOKEN_CACHE_DIR"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "LLAMA_INDEX_CACHE_DIR" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
path = Path(os.environ["LLAMA_INDEX_CACHE_DIR"])
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
data = path.read_bytes()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(
os.path.join(output_path, "config.json"), "w", encoding="utf-8"
) as fOut:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(os.path.join(input_path, "config.json"), encoding="utf-8") as fIn:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
aws_region = aws_region or os.getenv("AWS_REGION")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
aws_access_key_id = aws_access_key_id or os.getenv("AWS_ACCESS_KEY_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
aws_secret_access_key = aws_secret_access_key or os.getenv(
"AWS_SECRET_ACCESS_KEY"
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
aws_session_token = aws_session_token or os.getenv("AWS_SESSION_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if pat is None and os.environ.get("CLARIFAI_PAT") is not None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
pat = os.environ.get("CLARIFAI_PAT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if not pat and os.environ.get("CLARIFAI_PAT") is None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(image_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_token = api_token or os.getenv(ENV_VARIABLE, None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
NEO4J_USERNAME = os.getenv("NEO4J_USERNAME")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
NEO4J_PASSWORD = os.getenv("NEO4J_PASSWORD")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
NEO4J_URL = os.getenv("NEO4J_URL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
NEO4J_DATABASE = os.getenv("NEO4J_DATABASE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.quant_config = os.getenv("QUANT_CONFIG", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.getenv("GOOGLE_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
vertexai = vertexai_config is not None or os.getenv(
"GOOGLE_GENAI_USE_VERTEXAI", False
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
project = (vertexai_config or {}).get("project") or os.getenv(
"GOOGLE_CLOUD_PROJECT", None
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
location = (vertexai_config or {}).get("location") or os.getenv(
"GOOGLE_CLOUD_LOCATION", None
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if not (apikey or "WATSONX_APIKEY" in os.environ) and not (
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
token or "WATSONX_TOKEN" in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_TOKEN" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_PASSWORD" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_APIKEY" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif token or "WATSONX_TOKEN" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif password or "WATSONX_PASSWORD" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as image_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["MXBAI_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("NETMIND_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
default_factory=lambda: os.getenv("NVIDIA_BASE_URL", BASE_URL),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(
oci_config.get("security_token_file"), encoding="utf-8"
) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
openai_api_key = api_key or os.environ.get("OPENAI_API_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("TOGETHER_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.post(
DEFAULT_YANDEXGPT_API_BASE, json=payload, headers=header
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(fn, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = os.getenv("OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
key in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
graphd_host, graphd_port = os.environ["NEBULA_ADDRESS"].split(":")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["NEBULA_USER"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["NEBULA_PASSWORD"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(Path(persist_dir) / "multi_embed_store.pkl", "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
open(Path(persist_dir) / "multi_embed_store.pkl", "rb")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.workspace_id = workspace_id or os.environ.get("DASHSCOPE_WORKSPACE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_key = api_key or os.environ.get("DASHSCOPE_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._base_url = os.environ.get("DASHSCOPE_BASE_URL", None) or base_url
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
workspace_id = workspace_id or os.environ.get("DASHSCOPE_WORKSPACE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("DASHSCOPE_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
or os.environ.get("DASHSCOPE_BASE_URL", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.workspace_id = workspace_id or os.environ.get("DASHSCOPE_WORKSPACE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_key = api_key or os.environ.get("DASHSCOPE_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.get("DASHSCOPE_BASE_URL", None) or DASHSCOPE_DEFAULT_BASE_URL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = os.getenv("LANCEDB_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.get("VECTARA_CORPUS_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._vectara_api_key = vectara_api_key or os.environ.get("VECTARA_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
files = {"file": (filename, open(file_path, "rb"))}
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("AIBADGR_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_base = os.environ.get("AIBADGR_BASE_URL", api_base)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("ASI_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = self.api_key or os.getenv("AZURE_OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.getenv("AZURE_OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = self.api_key or os.getenv("AZURE_OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_base: str = os.environ.get("CEREBRAS_BASE_URL", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("CEREBRAS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if pat is None and os.environ.get("CLARIFAI_PAT") is not None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
pat = os.environ.get("CLARIFAI_PAT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if not pat and os.environ.get("CLARIFAI_PAT") is None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
default=os.environ.get("SNOWFLAKE_USERNAME", None),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
default=os.environ.get("SNOWFLAKE_ACCOUNT", None),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
default=os.environ.get("SNOWFLAKE_KEY_FILE", None),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.user = user or os.environ.get("SNOWFLAKE_USERNAME")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.account = account or os.environ.get("SNOWFLAKE_ACCOUNT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env_key_file = os.environ.get("SNOWFLAKE_KEY_FILE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(jwt_token) as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(SPCS_TOKEN_PATH) as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.path.exists(SPCS_TOKEN_PATH) and os.environ.get("SNOWFLAKE_HOST") is not None
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.getenv("SNOWFLAKE_HOST")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(sf_private_key_filepath, "rb") as pem_in:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("DATABRICKS_TOKEN", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_base = api_base or os.environ.get("DATABRICKS_SERVING_ENDPOINT", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("DEEPSEEK_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("FEATHERLESS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.quant_config = os.getenv("QUANT_CONFIG", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.local_rank = int(os.getenv("LOCAL_RANK", "0"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.world_size = int(os.getenv("WORLD_SIZE", "0"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.global_rank = int(os.getenv("RANK", "0"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const_marking = os.getenv("ENABLE_CONST_MARKING", "True")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("EXPERIMENTAL_WEIGHT_SHARING", "FALSE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("GRAPH_VISUALIZATION", "true")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("PT_HPU_LAZY_ACC_PAR_MODE", "0")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("PT_HPU_ENABLE_LAZY_COLLECTIVES", "true")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("PT_HPUGRAPH_DISABLE_TENSOR_CACHE", "1")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.getenv("GOOGLE_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
or os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "false") != "false"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
project = (vertexai_config or {}).get("project") or os.getenv(
"GOOGLE_CLOUD_PROJECT", None
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
location = (vertexai_config or {}).get("location") or os.getenv(
"GOOGLE_CLOUD_LOCATION", None
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("GROQ_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if not (apikey or "WATSONX_APIKEY" in os.environ) and not (
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
token or "WATSONX_TOKEN" in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_TOKEN" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_PASSWORD" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_APIKEY" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif token or "WATSONX_TOKEN" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif password or "WATSONX_PASSWORD" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.get("https://api.keywordsai.co/api/models/public")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
openai_api_key = api_key or os.environ.get("KEYWORDSAI_API_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(model_path, "wb") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = self.api_key or os.getenv("MARITALK_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("LLAMA_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("MINIMAX_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("MODELSLAB_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("NEBIUS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("NETMIND_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(config_path) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(serialize_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
base_url: Optional[str] = os.getenv("NVIDIA_BASE_URL", BASE_URL),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(oci_config.get("security_token_file"), encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
openai_api_key = api_key or os.environ.get("OPENAI_API_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = os.environ.get("OVHCLOUD_API_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("PAIEAS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_base = api_base or os.environ.get("PAIEAS_API_BASE", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("PALM_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or getenv("PPLX_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("PIPESHIFT_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
else os.environ.get("PREDIBASE_API_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["PREDIBASE_GATEWAY"] = "https://api.app.predibase.com"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.getenv("REKA_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
base_kwargs["image"] = open(self.image, "rb")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("TOGETHER_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("YI_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return self.ydc_api_key or os.environ["YDC_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
DASHSCOPE_API_KEY = os.environ.get("DASHSCOPE_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.getenv("DASHSCOPE_BASE_URL", "https://dashscope.aliyuncs.com")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["AIMON_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["COHERE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["CONTEXTUAL_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["DASHSCOPE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.project_id = os.environ.get("GOOGLE_CLOUD_PROJECT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if not (apikey or "WATSONX_APIKEY" in os.environ) and not (
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
token or "WATSONX_TOKEN" in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_TOKEN" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_PASSWORD" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_APIKEY" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif token or "WATSONX_TOKEN" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif password or "WATSONX_PASSWORD" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["MXBAI_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
base_url: Optional[str] = os.getenv("NVIDIA_BASE_URL", BASE_URL),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["PINECONE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
content=base64.b64encode(open(file_path, "rb").read()).decode(),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
content=base64.b64encode(open(file_path, "rb").read()).decode(),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file=download_file_path, mode="wb") as download_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file=download_file_path, mode="wb") as download_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if os.getenv("BITBUCKET_USERNAME") is None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if os.getenv("BITBUCKET_API_KEY") is None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
username = os.getenv("BITBUCKET_USERNAME")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_token = os.getenv("BITBUCKET_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
client_id = os.getenv("BOX_CLIENT_ID", "YOUR_BOX_CLIENT_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
client_secret = os.getenv("BOX_CLIENT_SECRET", "YOUR_BOX_CLIENT_SECRET")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
enterprise_id = os.getenv("BOX_ENTERPRISE_ID", "YOUR_BOX_ENTERPRISE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ccg_user_id = os.getenv("BOX_USER_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "wb") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._bearer_token = bearer_token or os.getenv("BEARER_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(custom_file_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_token = os.getenv(CONFLUENCE_API_TOKEN)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
user_name = os.getenv(CONFLUENCE_USERNAME)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
password = os.getenv(CONFLUENCE_PASSWORD)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.get(
"https://icanhazdadjoke.com/", headers={"Accept": "application/json"}
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
DASHSCOPE_DEFAULT_DC_CATEGORY = os.getenv(
"DASHSCOPE_DEFAULT_DC_CATEGORY", default="default"
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = os.getenv("DASHSCOPE_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.getenv("DASHSCOPE_WORKSPACE_ID", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.getenv("DASHSCOPE_CATEGORY_ID", DASHSCOPE_DEFAULT_DC_CATEGORY)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.getenv("DASHSCOPE_BASE_URL", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
discord_token = os.environ["DISCORD_TOKEN"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
access_token: Optional[str] = os.environ.get("DOCUGAMI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
access_token: Optional[str] = os.environ.get("DOCUGAMI_API_KEY"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
auth_file.write_text(auth.strip())
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_id = os.environ.get("FEISHU_APP_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_secret = os.environ.get("FEISHU_APP_SECRET")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
print(reader.load_data(document_ids=[os.environ.get("FEISHU_DOC_ID")]))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file, encoding="utf-8") as html_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file, encoding=self._encoding) as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(str(input_file)) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file) as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(env_path) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ[key.strip()] = value.strip()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_token = os.getenv("GITBOOK_API_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
space_id = os.getenv("GITBOOK_SPACE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(key_path, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_id = os.getenv("GITHUB_APP_ID", "123456")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
installation_id = os.getenv("GITHUB_INSTALLATION_ID", "789012")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
private_key_path = os.getenv("GITHUB_PRIVATE_KEY_PATH", "path/to/your-app.private-key.pem")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
private_key = os.getenv("GITHUB_PRIVATE_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_id = os.getenv("GITHUB_APP_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
installation_id = os.getenv("GITHUB_INSTALLATION_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
private_key = os.getenv("GITHUB_PRIVATE_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_id = os.getenv("GITHUB_APP_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
installation_id = os.getenv("GITHUB_INSTALLATION_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
private_key = os.getenv("GITHUB_PRIVATE_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
example = os.getenv("EXAMPLE", "basic")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
github_token = os.getenv("GITHUB_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
github_token = os.getenv("GITHUB_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
github_client = GithubClient(github_token=os.environ["GITHUB_TOKEN"], verbose=True)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
github_token = os.getenv("GITHUB_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("token.json", "w") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("token.json", "w") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("credentials.json") as json_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("token.json", "w") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(credentials_path, encoding="utf-8") as json_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(token_path, encoding="utf-8") as json_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(service_account_key_path, encoding="utf-8") as json_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.token_path, "w", encoding="utf-8") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(new_file_name, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(downloaded_file, "rb") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("token.json", "w") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("keep_credentials.json") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = api_key or os.getenv("GOOGLE_MAPS_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.post(SEARCH_TEXT_BASE_URL, headers=headers, data=payload)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open("token.json", "w") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(ignore_file_path) as ignore_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, errors="ignore", encoding=encoding) as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.get(initial_url, auth=self.guru_auth)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
test_data = self.fs.read_bytes(path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(tmp / "tmp.jsonl.gz", "wb") as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("/tmp/debugjaguarrdr.log", "a") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "JOPLIN_ACCESS_TOKEN" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.environ["JOPLIN_ACCESS_TOKEN"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(input_file, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKA_SERVER_ENDPOINT"] = tika_server_url
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKA_SERVER_JAR"] = tika_server_jar_path
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKA_SERVER_JAR"] = str(cached_jar)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKA_SERVER_JAR"] = str(cached_jar)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKA_SERVER_ENDPOINT"] = "http://localhost:9998"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKA_SERVER_ENDPOINT"] = "http://localhost:9998"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.post(graphql_endpoint, json=payload, headers=headers)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(file_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(local_file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
integration_token = os.getenv(INTEGRATION_TOKEN_NAME)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(filepath, "wb") as w:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
resp = requests.get(
"https://eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi",
params=parameters,
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
resp = requests.get(
"https://eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi",
params=parameters,
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
self.api_key = os.getenv("PATENTSVIEW_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.post(BASE_URL, json=self.json, headers=self.headers)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
response = requests.post(BASE_URL, json=self.json, headers=self.headers)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
CLASSIFIER_URL = os.getenv("PEBBLO_CLASSIFIER_URL", "http://localhost:8000")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
path=os.environ["PWD"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
psychic_key = os.environ["PSYCHIC_SECRET_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
client_id=os.getenv("REDDIT_CLIENT_ID"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
client_secret=os.getenv("REDDIT_CLIENT_SECRET"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
user_agent=os.getenv("REDDIT_USER_AGENT"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
username=os.getenv("REDDIT_USERNAME"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
password=os.getenv("REDDIT_PASSWORD"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(filepath, "wb") as output:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(
f"data/{curr_tic}/{curr_year}/{curr_filing_type}.json", "w"
) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(
f"data/{curr_tic}/{curr_year[:-2]}/{curr_filing_type}_{curr_year[-2:]}.json",
"w",
) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
allowed_origins = os.environ.get("ALLOWED_ORIGINS", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
allowed_mimetypes_str = os.environ.get("UNSTRUCTURED_ALLOWED_MIMETYPES")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
company = os.environ.get("SEC_API_ORGANIZATION")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
email = os.environ.get("SEC_API_EMAIL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
company = os.environ.get("SEC_API_ORGANIZATION")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
email = os.environ.get("SEC_API_EMAIL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "wb") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
pdf = PdfReader(open(file_path, "rb"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(test_file, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(custom_file_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(custom_file_path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(test_file, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
slack_token = os.environ["SLACK_BOT_TOKEN"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_key = api_key or os.environ.get("STACKOVERFLOW_PAT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._team_name = team_name or os.environ.get("STACKOVERFLOW_TEAM_NAME")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(fp) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(
os.path.join(self._cache_dir, f"{doc_type}_{page}.json"), "w"
) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.get("STACKOVERFLOW_PAT"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.get("STACKOVERFLOW_TEAM_NAME"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif env_key and env_key in os.environ and os.environ[env_key]:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.environ[env_key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.post(
LAYOUT_ANALYSIS_URL, headers=headers, files=files, data=options
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif env_key and env_key in os.environ and os.environ[env_key]:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.environ[env_key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = httpx.post(
QUERY_DATA_ENDPOINT,
headers=headers,
json=payload,
timeout=API_TIMEOUT_SECONDS,
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
api_key = api_key or os.getenv("HYPERBROWSER_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.post(api_url, headers=headers, json=data)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
response = requests.post(api_url, headers=headers, json=data)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(path) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path_or_bytes, "rb") as audio_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path_or_bytes, "rb") as audio_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(text) as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
zulip_token = os.environ.get("ZULIP_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(
os.path.join(path, DEFAULT_PERSIST_FILENAME), "w", encoding=encoding
) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(os.path.join(path, DEFAULT_PERSIST_FILENAME), encoding=encoding) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "MONGO_URI" not in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["MONGO_URI"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
res = requests.post(
f"{API_ENDPOINT}/search",
headers=headers,
json={
"collection_id": self._collection_id,
"search_term": query_bundle.query_str,
},
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
api_key = os.environ.get("VIDEO_DB_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_key = api_key or os.getenv("YDC_API_KEY") or ""
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
output = OpenAI(model=model, api_key=os.getenv("OPENAI_API_KEY"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
output = Anthropic(model=model, api_key=os.getenv("ANTHROPIC_API_KEY"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
output = Cohere(model=model, api_key=os.getenv("COHERE_API_KEY"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
output = MistralAI(model=model, api_key=os.getenv("MISTRALAI_API_KEY"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
output = TogetherLLM(model=model, api_key=os.getenv("TOGETHERAI_API_KEY"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
dynamodb_url = os.getenv("DYNAMODB_URL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_key = os.getenv("AGENTQL_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.getenv("AWS_REGION") or os.getenv("AWS_DEFAULT_REGION") or "us-west-2"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.pool_management_endpoint: str = pool_management_endpoint or os.getenv(
"AZURE_POOL_MANAGEMENT_ENDPOINT"
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
data = open(local_file_path, "rb")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(local_file_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
request = requests.post(
ENDPOINT_BASE_URL,
params={"api-version": "3.0", "to": language},
headers=self.headers,
json=[{"text": text}],
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(output_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
trigger_response = requests.post(
"https://api.brightdata.com/datasets/v3/trigger",
params={"dataset_id": dataset_id, "include_errors": True},
headers=self._headers,
json=[request_data],
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
elif os.environ["OPENAI_API_KEY"]:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.OAI_token = os.environ["OPENAI_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
files = {"file": open(file, "rb")}
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = api_key or os.environ.get("DAPPIER_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = api_key or os.environ.get("DAPPIER_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(output_path, "wb") as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.service_account_key_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.token_path, "w") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.service_account_key_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(self.token_path, "w") as token:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
email: str = os.environ.get("JIRA_ACCOUNT_EMAIL", ""),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key: Optional[str] = os.environ.get("JIRA_API_KEY", ""),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
server_url: Optional[str] = os.environ.get("JIRA_SERVER_URL", ""),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
access_token=os.environ.get("IPINFO_API_TOKEN", None),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
'hourly_weather': os.getenv('HOURLY_WEATHER_API_KEY'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
'daily_weather': os.getenv('DAILY_WEATHER_API_KEY'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
'daily_climate': os.getenv('DAILY_CLIMATE_API_KEY'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
'air_quality': os.getenv('AIR_QUALITY_API_KEY'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
'geocoding': os.getenv('GEOCODING_API_KEY'),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
MOSS_PROJECT_KEY = os.getenv("MOSS_PROJECT_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
MOSS_PROJECT_ID = os.getenv("MOSS_PROJECT_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
llm = OpenAI(api_key=os.environ["OPENAI_API_KEY"])
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.post(SEARCH_URL, json=payload, headers=self.reader.headers)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
f = open(file_name).read()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["SERPEX_API_KEY"] = "your_api_key_here"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if not os.environ.get("SERPEX_API_KEY"):
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = api_key or os.environ.get("SERPEX_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = os.environ.get("SERPEX_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env = dict(os.environ)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
candidate = explicit or os.environ.get("SIGNNOW_MCP_BIN") or "sn-mcp"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(output_path, "wb") as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key=os.environ["VALYU_API_KEY"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key=os.environ.get("VALYU_API_KEY", "your-api-key-here"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
response = requests.get(
"https://nla.zapier.com/api/v1/dynamic/exposed/", headers=self._headers
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
if "AZURE_COSMOSDB_MONGODB_URI" not in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["AZURE_COSMOSDB_MONGODB_URI"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log_level = os.getenv("LOG_LEVEL", "ERROR").upper()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(ref_docs_path) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(os.path.join(self._work_dir, "ref_docs.json"), "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(id_map_path, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(id_map_path, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(config_path) as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(config_path, "w") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("/tmp/debugjaguar.log", "a") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if api_key is None and os.getenv("LANCE_API_KEY") is None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
uri, api_key=api_key or os.getenv("LANCE_API_KEY"), region=region
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "MONGODB_URI" not in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["MONGODB_URI"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "MONGODB_URI" not in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["MONGODB_URI"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = os.getenv("MOORCHEH_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
log_level = os.getenv("LOG_LEVEL", "ERROR").upper()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif not api_key and not getenv("ROCKSET_API_KEY"):
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key=api_key or getenv("ROCKSET_API_KEY"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
host=api_server or getenv("ROCKSET_API_SERVER"),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(config_path, "r" if jsonconfig else "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(
config_path,
"w" if jsonconfig else "wb",
encoding="utf-8" if jsonconfig else None,
) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ENABLE_V2 = os.getenv("VERTEX_AI_ENABLE_V2", "true").lower() == "true"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
EMBEDDING_MODEL = os.getenv("ARK_EMBEDDING_MODEL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
LLM_MODEL = os.getenv("ARK_LLM_MODEL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
ARK_API_KEY = os.getenv("ARK_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
host = os.getenv("VEM_HOST")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
port = int(os.getenv("VEM_PORT")) if os.getenv("VEM_PORT") else None
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
user = os.getenv("VEM_USER")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
password = os.getenv("VEM_PASSWORD")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
database = os.getenv("VEM_DATABASE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
table_name = os.getenv("VEM_TABLE", "llamaindex_demo")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
openai_api_key = os.getenv("OPENAI_API_KEY", None) or self.api_key
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
out.write_text(body, encoding="utf-8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
meta.write_text(f"label: {transform_dir_name(d.name)}\ncollapsed: true\n")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
content = src.read_text(encoding="utf-8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
dst.write_text(content, encoding="utf-8")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
(int_dest / "_meta.yml").write_text(
"label: Integrations\ncollapsed: true\norder: 998\n"
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("./core_package_metrics.json") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("./core_package_metrics.json", "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("./all_package_metrics.json") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open("./all_package_metrics.json", "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/indices/llama-index-indices-managed-dashscope
python first-party response = requests.put(
base_url + UPSERT_PIPELINE_ENDPOINT,
data=json.dumps(pipeline_create),
headers=headers,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
base_url + START_PIPELINE_ENDPOINT.format(pipeline_id=pipeline_id),
headers=headers,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
expand_more 9 low-confidence finding(s)
self.workspace_id = workspace_id or os.environ.get("DASHSCOPE_WORKSPACE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_key = api_key or os.environ.get("DASHSCOPE_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._base_url = os.environ.get("DASHSCOPE_BASE_URL", None) or base_url
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
workspace_id = workspace_id or os.environ.get("DASHSCOPE_WORKSPACE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("DASHSCOPE_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
or os.environ.get("DASHSCOPE_BASE_URL", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.workspace_id = workspace_id or os.environ.get("DASHSCOPE_WORKSPACE_ID")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._api_key = api_key or os.environ.get("DASHSCOPE_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.get("DASHSCOPE_BASE_URL", None) or DASHSCOPE_DEFAULT_BASE_URL
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-maritalk
python first-party response = requests.post(self._endpoint, json=data, headers=headers)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
response = requests.post(
self._endpoint, json=data, headers=headers, stream=True
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
expand_more 1 low-confidence finding(s)
self.api_key = self.api_key or os.getenv("MARITALK_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-mymagic
python first-party resp = requests.post(
self.completion_url,
json=question_data,
headers=headers,
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
first-party (python): llama-index-integrations/node_parser/llama-index-node-parser-relational-dashscope
python first-party response = requests.post(
service_url, data=json.dumps(my_input), headers=headers
)
User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.
Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.
expand_more 2 low-confidence finding(s)
DASHSCOPE_API_KEY = os.environ.get("DASHSCOPE_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.getenv("DASHSCOPE_BASE_URL", "https://dashscope.aliyuncs.com")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/observability/llama-index-observability-otel
python first-partyfrom opentelemetry import context, propagate, trace
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk.resources import SERVICE_NAME, Resource
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk.trace import SpanProcessor, TracerProvider
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.sdk.trace.export import (
BatchSpanProcessor,
ConsoleSpanExporter,
SimpleSpanProcessor,
SpanExporter,
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
from opentelemetry.trace import set_span_in_context
A telemetry/analytics SDK is used; event data is sent to a third-party collector.
Fix: Ensure user consent and a lawful basis; strip PII from event payloads.
first-party (python): llama-dev
python first-partyexpand_more 9 low-confidence finding(s)
env = os.environ.copy()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(repo_root / "CHANGELOG.md", "r+") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(repo_root / "llama-index-core" / "pyproject.toml", "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with urllib.request.urlopen(url, timeout=10) as response:
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
with open(pyproject_path, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "r") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "w") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(pyproject_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-core
python first-partyexpand_more 35 low-confidence finding(s)
elif env_key and env_key in os.environ and os.environ[env_key]:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.environ[env_key]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(mappings_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(file_path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if os.getenv("IS_TESTING"):
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
save_file = open(
os.path.join(dataset_full_path, "dev_distractor.json"), "wb"
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
f = open(dataset_path)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, "w", encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(path, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ["COHERE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
base_url = base_url or os.environ.get("LLAMA_CLOUD_BASE_URL", DEFAULT_BASE_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_url = app_url or os.environ.get("LLAMA_CLOUD_APP_URL", DEFAULT_APP_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("LLAMA_CLOUD_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
base_url = base_url or os.environ.get("LLAMA_CLOUD_BASE_URL", DEFAULT_BASE_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
app_url = app_url or os.environ.get("LLAMA_CLOUD_APP_URL", DEFAULT_APP_URL)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("LLAMA_CLOUD_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if os.getenv("IS_TESTING"):
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(image_path, "rb") as image_file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(obj_node_mapping_path, "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(obj_node_mapping_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(input_file, encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
img_bytes = self.image_resource.path.read_bytes()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "NLTK_DATA" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._nltk_data_dir = str(Path(os.environ["NLTK_DATA"]))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "TIKTOKEN_CACHE_DIR" not in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["TIKTOKEN_CACHE_DIR"] = os.path.join(
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
del os.environ["TIKTOKEN_CACHE_DIR"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if "LLAMA_INDEX_CACHE_DIR" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
path = Path(os.environ["LLAMA_INDEX_CACHE_DIR"])
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
data = path.read_bytes()
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/graph_rag/llama-index-graph-rag-cognee
python first-partyexpand_more 1 low-confidence finding(s)
api_key = os.getenv("OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/graph_stores/llama-index-graph-stores-nebula
python first-partyexpand_more 4 low-confidence finding(s)
key in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
graphd_host, graphd_port = os.environ["NEBULA_ADDRESS"].split(":")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["NEBULA_USER"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["NEBULA_PASSWORD"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/indices/llama-index-indices-managed-bge-m3
python first-partyexpand_more 2 low-confidence finding(s)
with open(Path(persist_dir) / "multi_embed_store.pkl", "wb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
open(Path(persist_dir) / "multi_embed_store.pkl", "rb")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/indices/llama-index-indices-managed-lancedb
python first-partyexpand_more 1 low-confidence finding(s)
self.api_key = os.getenv("LANCEDB_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/indices/llama-index-indices-managed-vectara
python first-partyexpand_more 3 low-confidence finding(s)
os.environ.get("VECTARA_CORPUS_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self._vectara_api_key = vectara_api_key or os.environ.get("VECTARA_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
files = {"file": (filename, open(file_path, "rb"))}
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-aibadgr
python first-partyexpand_more 2 low-confidence finding(s)
api_key = api_key or os.environ.get("AIBADGR_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_base = os.environ.get("AIBADGR_BASE_URL", api_base)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-asi
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("ASI_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-azure-openai
python first-partyexpand_more 3 low-confidence finding(s)
self.api_key = self.api_key or os.getenv("AZURE_OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.getenv("AZURE_OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.api_key = self.api_key or os.getenv("AZURE_OPENAI_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-cerebras
python first-partyexpand_more 2 low-confidence finding(s)
api_base: str = os.environ.get("CEREBRAS_BASE_URL", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_key = api_key or os.environ.get("CEREBRAS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-clarifai
python first-partyexpand_more 3 low-confidence finding(s)
if pat is None and os.environ.get("CLARIFAI_PAT") is not None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
pat = os.environ.get("CLARIFAI_PAT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
if not pat and os.environ.get("CLARIFAI_PAT") is None:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-cortex
python first-partyexpand_more 11 low-confidence finding(s)
default=os.environ.get("SNOWFLAKE_USERNAME", None),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
default=os.environ.get("SNOWFLAKE_ACCOUNT", None),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
default=os.environ.get("SNOWFLAKE_KEY_FILE", None),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.user = user or os.environ.get("SNOWFLAKE_USERNAME")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
self.account = account or os.environ.get("SNOWFLAKE_ACCOUNT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
env_key_file = os.environ.get("SNOWFLAKE_KEY_FILE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(jwt_token) as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(SPCS_TOKEN_PATH) as fp:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.path.exists(SPCS_TOKEN_PATH) and os.environ.get("SNOWFLAKE_HOST") is not None
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
return os.getenv("SNOWFLAKE_HOST")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(sf_private_key_filepath, "rb") as pem_in:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-databricks
python first-partyexpand_more 2 low-confidence finding(s)
api_key = api_key or os.environ.get("DATABRICKS_TOKEN", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_base = api_base or os.environ.get("DATABRICKS_SERVING_ENDPOINT", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-deepseek
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("DEEPSEEK_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-featherlessai
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("FEATHERLESS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-gaudi
python first-partyexpand_more 10 low-confidence finding(s)
args.quant_config = os.getenv("QUANT_CONFIG", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.local_rank = int(os.getenv("LOCAL_RANK", "0"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.world_size = int(os.getenv("WORLD_SIZE", "0"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
args.global_rank = int(os.getenv("RANK", "0"))
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
const_marking = os.getenv("ENABLE_CONST_MARKING", "True")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("EXPERIMENTAL_WEIGHT_SHARING", "FALSE")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("GRAPH_VISUALIZATION", "true")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("PT_HPU_LAZY_ACC_PAR_MODE", "0")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("PT_HPU_ENABLE_LAZY_COLLECTIVES", "true")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ.setdefault("PT_HPUGRAPH_DISABLE_TENSOR_CACHE", "1")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-google-genai
python first-partyexpand_more 4 low-confidence finding(s)
api_key = api_key or os.getenv("GOOGLE_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
or os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "false") != "false"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
project = (vertexai_config or {}).get("project") or os.getenv(
"GOOGLE_CLOUD_PROJECT", None
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
location = (vertexai_config or {}).get("location") or os.getenv(
"GOOGLE_CLOUD_LOCATION", None
)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-groq
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("GROQ_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-ibm
python first-partyexpand_more 9 low-confidence finding(s)
if not (apikey or "WATSONX_APIKEY" in os.environ) and not (
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
token or "WATSONX_TOKEN" in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_TOKEN" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_PASSWORD" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_APIKEY" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif token or "WATSONX_TOKEN" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif password or "WATSONX_PASSWORD" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-keywordsai
python first-partyexpand_more 2 low-confidence finding(s)
response = requests.get("https://api.keywordsai.co/api/models/public")
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
openai_api_key = api_key or os.environ.get("KEYWORDSAI_API_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-llama-cpp
python first-partyexpand_more 1 low-confidence finding(s)
with open(model_path, "wb") as file:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-meta
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("LLAMA_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-minimax
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("MINIMAX_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-modelslab
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("MODELSLAB_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-nebius
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("NEBIUS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-netmind
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("NETMIND_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-nvidia
python first-partyexpand_more 1 low-confidence finding(s)
base_url: Optional[str] = os.getenv("NVIDIA_BASE_URL", BASE_URL),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-nvidia-tensorrt
python first-partyexpand_more 2 low-confidence finding(s)
with open(config_path) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(serialize_path, "rb") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-oci-genai
python first-partyexpand_more 1 low-confidence finding(s)
with open(oci_config.get("security_token_file"), encoding="utf-8") as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-openai
python first-partyexpand_more 1 low-confidence finding(s)
openai_api_key = api_key or os.environ.get("OPENAI_API_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-ovhcloud
python first-partyexpand_more 1 low-confidence finding(s)
api_key = os.environ.get("OVHCLOUD_API_KEY", "")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-paieas
python first-partyexpand_more 2 low-confidence finding(s)
api_key = api_key or os.environ.get("PAIEAS_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
api_base = api_base or os.environ.get("PAIEAS_API_BASE", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-palm
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("PALM_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-perplexity
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or getenv("PPLX_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-pipeshift
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("PIPESHIFT_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-predibase
python first-partyexpand_more 2 low-confidence finding(s)
else os.environ.get("PREDIBASE_API_TOKEN")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["PREDIBASE_GATEWAY"] = "https://api.app.predibase.com"
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-reka
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.getenv("REKA_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-replicate
python first-partyexpand_more 1 low-confidence finding(s)
base_kwargs["image"] = open(self.image, "rb")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-together
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("TOGETHER_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-yi
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ.get("YI_API_KEY", None)
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/llms/llama-index-llms-you
python first-partyexpand_more 1 low-confidence finding(s)
return self.ydc_api_key or os.environ["YDC_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-aimon-rerank
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ["AIMON_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-cohere-rerank
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ["COHERE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-contextual-rerank
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ["CONTEXTUAL_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-dashscope-rerank
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ["DASHSCOPE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-google-rerank
python first-partyexpand_more 1 low-confidence finding(s)
self.project_id = os.environ.get("GOOGLE_CLOUD_PROJECT")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-ibm
python first-partyexpand_more 9 low-confidence finding(s)
if not (apikey or "WATSONX_APIKEY" in os.environ) and not (
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
token or "WATSONX_TOKEN" in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_TOKEN" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_PASSWORD" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
and "WATSONX_APIKEY" not in os.environ
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif token or "WATSONX_TOKEN" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif password or "WATSONX_PASSWORD" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
elif apikey or "WATSONX_APIKEY" in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-mixedbreadai-rerank
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ["MXBAI_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-nvidia-rerank
python first-partyexpand_more 1 low-confidence finding(s)
base_url: Optional[str] = os.getenv("NVIDIA_BASE_URL", BASE_URL),
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/postprocessor/llama-index-postprocessor-pinecone-native-rerank
python first-partyexpand_more 1 low-confidence finding(s)
api_key = api_key or os.environ["PINECONE_API_KEY"]
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/retrievers/llama-index-retrievers-bm25
python first-partyexpand_more 2 low-confidence finding(s)
with open(
os.path.join(path, DEFAULT_PERSIST_FILENAME), "w", encoding=encoding
) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
with open(os.path.join(path, DEFAULT_PERSIST_FILENAME), encoding=encoding) as f:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/retrievers/llama-index-retrievers-mongodb-atlas-bm25-retriever
python first-partyexpand_more 2 low-confidence finding(s)
if "MONGO_URI" not in os.environ:
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
os.environ["MONGO_URI"],
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/retrievers/llama-index-retrievers-tldw
python first-partyexpand_more 1 low-confidence finding(s)
res = requests.post(
f"{API_ENDPOINT}/search",
headers=headers,
json={
"collection_id": self._collection_id,
"search_term": query_bundle.query_str,
},
)
Data is sent to a hardcoded external endpoint; review what leaves the process.
Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.
first-party (python): llama-index-integrations/retrievers/llama-index-retrievers-videodb
python first-partyexpand_more 1 low-confidence finding(s)
api_key = os.environ.get("VIDEO_DB_API_KEY")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/retrievers/llama-index-retrievers-you
python first-partyexpand_more 1 low-confidence finding(s)
self._api_key = api_key or os.getenv("YDC_API_KEY") or ""
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
first-party (python): llama-index-integrations/storage/kvstore/llama-index-storage-kvstore-dynamodb
python first-partyexpand_more 1 low-confidence finding(s)
dynamodb_url = os.getenv("DYNAMODB_URL")
Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.
Fix: Usually benign; confirm any secret read here is not later sent externally.
⚠ Higher-risk dependencies not analyzed
These higher-risk dependencies were not analyzed in this scan — treat the verdict as provisional. This is a scan-coverage limitation, not a detected data leak.
- httpx http — scan budget exceeded
- requests http — scan budget exceeded
- aiohttp http — scan budget exceeded
- azure-cosmos cloud — scan budget exceeded
- azure-identity cloud — scan budget exceeded
- azure-data-tables cloud — scan budget exceeded
- google-cloud-firestore cloud — scan budget exceeded
- google-cloud-aiplatform cloud — scan budget exceeded
- anthropic ai — scan budget exceeded
- azure-ai-inference cloud — scan budget exceeded
- cohere ai — scan budget exceeded
- opentelemetry-sdk analytics — scan budget exceeded
- opentelemetry-api analytics — scan budget exceeded
- opentelemetry-semantic-conventions analytics — scan budget exceeded
- google-cloud-discoveryengine cloud — scan budget exceeded
Skipped dependencies
Production
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-arize-phoenix prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-langfuse prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-uptrain prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-literalai prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-argilla prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-promptlayer prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-wandb prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-opik prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-agentops prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-aim prod — scan budget exceeded
- first-party (python): llama-index-integrations/callbacks/llama-index-callbacks-openinference prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-airweave prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-code-interpreter prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-exa prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-yahoo-finance prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-text-to-image prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-cassandra prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-bing-search prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-google prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-jina prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-igpt-email prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-zapier prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-brightdata prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-python-file prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-database prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-azure-cv prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-moss prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-playgrounds prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-vector-db prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-yelp prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-openapi prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-dappier prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-aws-bedrock-agentcore prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-chatgpt-plugin prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-brave-search prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-azure-translate prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-mcp-discovery prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-salesforce prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-linkup-research prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-artifact-editor prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-openai prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-finance prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-multion prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-box prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-tavily-research prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-serpex prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-measurespace prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-seltz prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-jira prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-wikipedia prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-parallel-web-systems prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-requests prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-weather prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-wolfram-alpha prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-waii prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-ionic-shopping prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-arxiv prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-graphql prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-neo4j prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-slack prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-shopify prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-valyu prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-cogniswitch prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-agentql prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-azure-speech prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-signnow prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-typecast prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-vectara-query prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-notion prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-playwright prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-jira-issue prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-mcp prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-desearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-duckduckgo prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-azure-code-interpreter prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-elevenlabs prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-metaphor prod — scan budget exceeded
- first-party (python): llama-index-integrations/tools/llama-index-tools-hive prod — scan budget exceeded
- first-party (python): llama-index-integrations/evaluation/llama-index-evaluation-tonic-validate prod — scan budget exceeded
- first-party (python): llama-index-integrations/response_synthesizers/llama-index-response-synthesizers-google prod — scan budget exceeded
- first-party (python): llama-index-integrations/program/llama-index-program-guidance prod — scan budget exceeded
- first-party (python): llama-index-integrations/program/llama-index-program-evaporate prod — scan budget exceeded
- first-party (python): llama-index-integrations/program/llama-index-program-lmformatenforcer prod — scan budget exceeded
- first-party (python): llama-index-integrations/voice_agents/llama-index-voice-agents-openai prod — scan budget exceeded
- first-party (python): llama-index-integrations/voice_agents/llama-index-voice-agents-gemini-live prod — scan budget exceeded
- first-party (python): llama-index-integrations/voice_agents/llama-index-voice-agents-elevenlabs prod — scan budget exceeded
- first-party (python): llama-index-integrations/extractors/llama-index-extractors-entity prod — scan budget exceeded
- first-party (python): llama-index-integrations/extractors/llama-index-extractors-relik prod — scan budget exceeded
- first-party (python): llama-index-integrations/extractors/llama-index-extractors-marvin prod — scan budget exceeded
- first-party (python): llama-index-integrations/selectors/llama-index-selectors-notdiamond prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-google-genai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-sagemaker-endpoint prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-huggingface prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-isaacus prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-text-embeddings-inference prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-langchain prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-llamafile prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-oci-genai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-bedrock prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-cohere prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-mistralai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-anyscale prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-deepinfra prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-alephalpha prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-textembed prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-ipex-llm prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-vllm prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-alibabacloud-aisearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-huggingface-openvino prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-azure-inference prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-clarifai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-openvino-genai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-openai-like prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-opea prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-azure-openai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-huggingface-optimum prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-vertex-endpoint prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-llm-rails prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-modelscope prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-together prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-siliconflow prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-mixedbreadai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-gaudi prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-upstage prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-dashscope prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-gigachat prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-fastembed prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-cloudflare-workersai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-nomic prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-fireworks prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-nebius prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-databricks prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-ollama prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-nvidia prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-ibm prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-zhipuai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-vertex prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-litellm prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-jinaai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-clip prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-huggingface-optimum-intel prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-voyageai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-instructor prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-adapter prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-premai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-heroku prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-baseten prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-huggingface-api prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-openai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-elasticsearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-yandexgpt prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-oci-data-science prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-autoembeddings prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-netmind prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-xinference prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-oracleai prod — scan budget exceeded
- first-party (python): llama-index-integrations/embeddings/llama-index-embeddings-premai/llama_index/embeddings/premai prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-clickhouse prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-openGauss prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-lindorm prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-pgvecto-rs prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-singlestoredb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-alibabacloud-opensearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-jaguar prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-google prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-tair prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-analyticdb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-weaviate prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-oracledb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-kdbai prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-yugabytedb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-hnswlib prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-s3 prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-deeplake prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-oceanbase prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-volcenginemysql prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-databricks prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-awsdocdb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-mongodb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-tablestore prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-zep prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-redis prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-txtai prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-opensearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-cassandra prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-relyt prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-ApertureDB prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-vespa prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-firestore prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-dashvector prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-lantern prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-azurepostgresql prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-astra-db prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-neo4jvector prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-gel prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-alibabacloud-mysql prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-vectorx prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-tencentvectordb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-baiduvectordb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-couchbase prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-faiss prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-milvus prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-azureaisearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-hologres prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-azurecosmosnosql prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-bagel prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-elasticsearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-azurecosmosmongo prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-awadb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-qdrant prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-vertexaivectorsearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-neptune prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-pinecone prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-db2 prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-objectbox prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-bigquery prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-moorcheh prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-vearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-supabase prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-duckdb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-nile prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-rocksetdb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-chroma prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-postgres prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-docarray prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-wordlift prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-tidbvector prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-dynamodb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-lancedb prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-solr prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-epsilla prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-typesense prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-timescalevector prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-upstash prod — scan budget exceeded
- first-party (python): llama-index-integrations/vector_stores/llama-index-vector-stores-mariadb prod — scan budget exceeded
- first-party (python): llama-index-integrations/agent/llama-index-agent-agentmesh prod — scan budget exceeded
- first-party (python): llama-index-integrations/agent/llama-index-agent-azure prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-oracleai prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-arango-db prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-azstorage-blob prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-singlestore prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-hatena-blog prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-kaltura prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-txtai prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-steamship prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-mangadex prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-solr prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-linear prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-smart-pdf-loader prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-minio prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-macrometa-gdn prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-deeplake prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-patentsview prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-bilibili prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-wordpress prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-readwise prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-milvus prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-mangoapps-guides prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-dashvector prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-discord prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-hubspot prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-microsoft-onedrive prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-guru prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-apify prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-alibabacloud-aisearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-trello prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-bagel prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-psychic prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-opendal prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-elasticsearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-feishu-docs prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-athena prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-maps prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-google prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-jira prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-iceberg prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-faiss prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-sec-filings prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-docstring-walker prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-database prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-awadb prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-astra-db prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-docugami prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-whisper prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-snowflake prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-wikipedia prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-wordlift prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-dashscope prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-microsoft-sharepoint prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-nougat-ocr prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-pdb prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-asana prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-rayyan prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-genius prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-screenpipe prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-toggl prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-boarddocs prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-memos prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-cdk prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-notion prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-document360 prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-service-now prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-openalex prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-metal prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-confluence prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-string-iterable prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-opensearch prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-obsidian prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-datasets prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-llama-parse prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-microsoft-outlook-emails prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-github prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-box prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-gcs prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-chatgpt-plugin prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-youtube-transcript prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-gitbook prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-docling prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-twitter prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-quip prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-mongodb prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-stackoverflow prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-typeform prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-azcognitive-search prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-semanticscholar prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-whatsapp prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-myscale prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-pdf-marker prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-spotify prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-salesforce prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-assemblyai prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-telegram prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-remote-depth prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-oxylabs prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-igpt-email prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-stripe-docs prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-zyte-serp prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-kibela prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-pathway prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-weather prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-zep prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-couchdb prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-layoutir prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-pandas-ai prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-gitlab prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-huggingface-fs prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-paddle-ocr prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-imdb-review prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-intercom prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-make-com prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-legacy-office prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-slack prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-graphql prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-weaviate prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-file prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-remote prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-firebase-realtimedb prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-feedly-rss prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-mbox prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-jaguar prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-microsoft-outlook prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-zendesk-support prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-web prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-hubspot prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-gong prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-s3 prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-zendesk prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-firestore prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-chroma prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-markitdown prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-json prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-agent-search prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-shopify prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-gpt-repo prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-dad-jokes prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-mondaydotcom prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-reddit prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-hwp prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-structured-data prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-preprocess prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-upstage prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-bitbucket prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-couchbase prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-qdrant prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-earnings-call-transcript prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-joplin prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-pebblo prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-zulip prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-graphdb-cypher prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-lilac prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airtable prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-papers prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-pdf-table prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-airbyte-stripe prod — scan budget exceeded
- first-party (python): llama-index-integrations/readers/llama-index-readers-uniprot prod — scan budget exceeded
- first-party (python): llama-index-utils/llama-index-utils-azure prod — scan budget exceeded
- first-party (python): llama-index-utils/llama-index-utils-huggingface prod — scan budget exceeded
- first-party (python): llama-index-utils/llama-index-utils-qianfan prod — scan budget exceeded
- first-party (python): llama-index-utils/llama-index-utils-oracleai prod — scan budget exceeded
- first-party (python): docs/api_reference prod — scan budget exceeded
- first-party (python): llama-dev/tests/data/llama-index-integrations/storage/subcat/pkg2 prod — scan budget exceeded
- first-party (python): llama-dev/tests/data/llama-index-integrations/vector_stores/pkg1 prod — scan budget exceeded
- first-party (python): llama-dev/tests/data/llama-index-packs/pack2 prod — scan budget exceeded
- first-party (python): llama-dev/tests/data/llama-index-packs/pack1 prod — scan budget exceeded
- first-party (python): llama-dev/tests/data/llama-index-utils/util prod — scan budget exceeded
- httpx prod — scan budget exceeded
- requests prod — scan budget exceeded
- aiohttp prod — scan budget exceeded
- azure-cosmos prod — scan budget exceeded
- azure-identity prod — scan budget exceeded
- azure-data-tables prod — scan budget exceeded
- google-cloud-firestore prod — scan budget exceeded
- google-cloud-aiplatform prod — scan budget exceeded
- anthropic prod — scan budget exceeded
- azure-ai-inference prod — scan budget exceeded
- cohere prod — scan budget exceeded
- opentelemetry-sdk prod — scan budget exceeded
- opentelemetry-api prod — scan budget exceeded
- opentelemetry-semantic-conventions prod — scan budget exceeded
- google-cloud-discoveryengine prod — scan budget exceeded
- llama-index-core prod — scan budget exceeded
- llama-index-embeddings-openai prod — scan budget exceeded
- llama-index-llms-openai prod — scan budget exceeded
- nltk prod — scan budget exceeded
- SQLAlchemy prod — scan budget exceeded
- dataclasses-json prod — scan budget exceeded
- deprecated prod — scan budget exceeded
- fsspec prod — scan budget exceeded
- nest-asyncio prod — scan budget exceeded
- numpy prod — scan budget exceeded
- tenacity prod — scan budget exceeded
- tiktoken prod — scan budget exceeded
- typing-extensions prod — scan budget exceeded
- typing-inspect prod — scan budget exceeded
- networkx prod — scan budget exceeded
- dirtyjson prod — scan budget exceeded
- tqdm prod — scan budget exceeded
- pillow prod — scan budget exceeded
- PyYAML prod — scan budget exceeded
- wrapt prod — scan budget exceeded
- pydantic prod — scan budget exceeded
- filetype prod — scan budget exceeded
- eval-type-backport prod — scan budget exceeded
- banks prod — scan budget exceeded
- aiosqlite prod — scan budget exceeded
- llama-index-workflows prod — scan budget exceeded
- setuptools prod — scan budget exceeded
- platformdirs prod — scan budget exceeded
- tinytag prod — scan budget exceeded
- click prod — scan budget exceeded
- packaging prod — scan budget exceeded
- rich prod — scan budget exceeded
- nebula3-python prod — scan budget exceeded
- tidb-vector prod — scan budget exceeded
- PyMySQL prod — scan budget exceeded
- falkordb prod — scan budget exceeded
- neo4j prod — scan budget exceeded
- aperturedb prod — scan budget exceeded
- ray prod — scan budget exceeded
- llama-index-storage-kvstore-dynamodb prod — scan budget exceeded
- llama-index-storage-kvstore-tablestore prod — scan budget exceeded
- llama-index-storage-kvstore-mongodb prod — scan budget exceeded
- llama-index-storage-kvstore-elasticsearch prod — scan budget exceeded
- llama-index-storage-kvstore-duckdb prod — scan budget exceeded
- llama-index-kvstore-couchbase prod — scan budget exceeded
- llama-index-storage-kvstore-azure prod — scan budget exceeded
- llama-index-storage-kv-store-azurecosmosnosql prod — scan budget exceeded
- llama-index-storage-kvstore-firestore prod — scan budget exceeded
- llama-index-storage-kvstore-redis prod — scan budget exceeded
- llama-index-storage-kvstore-postgres prod — scan budget exceeded
- llama-index-storage-kvstore-gel prod — scan budget exceeded
- redis prod — scan budget exceeded
- llama-index-utils-azure prod — scan budget exceeded
- upstash_redis prod — scan budget exceeded
- opensearch-py prod — scan budget exceeded
- pymongo prod — scan budget exceeded
- gel prod — scan budget exceeded
- jinja2 prod — scan budget exceeded
- psycopg2-yugabytedb prod — scan budget exceeded
- sqlalchemy-yugabytedb prod — scan budget exceeded
- aioboto3 prod — scan budget exceeded
- boto3-stubs prod — scan budget exceeded
- asyncpg prod — scan budget exceeded
- psycopg prod — scan budget exceeded
- tablestore prod — scan budget exceeded
- duckdb prod — scan budget exceeded
- llama-index-vector-stores-duckdb prod — scan budget exceeded
- pyarrow prod — scan budget exceeded
- elasticsearch prod — scan budget exceeded
- couchbase prod — scan budget exceeded
- psycopg2-binary prod — scan budget exceeded
- ag-ui-protocol prod — scan budget exceeded
- fastapi prod — scan budget exceeded
- guidance prod — scan budget exceeded
- llama-index-program-guidance prod — scan budget exceeded
- mem0ai prod — scan budget exceeded
- guardrails-ai prod — scan budget exceeded
- llama-index-llms-openai-like prod — scan budget exceeded
- transformers prod — scan budget exceeded
- modelscope prod — scan budget exceeded
- torch prod — scan budget exceeded
- sentencepiece prod — scan budget exceeded
- ms-swift prod — scan budget exceeded
- pip prod — scan budget exceeded
- octoai prod — scan budget exceeded
- gigachat prod — scan budget exceeded
- litellm prod — scan budget exceeded
- mistralai prod — scan budget exceeded
- pyjwt prod — scan budget exceeded
- cryptography prod — scan budget exceeded
- ibm-watsonx-ai prod — scan budget exceeded
- reka-api prod — scan budget exceeded
- mlx-lm prod — scan budget exceeded
- mlx prod — scan budget exceeded
- llama-index-llms-llama-cpp prod — scan budget exceeded
- langchain prod — scan budget exceeded
- llama-index-llms-huggingface prod — scan budget exceeded
- optimum prod — scan budget exceeded
- aleph-alpha-client prod — scan budget exceeded
- ai21 prod — scan budget exceeded
- llama-index-llms-anthropic prod — scan budget exceeded
- portkey-ai prod — scan budget exceeded
- portkey prod — scan budget exceeded
- openvino-genai prod — scan budget exceeded
- huggingface-hub prod — scan budget exceeded
- dashscope prod — scan budget exceeded
- oci prod — scan budget exceeded
- google-genai prod — scan budget exceeded
- premai prod — scan budget exceeded
- google-generativeai prod — scan budget exceeded
- sseclient-py prod — scan budget exceeded
- cleanlab-tlm prod — scan budget exceeded
- llama-index-utils-qianfan prod — scan budget exceeded
- llama-cpp-python prod — scan budget exceeded
- friendli-client prod — scan budget exceeded
- ipex-llm prod — scan budget exceeded
- bigdl-core-xe-21 prod — scan budget exceeded
- bigdl-core-xe-addons-21 prod — scan budget exceeded
- bigdl-core-xe-batch-21 prod — scan budget exceeded
- dpcpp-cpp-rt prod — scan budget exceeded
- intel_extension_for_pytorch prod — scan budget exceeded
- mkl-dpcpp prod — scan budget exceeded
- onednn prod — scan budget exceeded
- torchvision prod — scan budget exceeded
- clarifai prod — scan budget exceeded
- contextual-client prod — scan budget exceeded
- python-dotenv prod — scan budget exceeded
- ollama prod — scan budget exceeded
- tokenizers prod — scan budget exceeded
- llama-index-readers-upstage prod — scan budget exceeded
- alibabacloud-searchplat20240529 prod — scan budget exceeded
- tritonclient prod — scan budget exceeded
- konko prod — scan budget exceeded
- zhipuai prod — scan budget exceeded
- sniffio prod — scan budget exceeded
- termcolor prod — scan budget exceeded
- llama-index-instrumentation prod — scan budget exceeded
- fastembed prod — scan budget exceeded
- voyageai prod — scan budget exceeded
- llmlingua prod — scan budget exceeded
- aimon prod — scan budget exceeded
- colpali-engine prod — scan budget exceeded
- presidio-analyzer prod — scan budget exceeded
- presidio-anonymizer prod — scan budget exceeded
- rank-llm prod — scan budget exceeded
- mixedbread prod — scan budget exceeded
- pinecone prod — scan budget exceeded
- flashrank prod — scan budget exceeded
- docling-core prod — scan budget exceeded
- chonkie prod — scan budget exceeded
- llama-index-vector-stores-google prod — scan budget exceeded
- llama-index-response-synthesizers-google prod — scan budget exceeded
- lancedb prod — scan budget exceeded
- pylance prod — scan budget exceeded
- tantivy prod — scan budget exceeded
- polars prod — scan budget exceeded
- open-clip-torch prod — scan budget exceeded
- llama-index-embeddings-dashscope prod — scan budget exceeded
- llama-index-readers-dashscope prod — scan budget exceeded
- llama-index-node-parser-dashscope prod — scan budget exceeded
- pgml prod — scan budget exceeded
- peft prod — scan budget exceeded
- flagembedding prod — scan budget exceeded
- cognee prod — scan budget exceeded
- graphistry prod — scan budget exceeded
- videodb prod — scan budget exceeded
- vectorize-client prod — scan budget exceeded
- google-auth-httplib2 prod — scan budget exceeded
- google-auth-oauthlib prod — scan budget exceeded
- superlinked prod — scan budget exceeded
- pydi-client prod — scan budget exceeded
- bm25s prod — scan budget exceeded
- pystemmer prod — scan budget exceeded
- honeyhive prod — scan budget exceeded
- openinference-instrumentation-llama-index prod — scan budget exceeded
- langfuse prod — scan budget exceeded
- uptrain prod — scan budget exceeded
- argilla prod — scan budget exceeded
- argilla-llama-index prod — scan budget exceeded
- promptlayer prod — scan budget exceeded
- wandb prod — scan budget exceeded
- agentops prod — scan budget exceeded
- aim prod — scan budget exceeded
- jwt prod — scan budget exceeded
- airweave-sdk prod — scan budget exceeded