Close Open Privacy Scan

bolt Snapshot: commit 950eb03
science engine v1.21
schedule 2026-07-18T07:13:08.108193+00:00

verified_user Possible application data leak

Potential data exfiltration identified in application code.

smart_toy MCP server detected: anthropic, langchain-openai, mcp, openai — detected in dependencies, not a safety judgment.

App Privacy Score

0 /100
High privacy risk — possible application leak

High risk · 3150 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

0 high 398 medium 2752 low
First-party packages: 1
Dependency packages: 42
Ecosystem: python

swap_horiz Potential data exfiltration in application code

External domains: 0001:002:003:0004::11.2.3.4::ffff:192.168.0.1a.b.co.ukaccounts.google.comacme.comaggregate.ee.engr.uky.eduai-gateway.vercel.shai.google.devaiplatform.googleapis.comamzn-s3-demo-bucket.s3.amazonaws.comapi.agentmail.devapi.agentmail.toapi.anthropic.comapi.browser-use.comapi.cerebras.aiapi.deepseek.comapi.groq.comapi.lmnr.aiapi.mistral.aiapi.nuget.orgapi.openai.comapi_endpointapp.posthog.comarstechnica.comauth.us-phoenix-1.oraclecloud.comaws.amazon.combitbucket.orgblog.famzah.netbootlin.comboto3.amazonaws.combrotlipy.readthedocs.iobrowser-use.combrowser-use.github.iobsdf.iobugreports.qt.iobugs.python.orgbugs.winehq.orgbugzilla.gnome.orgcachecontrol.readthedocs.iocdn.mathjax.orgcdnjs.cloudflare.comcellcognition.orgcens.ioc.eecf.browser-use.comchromedevtools.github.ioclick.palletsprojects.comclients2.google.comcloud.browser-use.comcloud.google.comcloudresourcemanager.googleapis.comcode.activestate.comcode.google.comcodepen.ioconsole.cloud.google.comconsole.developers.google.comconsole.groq.comcookbook.openai.comcp-prod.access-governancecp.appmgmtcr.yp.tocrates.iocrbug.comcrsrc.orgcryptography.iocs.chromium.orgcygwin.comdata-apis.orgdatamodel-code-generator.koxudaxi.devdatatracker.ietf.orgdeveloper.mozilla.orgdeveloper.nvidia.comdevelopers.google.comdevelopers.googleblog.comdevguide.python.orgdigitalassets.lib.berkeley.edudiscuss.python.orgdl.google.comdmlc.github.iodoc.rust-lang.orgdocbook.sourceforge.netdocs.aiohttp.orgdocs.anthropic.comdocs.aws.amazon.comdocs.browser-use.comdocs.claude.comdocs.cloud.browser-use.comdocs.cloud.oracle.comdocs.google.comdocs.langchain.comdocs.lmnr.aidocs.microsoft.comdocs.opencv.orgdocs.oracle.comdocs.pydantic.devdocs.pytest.orgdocs.python-requests.orgdocs.python.orgdocs.rsdocs.scipy.orgdocument.aiservicedoi.orgdrafts.csswg.orgduckduckgo.comen.wikipedia.orgendpoint.openai.azure.comerrors.pydantic.deveu.i.posthog.comeu.posthog.comexam_ple.comexample-resource.azure.openai.comexample-resource.services.ai.azure.comexamples.comfd00:ec2::254fedidcg.github.ioffmpeg.orgfidoalliance.orgfonts.googleapis.comfoo.comfreeimage.sourceforge.iogcc.gnu.orggdal.orggenerativelanguage.googleapis.comgist.github.comgit.kernel.orggithub.comgitlab.comgitlab.freedesktop.orggoo.glgoo.glegoogle-auth.readthedocs.iogoogle.aip.devgoogle.comgoogle.github.iographics.stanford.edugroups.google.comhello.comhelp.openai.comhg.python.orghost.comhtml.spec.whatwg.orghttpbin.orghypothesis.readthedocs.ioiaas.r2.oracleiaas.comiaas.us-ashburn-1.oraclecloud.comimageio.readthedocs.ioipython.orgipython.readthedocs.ioitk.orgitkpythonpackage.readthedocs.ioj3-fortran.orgjhove.sourceforge.netjmespath.orgjqueryui.comjson-schema.orgjsonlines.orglanguage.aiservicelanguage.googleapis.comlaunchpad.netlearn.microsoft.comlibsdl.orglinuxdevcenter.comllm.api.browser-use.comlmstudio.aimail.python.orgmathworld.wolfram.commatplotlib.orgmesonbuild.commetacpan.orgmodelcontextprotocol.iomsdn.microsoft.commypy.readthedocs.iomüller.denats.ionew.usps.comnews.ycombinator.comnicolas.limare.netnodatime.orgns.adobe.comnumpy.orgnumpydoc.readthedocs.iooauth2.googleapis.comoauthlib.readthedocs.iooffice.microsoft.comofficeopenxml.comollama.comopenai.comopencv.orgopenexr.readthedocs.ioopenid.netopenrouter.aiopensource.adobe.comoracle-cloud-infrastructure-python-sdk.readthedocs.ioother.compackages.msys2.orgpackaging.python.orgpairlist2.pair.netpandas.pydata.orgpartners.adobe.compeople.eecs.berkeley.edupeps.python.orgpersonal.math.ubc.caphantomhighspeed-knowledge.secure.force.compillow.readthedocs.ioplatform.openai.complaywright.devposthog.comproxy.compubsub.googleapis.compubsub.mtls.googleapis.compurl.orgpyauth.github.iopyav.orgpydantic-docs.helpmanual.iopygments.orgpyinstaller.readthedocs.iopyjwt.readthedocs.iopyobjc.readthedocs.iopypdf.readthedocs.iopypi.orgpython-devtools.helpmanual.iopython-prompt-toolkit.readthedocs.iopython.netpython.orgraw.githubusercontent.comreauth.googleapis.comrequests-oauthlib.readthedocs.iorequests.readthedocs.iorich.readthedocs.iosandbox.api.browser-use.comscanimage.vidriotechnologies.comschemas.microsoft.comschemas.openxmlformats.orgscikit-image.orgscipy-cookbook.readthedocs.ioscipy-lectures.orgsemantic-ui.comserverfault.comsource.chromium.orgsourceware.orgspec.openapis.orgspeech.aiservicespider.wadsworth.orgstackoverflow.comsts.googleapis.comsupport.meta.moleculardevices.comsupport.oracle.comswagger.iotest.nettimeapi.iotools.ietf.orgtowardsdatascience.comtruststore.readthedocs.iotwitter.comupload.wikimedia.orgurllib3.readthedocs.iourlpattern.spec.whatwg.orgus.i.posthog.comus.posthog.comusb.orgv0-simple-landing-page-seven-xi.vercel.appv0-simple-ui-test-site.vercel.appviews.scientific-python.orgvision.aiservicew3c.github.ioweb.archive.orgweb.devwebsockets.readthedocs.iowicg.github.iowixtoolset.orgwordaligned.orgwrapdb.mesonbuild.comwww-1.ibm.comwww.adams1.comwww.adobe.comwww.aiim.orgwww.aimglobal.orgwww.airbnb.comwww.amazon.comwww.ams.orgwww.astropy.orgwww.awaresystems.bewww.barcodeman.comwww.bing.comwww.bioimagexd.netwww.booking.comwww.chromium.orgwww.cipa.jpwww.cise.ufl.eduwww.cncf.iowww.cs.utexas.eduwww.cwi.nlwww.dezlearn.comwww.digitalpreservation.govwww.ecma-international.orgwww.example.珠宝www.fftw.orgwww.flags.ndirect.co.ukwww.gdal.orgwww.github.comwww.google.comwww.googleapis.comwww.grpc.iowww.iana.orgwww.ietf.orgwww.intel.comwww.iterm2.comwww.itk.orgwww.kayak.comwww.laminar.shwww.lfd.uci.eduwww.linkedin.comwww.math.hmc.eduwww.mathjax.orgwww.mathworks.comwww.matplotlib.orgwww.micro-manager.orgwww.microsoft.comwww.netlib.orgwww.numpy.orgwww.oasis-open.orgwww.openblas.netwww.openmicroscopy.orgwww.oreilly.comwww.pgroup.comwww.picloud.comwww.pyopenssl.orgwww.python.orgwww.reddit.comwww.reportlab.comwww.rfc-editor.orgwww.scipy.orgwww.semiconductor.agilent.comwww.ssec.wisc.eduwww.stixfonts.orgwww.systutorials.comwww.textualize.iowww.tinaja.comwww.ultralum.comwww.unesco.orgwww.w3.orgwww.w3schools.comwww.wadsworth.orgwww.xudongz.comwww.xyz.eduwww.ycombinator.comxn--fiqs8s.icom.museumxxx.xxyahoo.comyour-endpoint.openai.azure.com

medium first-party (python) PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:41 repo/browser_use/browser/cloud/cloud.py:90
medium first-party (python) PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:41 repo/browser_use/browser/cloud/cloud.py:91
medium first-party (python) PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:41 repo/browser_use/browser/cloud/cloud.py:93
medium first-party (python) PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:130 repo/browser_use/browser/cloud/cloud.py:183
medium first-party (python) PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:130 repo/browser_use/browser/cloud/cloud.py:184
hub Dependency data flows (6)
medium mcp dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:424 pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:443
medium browser-use dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:41 pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:90
medium browser-use dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:41 pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:91
medium browser-use dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:41 pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:93
medium browser-use dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:130 pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:183
medium browser-use dependency PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:130 pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:184

</> First-Party Code

first-party (python)

python first-party
medium telemetry production #dfe22fe6195ad655 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/agent/service.py:2212
		self.telemetry.capture(
			AgentTelemetryEvent(
				task=self.task,
				model=self.llm.model,
				model_provider=self.llm.provider,
				max_steps=max_steps,
				max_actions_per_step=self.settings.max_actions_per_step,
				use_vision=self.settings.use_vision,
				version=self.version,
				source=self.source,
				cdp_url=urlparse(self.browser_session.cdp_url).hostname
				if self.browser_session and self.browser_session.cdp_url
				else None,
				agent_type=None,  # Regular Agent (not code-use)
				action_errors=self.history.errors(),
				action_history=action_history_data,
				urls_visited=self.history.urls(),
				steps=self.state.n_steps,
				total_input_tokens=token_summary.prompt_tokens,
				total_output_tokens=token_summary.completion_tokens,
				prompt_cached_tokens=token_summary.prompt_cached_tokens,
				total_tokens=token_summary.total_tokens,
				total_duration_seconds=self.history.total_duration_seconds(),
				success=self.history.is_successful(),
				final_result_response=final_result_str,
				error_message=agent_run_error,
				judge_verdict=judge_verdict,
				judge_reasoning=judge_reasoning,
				judge_failure_reason=judge_failure_reason,
				judge_reached_captcha=judge_reached_captcha,
				judge_impossible_task=judge_impossible_task,
			)
		)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3c67c39258220d40 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/beta/service.py:4761
		self.telemetry.capture(
			AgentTelemetryEvent(
				task=self.task,
				model=model,
				model_provider=provider,
				max_steps=max_steps,
				max_actions_per_step=self.settings.max_actions_per_step,
				use_vision=self.settings.use_vision,
				version=self.version or '',
				source=self.source,
				cdp_url=urlparse(cdp_url).hostname if cdp_url else None,
				agent_type='rust_core',
				action_errors=self.history.errors(),
				action_history=action_history_data,
				urls_visited=[url for url in self.history.urls() if url],
				steps=self.history.number_of_steps(),
				total_input_tokens=total_input_tokens,
				total_output_tokens=total_output_tokens,
				prompt_cached_tokens=prompt_cached_tokens,
				total_tokens=total_tokens,
				total_duration_seconds=self.history.total_duration_seconds(),
				success=self.history.is_successful(),
				final_result_response=final_result_str,
				error_message=agent_run_error,
			)
		)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #845f124ce2e2f449 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:90 · flow /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:41 → /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:90
			logger.info(f'🌤️ Cloud browser created successfully: {browser_response.id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #a96bafa00d3abf91 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:91 · flow /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:41 → /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:91
			logger.debug(f'🌤️ CDP URL: {browser_response.cdpUrl}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #285cd4cecce5d03e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:93 · flow /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:41 → /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:93
			logger.info(f'\033[36m🔗 Live URL: {browser_response.liveUrl}\033[0m')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #f4c09ec056f8188c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:183 · flow /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:130 → /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:183
			logger.info(f'🌤️ Cloud browser session stopped: {browser_response.id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #52e63fcfc320706c PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
repo/browser_use/browser/cloud/cloud.py:184 · flow /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:130 → /tmp/closeopen-456vqd82/repo/browser_use/browser/cloud/cloud.py:184
			logger.debug(f'🌤️ Status: {browser_response.status}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry production #eb3acdc180e3725e Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/mcp/client.py:119
			self._telemetry.capture(
				MCPClientTelemetryEvent(
					server_name=self.server_name,
					command=self.command,
					tools_discovered=len(self._tools),
					version=get_browser_use_version(),
					action='connect',
					duration_seconds=duration,
					error_message=error_msg,
				)
			)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #89d8fa8948f03159 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/mcp/client.py:199
			self._telemetry.capture(
				MCPClientTelemetryEvent(
					server_name=self.server_name,
					command=self.command,
					tools_discovered=0,  # Tools cleared on disconnect
					version=get_browser_use_version(),
					action='disconnect',
					duration_seconds=duration,
					error_message=error_msg,
				)
			)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #55a7fee244ee9624 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/mcp/client.py:342
					self._telemetry.capture(
						MCPClientTelemetryEvent(
							server_name=self.server_name,
							command=self.command,
							tools_discovered=len(self._tools),
							version=get_browser_use_version(),
							action='tool_call',
							tool_name=tool.name,
							duration_seconds=duration,
							error_message=error_msg,
						)
					)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9da0d854729491c2 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/mcp/client.py:386
					self._telemetry.capture(
						MCPClientTelemetryEvent(
							server_name=self.server_name,
							command=self.command,
							tools_discovered=len(self._tools),
							version=get_browser_use_version(),
							action='tool_call',
							tool_name=tool.name,
							duration_seconds=duration,
							error_message=error_msg,
						)
					)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #343716ca4de5ea89 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/mcp/server.py:476
				self._telemetry.capture(
					MCPServerTelemetryEvent(
						version=get_browser_use_version(),
						action='tool_call',
						tool_name=name,
						duration_seconds=duration,
						error_message=error_msg,
					)
				)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #35b3325d366cf1f0 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/mcp/server.py:1263
	server._telemetry.capture(
		MCPServerTelemetryEvent(
			version=get_browser_use_version(),
			action='start',
			parent_process_cmdline=get_parent_process_cmdline(),
		)
	)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #282bc44675b7caf4 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/browser_use/mcp/server.py:1275
		server._telemetry.capture(
			MCPServerTelemetryEvent(
				version=get_browser_use_version(),
				action='stop',
				duration_seconds=duration,
				parent_process_cmdline=get_parent_process_cmdline(),
			)
		)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #fafcf6f6a7f31552 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/browser_use/telemetry/service.py:85
			from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 283 low-confidence finding(s)
low env_fs production #78be76b6e50aacb2 Environment-variable access.
repo/browser_use/__init__.py:7
if os.environ.get('BROWSER_USE_SETUP_LOGGING', 'true').lower() != 'false':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7ed6b2e9bcb1d93 Filesystem access.
repo/browser_use/agent/judge.py:27
		with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b2aad44eaba0b3a Filesystem access.
repo/browser_use/agent/message_manager/utils.py:27
	await anyio.Path(target_path).write_text(
		await _format_conversation(input_messages, response),
		encoding=encoding or 'utf-8',
	)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70330d2552def041 Filesystem access.
repo/browser_use/agent/views.py:632
			with open(filepath, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9485e3f3d90329f Filesystem access.
repo/browser_use/agent/views.py:697
		with open(filepath, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c20c0056ccbd3310 Environment-variable access.
repo/browser_use/beta/service.py:188
	env_path = os.environ.get('BROWSER_USE_TERMINAL_BINARY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b53ae4520f827c7c Environment-variable access.
repo/browser_use/beta/service.py:194
	but_home = Path(os.environ.get('BUT_HOME', '~/.browser-use-terminal')).expanduser()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af1458ef361ace87 Environment-variable access.
repo/browser_use/beta/service.py:195
	but_install_dir = Path(os.environ.get('BUT_INSTALL_DIR', '~/.local/bin')).expanduser()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #002042061a195ea6 Environment-variable access.
repo/browser_use/beta/service.py:236
	env_binary = os.environ.get('BROWSER_USE_TERMINAL_BINARY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b720f22f94648597 Environment-variable access.
repo/browser_use/beta/service.py:338
		self.stream_limit = int(os.environ.get('BROWSER_USE_SDK_STREAM_LIMIT_BYTES', str(64 * 1024 * 1024)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9a36b638a44eaa4 Environment-variable access.
repo/browser_use/beta/service.py:339
		self.read_chunk_size = int(os.environ.get('BROWSER_USE_SDK_READ_CHUNK_BYTES', str(1024 * 1024)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cf96e1d92dcde03 Environment-variable access.
repo/browser_use/beta/service.py:340
		self.max_line_bytes = int(os.environ.get('BROWSER_USE_SDK_MAX_LINE_BYTES', str(512 * 1024 * 1024)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e50a3ee618f489ff Environment-variable access.
repo/browser_use/beta/service.py:688
	return os.environ.get('BROWSER_USE_RUST_MODEL', 'gpt-5.3-codex-spark')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e54e2a338e66033f Filesystem access.
repo/browser_use/beta/service.py:1088
			loaded = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d455b35804639928 Environment-variable access.
repo/browser_use/beta/service.py:1201
	raw = os.getenv('BROWSER_USE_RUST_DIRECT_INITIAL_NAVIGATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ca410b6c0a90d83 Filesystem access.
repo/browser_use/beta/service.py:3797
		data = base64.b64encode(image_path.read_bytes()).decode('ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64223873ed5f39c7 Environment-variable access.
repo/browser_use/beta/service.py:3914
	max_spans = _int_value(os.getenv('BROWSER_USE_RUST_LAMINAR_MAX_LLM_SPANS') or 80)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfba0f5fe9c7b2d5 Filesystem access.
repo/browser_use/beta/service.py:4044
	with open(file_path, encoding='utf-8') as history_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6127ac8bf68f9055 Environment-variable access.
repo/browser_use/beta/service.py:4853
			max_spans=_int_value(os.getenv('BROWSER_USE_RUST_LAMINAR_MAX_TOOL_SPANS') or 160),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e23e34a2d616bdf0 Environment-variable access.
repo/browser_use/beta/service.py:6419
		explicit = os.environ.get('BROWSER_USE_SDK_SERVER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83366e3ef4fa5f28 Filesystem access.
repo/browser_use/beta/service.py:6606
		target.write_text(
			json.dumps(self._conversation_snapshot(), indent=2, default=str),
			encoding=self.settings.save_conversation_path_encoding or 'utf-8',
		)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a57e71c97e3aaabe Environment-variable access.
repo/browser_use/beta/service.py:6691
		state_dir = os.environ.get('BROWSER_USE_RUST_STATE_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b59f85afb37ef2d5 Environment-variable access.
repo/browser_use/beta/service.py:6697
		value = os.environ.get('BROWSER_USE_RUST_BROWSER_MODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c7eb231148759fc Environment-variable access.
repo/browser_use/beta/service.py:6700
		value = os.environ.get('BROWSER_USE_BROWSER_MODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64b5cc51caa4f6a7 Environment-variable access.
repo/browser_use/beta/service.py:6713
		env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a430b8161466193e Environment-variable access.
repo/browser_use/browser/_cdp_timeout.py:68
DEFAULT_CDP_REQUEST_TIMEOUT_S: float = _parse_env_cdp_timeout(os.getenv('BROWSER_USE_CDP_TIMEOUT_S'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f62017f0e5018702 Filesystem access.
repo/browser_use/browser/chrome.py:106
		with open(local_state_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c12a93f5c64826ea Environment-variable access.
repo/browser_use/browser/cloud/cloud.py:41
		api_token = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0fa4160e7971b74d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/browser/cloud/cloud.py:65
			response = await self.client.post(url, headers=headers, json=request_body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #530648d2bc9500bc Environment-variable access.
repo/browser_use/browser/cloud/cloud.py:130
		api_token = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #167905044f961d89 Environment-variable access.
repo/browser_use/browser/events.py:31
	env_value = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88b1b09bdb8b1dea Environment-variable access.
repo/browser_use/browser/profile.py:21
	env_val = os.getenv('BROWSER_USE_DISABLE_EXTENSIONS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00a054bc11c2bbbe Filesystem access.
repo/browser_use/browser/profile.py:1000
			with open(manifest_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0584af92de36e4bc Filesystem access.
repo/browser_use/browser/profile.py:1113
			with open(bg_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ec4427cc5cd34ca Filesystem access.
repo/browser_use/browser/profile.py:1159
				with open(bg_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0337d278a2d7d1dc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/browser/profile.py:1175
			with urllib.request.urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bbba94489ab5d3e8 Filesystem access.
repo/browser_use/browser/profile.py:1176
				with open(output_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e637a6814794500a Filesystem access.
repo/browser_use/browser/profile.py:1206
			with open(crx_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94340a04ba05048d Environment-variable access.
repo/browser_use/browser/python_highlights.py:532
	filename = os.getenv('BROWSER_USE_SCREENSHOT_FILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ab5289c390574b5 Filesystem access.
repo/browser_use/browser/python_highlights.py:537
				with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #affd772be7e55b30 Filesystem access.
repo/browser_use/browser/session.py:1464
			output_file.write_text(json.dumps(storage_state, indent=2, ensure_ascii=False), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #62abb2fbebc1851e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/browser/session.py:1825
				version_info = await client.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fb53fd14e3233c0d Filesystem access.
repo/browser_use/browser/views.py:136
			with open(path_obj, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ed7d15b29b7a3e7 Environment-variable access.
repo/browser_use/browser/watchdogs/local_browser_watchdog.py:245
		playwright_path = os.environ.get('PLAYWRIGHT_BROWSERS_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cf3bb0258e33510 Environment-variable access.
repo/browser_use/browser/watchdogs/local_browser_watchdog.py:335
						env_value = os.environ.get(env_key, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ba48e862ac24039a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/browser/watchdogs/local_browser_watchdog.py:417
					async with session.get(f'http://127.0.0.1:{port}/json/version') as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d387070deae64d45 Filesystem access.
repo/browser_use/browser/watchdogs/storage_state_watchdog.py:198
						existing_state = json.loads(json_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2652b2e0776b8f56 Filesystem access.
repo/browser_use/browser/watchdogs/storage_state_watchdog.py:205
				temp_path.write_text(json.dumps(merged_state, indent=4, ensure_ascii=False), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c013ead378a0f5ae Filesystem access.
repo/browser_use/browser/watchdogs/storage_state_watchdog.py:247
			content = await anyio.Path(str(load_path)).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14ba2c5f59fc35d7 Environment-variable access.
repo/browser_use/cli.py:30
	os.environ['BH_CLIENT'] = 'browser-use-cli'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac793283b63c62be Environment-variable access.
repo/browser_use/cli.py:31
	os.environ['BH_CLIENT_VERSION'] = _browser_use_version()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2e6959c1a486d82 Environment-variable access.
repo/browser_use/cli.py:67
	os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'critical'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d1f075514a7cf43 Environment-variable access.
repo/browser_use/cli.py:68
	os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #686a5a998987c675 Filesystem access.
repo/browser_use/config.py:23
		if Path('/.dockerenv').exists() or 'docker' in Path('/proc/1/cgroup').read_text().lower():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc4037cc47f60365 Environment-variable access.
repo/browser_use/config.py:55
		return os.getenv('BROWSER_USE_LOGGING_LEVEL', 'info').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a1423988a22bb76 Environment-variable access.
repo/browser_use/config.py:59
		return os.getenv('ANONYMIZED_TELEMETRY', 'true').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34667cdd8e7bacef Environment-variable access.
repo/browser_use/config.py:63
		return os.getenv('BROWSER_USE_CLOUD_SYNC', str(self.ANONYMIZED_TELEMETRY)).lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41b3c6b11fa1c0e9 Environment-variable access.
repo/browser_use/config.py:67
		url = os.getenv('BROWSER_USE_CLOUD_API_URL', 'https://api.browser-use.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58d6e4317bf25782 Environment-variable access.
repo/browser_use/config.py:73
		url = os.getenv('BROWSER_USE_CLOUD_UI_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d791c02db285cb80 Environment-variable access.
repo/browser_use/config.py:81
		url = os.getenv('BROWSER_USE_MODEL_PRICING_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1ee68d236bee74c Environment-variable access.
repo/browser_use/config.py:89
		return Path(os.getenv('XDG_CACHE_HOME', '~/.cache')).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90d28c53a97f9d0f Environment-variable access.
repo/browser_use/config.py:93
		return Path(os.getenv('XDG_CONFIG_HOME', '~/.config')).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3bd4893e26421b9 Environment-variable access.
repo/browser_use/config.py:97
		path = Path(os.getenv('BROWSER_USE_CONFIG_DIR', str(self.XDG_CONFIG_HOME / 'browseruse'))).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9f7972f4df5534a Environment-variable access.
repo/browser_use/config.py:125
				Path(os.getenv('BROWSER_USE_CONFIG_DIR', str(self.XDG_CONFIG_HOME / 'browseruse'))).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #921d4ab6518d0d09 Environment-variable access.
repo/browser_use/config.py:135
		return os.getenv('OPENAI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b409d592131420d Environment-variable access.
repo/browser_use/config.py:139
		return os.getenv('ANTHROPIC_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62d107a211b5da7 Environment-variable access.
repo/browser_use/config.py:143
		return os.getenv('GOOGLE_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e306f8bc359a9b6a Environment-variable access.
repo/browser_use/config.py:147
		return os.getenv('DEEPSEEK_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1626492c19a354d Environment-variable access.
repo/browser_use/config.py:151
		return os.getenv('GROK_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e537531078f9000 Environment-variable access.
repo/browser_use/config.py:155
		return os.getenv('NOVITA_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6441072e5d31b036 Environment-variable access.
repo/browser_use/config.py:159
		return os.getenv('AZURE_OPENAI_ENDPOINT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6785bd541f1753ad Environment-variable access.
repo/browser_use/config.py:163
		return os.getenv('AZURE_OPENAI_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77502bf465e1b9ea Environment-variable access.
repo/browser_use/config.py:167
		return os.getenv('SKIP_LLM_API_KEY_VERIFICATION', 'false').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9c0280414f7ee4b Environment-variable access.
repo/browser_use/config.py:171
		return os.getenv('DEFAULT_LLM', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00de18fcfa43393 Environment-variable access.
repo/browser_use/config.py:176
		return os.getenv('IN_DOCKER', 'false').lower()[:1] in 'ty1' or is_running_in_docker()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f21a6a11928296a3 Environment-variable access.
repo/browser_use/config.py:180
		return os.getenv('IS_IN_EVALS', 'false').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8a64da3853c86b8 Environment-variable access.
repo/browser_use/config.py:184
		return os.getenv('BROWSER_USE_VERSION_CHECK', 'true').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b50cfca44950b0e Environment-variable access.
repo/browser_use/config.py:188
		return os.getenv('WIN_FONT_DIR', 'C:\\Windows\\Fonts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0a58269a5d7350d Filesystem access.
repo/browser_use/config.py:320
		with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67f8b72d1d266fae Filesystem access.
repo/browser_use/config.py:325
		with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e38f3aa03afda2a Filesystem access.
repo/browser_use/config.py:342
		with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d72305227b3dc17 Filesystem access.
repo/browser_use/config.py:353
			with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bf095cb23aa04f6 Filesystem access.
repo/browser_use/filesystem/file_system.py:113
		file_path.write_text(self.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3735506a46b143c Filesystem access.
repo/browser_use/filesystem/file_system.py:118
			await asyncio.get_event_loop().run_in_executor(executor, lambda: file_path.write_text(self.content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6ebb928934eed1ee Hardcoded external endpoint. Review what data is sent to this destination.
repo/browser_use/init_cmd.py:43
		with request.urlopen(url, timeout=5) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4af38624a5bd9c00 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/init_cmd.py:70
		with request.urlopen(url, timeout=5) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #59bfb8f0c09d1b25 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/init_cmd.py:84
		with request.urlopen(url, timeout=5) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a94d5252ac19d70b Filesystem access.
repo/browser_use/init_cmd.py:184
		output_path.write_text(content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a7463fc22eebe6a Filesystem access.
repo/browser_use/integrations/gmail/service.py:126
				await anyio.Path(self.token_file).write_text(self.creds.to_json())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a43f0ae8bcd9600 Environment-variable access.
repo/browser_use/llm/aws/chat_bedrock.py:77
		access_key = self.aws_access_key_id or getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92d30e67b0591825 Environment-variable access.
repo/browser_use/llm/aws/chat_bedrock.py:78
		secret_key = self.aws_secret_access_key or getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e36a711ed3d96d1 Environment-variable access.
repo/browser_use/llm/aws/chat_bedrock.py:79
		session_token = self.aws_session_token or getenv('AWS_SESSION_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ef97cff842f09f9 Environment-variable access.
repo/browser_use/llm/aws/chat_bedrock.py:80
		region = self.aws_region or getenv('AWS_REGION') or getenv('AWS_DEFAULT_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #910e499bc14e40d3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/llm/aws/serializer.py:69
			response = httpx.get(url, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c804a41b17ce6bcf Environment-variable access.
repo/browser_use/llm/azure/chat.py:73
		self.api_key = self.api_key or os.getenv('AZURE_OPENAI_KEY') or os.getenv('AZURE_OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea7350640612c933 Environment-variable access.
repo/browser_use/llm/azure/chat.py:74
		self.azure_endpoint = self.azure_endpoint or os.getenv('AZURE_OPENAI_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a387a2c2f014effe Environment-variable access.
repo/browser_use/llm/azure/chat.py:75
		self.azure_deployment = self.azure_deployment or os.getenv('AZURE_OPENAI_DEPLOYMENT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b595584838e171ab Environment-variable access.
repo/browser_use/llm/browser_use/chat.py:92
		self.api_key = api_key or os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07d128187a67d6df Environment-variable access.
repo/browser_use/llm/browser_use/chat.py:93
		self.base_url = base_url or os.getenv('BROWSER_USE_LLM_URL', 'https://llm.api.browser-use.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0cee128bf6b8a40b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/llm/browser_use/chat.py:263
			response = await client.post(
				f'{self.base_url}/v1/chat/completions',
				json=payload,
				headers={
					'Authorization': f'Bearer {self.api_key}',
					'Content-Type': 'application/json',
				},
			)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #243856edcba1b2c3 Environment-variable access.
repo/browser_use/llm/mistral/chat.py:55
		key = self.api_key or os.getenv('MISTRAL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9785b39d332e190 Environment-variable access.
repo/browser_use/llm/mistral/chat.py:61
		return str(os.getenv('MISTRAL_BASE_URL', self.base_url)).rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7fb42fd1e8951f3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/llm/mistral/chat.py:148
		response = await client.post(url, headers=self._auth_headers(), json=payload, params=self._query_params())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #9ff4b07531565434 Environment-variable access.
repo/browser_use/llm/models.py:119
		api_key = os.getenv('MISTRAL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b061311974eee8d Environment-variable access.
repo/browser_use/llm/models.py:120
		base_url = os.getenv('MISTRAL_BASE_URL', 'https://api.mistral.ai/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c95f29fa4483f4cf Environment-variable access.
repo/browser_use/llm/models.py:171
		api_key = os.getenv('OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c65909c729e3b162 Environment-variable access.
repo/browser_use/llm/models.py:176
		api_key = os.getenv('AZURE_OPENAI_KEY') or os.getenv('AZURE_OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50ce6a359ad27221 Environment-variable access.
repo/browser_use/llm/models.py:177
		azure_endpoint = os.getenv('AZURE_OPENAI_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4343a0aa85340544 Environment-variable access.
repo/browser_use/llm/models.py:182
		api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a455f5db57afb94 Environment-variable access.
repo/browser_use/llm/models.py:189
		api_key = os.getenv('ANTHROPIC_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb2ab1e305d61f06 Environment-variable access.
repo/browser_use/llm/models.py:194
		api_key = os.getenv('MISTRAL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4081faa97d6ab50a Environment-variable access.
repo/browser_use/llm/models.py:195
		base_url = os.getenv('MISTRAL_BASE_URL', 'https://api.mistral.ai/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cc37f0e3edc950f Environment-variable access.
repo/browser_use/llm/models.py:215
		api_key = os.getenv('CEREBRAS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbb153a16532bb05 Environment-variable access.
repo/browser_use/llm/models.py:222
		api_key = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ceaeb4877f6c4a9 Environment-variable access.
repo/browser_use/llm/vercel/chat.py:350
		api_key = self.api_key or os.getenv('AI_GATEWAY_API_KEY') or os.getenv('VERCEL_OIDC_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4d8e5b1adb42c54 Filesystem access.
repo/browser_use/mcp/cli_mcp.py:139
		with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #626d631f78191527 Environment-variable access.
repo/browser_use/mcp/cli_mcp.py:171
	os.environ.setdefault('BH_CLIENT', 'browser-use-mcp')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b83b33fa11e3fac8 Environment-variable access.
repo/browser_use/mcp/server.py:30
os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'critical'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d375ee257ef58b6 Environment-variable access.
repo/browser_use/mcp/server.py:31
os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f103e5ef19684d6 Environment-variable access.
repo/browser_use/mcp/server.py:64
	os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'warning'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6cc80f5e3f48b46 Environment-variable access.
repo/browser_use/mcp/server.py:65
	os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'  # Prevent automatic logging setup

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a338e5213d98bda Environment-variable access.
repo/browser_use/mcp/server.py:652
		model_provider = llm_config.get('model_provider') or os.getenv('MODEL_PROVIDER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f8bc20ada964cb5 Environment-variable access.
repo/browser_use/mcp/server.py:656
			llm_model = llm_config.get('model') or os.getenv('MODEL') or 'us.anthropic.claude-sonnet-4-20250514-v1:0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dffe8eadcd3bbce Environment-variable access.
repo/browser_use/mcp/server.py:657
			aws_region = llm_config.get('region') or os.getenv('REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5450160477f551cd Environment-variable access.
repo/browser_use/mcp/server.py:667
			api_key = llm_config.get('api_key') or os.getenv('OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fd655859db336b6 Environment-variable access.
repo/browser_use/observability.py:34
	lmnr_debug_mode = os.getenv('LMNR_LOGGING_LEVEL', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddc153e1cc3b10f9 Environment-variable access.
repo/browser_use/observability.py:49
	if os.environ.get('BROWSER_USE_VERBOSE_OBSERVABILITY', 'false').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99a8e11fea1feb18 Environment-variable access.
repo/browser_use/observability.py:53
	if os.environ.get('BROWSER_USE_VERBOSE_OBSERVABILITY', 'false').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8339595707dd19a Filesystem access.
repo/browser_use/sandbox/sandbox.py:127
		with open(module.__file__) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38a6a165545060b3 Environment-variable access.
repo/browser_use/sandbox/sandbox.py:288
			api_key = BROWSER_USE_API_KEY or os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d9917ea997632e5 Filesystem access.
repo/browser_use/skills/browser_use.py:55
		return skill_path.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61c60eb202992e7e Filesystem access.
repo/browser_use/skills/browser_use.py:58
		text = resources.files('browser_harness').joinpath('SKILL.md').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #263e383fd6ec1f9e Environment-variable access.
repo/browser_use/skills/install.py:15
	config_home = os.environ.get('XDG_CONFIG_HOME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d094c5cc0f84816 Filesystem access.
repo/browser_use/skills/install.py:178
			output_path.write_text(text, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be2176d89e575be0 Environment-variable access.
repo/browser_use/skills/service.py:30
		self.api_key = api_key or os.getenv('BROWSER_USE_API_KEY') or ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d99ceb2285c87b2b Filesystem access.
repo/browser_use/sync/auth.py:29
			device_id = device_id_path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f7f78b0bfb93094 Filesystem access.
repo/browser_use/sync/auth.py:43
	device_id_path.write_text(device_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba6a5f88becf6e4a Filesystem access.
repo/browser_use/sync/auth.py:62
				with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bc49cb9bb7645cc Filesystem access.
repo/browser_use/sync/auth.py:76
		with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #12677949f4884e30 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/sync/auth.py:132
			response = await self.http_client.post(
				f'{self.base_url.rstrip("/")}/api/v1/oauth/device/authorize',
				data={
					'client_id': self.client_id,
					'scope': self.scope,
					'agent_session_id': agent_session_id or '',
					'device_id': self.device_id,
				},
			)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #899b5b8fe9fcb54b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/sync/auth.py:145
				response = await client.post(
					f'{self.base_url.rstrip("/")}/api/v1/oauth/device/authorize',
					data={
						'client_id': self.client_id,
						'scope': self.scope,
						'agent_session_id': agent_session_id or '',
						'device_id': self.device_id,
					},
				)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1c6fa6c72a461053 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/sync/auth.py:173
					response = await self.http_client.post(
						f'{self.base_url.rstrip("/")}/api/v1/oauth/device/token',
						data={
							'grant_type': 'urn:ietf:params:oauth:grant-type:device_code',
							'device_code': device_code,
							'client_id': self.client_id,
						},
					)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #13b597801e43f3f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/sync/auth.py:225
						response = await client.post(
							f'{self.base_url.rstrip("/")}/api/v1/oauth/device/token',
							data={
								'grant_type': 'urn:ietf:params:oauth:grant-type:device_code',
								'device_code': device_code,
								'client_id': self.client_id,
							},
						)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9ff050d5e690594d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/sync/service.py:85
				response = await client.post(
					f'{self.base_url.rstrip("/")}/api/v1/events',
					json={'events': [event_data]},
					headers=headers,
					timeout=10.0,
				)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #53b448e43490b834 Environment-variable access.
repo/browser_use/telemetry/service.py:33
	_device_id = os.environ.get('BROWSER_USE_DEVICE_ID') or _persisted_device_id() or _machine_fingerprint() or uuid7str()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26113698532db430 Filesystem access.
repo/browser_use/telemetry/service.py:40
			with open(DEVICE_ID_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55a6d3c9d565faa0 Filesystem access.
repo/browser_use/telemetry/service.py:45
		with open(tmp_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #50bd3e3b474ad75f Hardcoded external endpoint. Review what data is sent to this destination.
repo/browser_use/tokens/openrouter_pricing.py:77
			response = await client.get(OPENROUTER_MODELS_URL, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3ae95cd768e518f6 Environment-variable access.
repo/browser_use/tokens/service.py:57
		self.include_cost = include_cost or os.getenv('BROWSER_USE_CALCULATE_COST', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dfd2033d92b4a81d Filesystem access.
repo/browser_use/tokens/service.py:122
			cached = CachedPricingData.model_validate_json(await anyio.Path(cache_file).read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce51cf0cc32f451e Filesystem access.
repo/browser_use/tokens/service.py:143
			content = await anyio.Path(cache_file).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #376dc1ff39777616 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/browser_use/tokens/service.py:155
				response = await client.get(self.pricing_url, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #32e939521d0bbcaa Filesystem access.
repo/browser_use/tokens/service.py:170
			await anyio.Path(cache_file).write_text(cached.model_dump_json(indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #995246c92de360c5 Filesystem access.
repo/browser_use/tokens/service.py:622
					cached = CachedPricingData.model_validate_json(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2be75e12791c929 Environment-variable access.
repo/browser_use/tools/service.py:142
_DEFAULT_ACTION_TIMEOUT_S = _parse_env_action_timeout(os.getenv('BROWSER_USE_ACTION_TIMEOUT_S'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7b3ba3a51723ce0 Environment-variable access.
repo/browser_use/utils.py:485
	return any_or_all(os.getenv(key, '').strip() for key in keys)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c69b339d7db0eb0c Filesystem access.
repo/browser_use/utils.py:649
			with open(pyproject_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f94c9622389c6aa3 Environment-variable access.
repo/browser_use/utils.py:654
					os.environ['LIBRARY_VERSION'] = version  # used by bubus event_schema so all Event schemas include versioning

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c32c5d25a5ca9e6 Environment-variable access.
repo/browser_use/utils.py:661
		os.environ['LIBRARY_VERSION'] = version

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #52019dd5a025e84f Hardcoded external endpoint. Review what data is sent to this destination.
repo/browser_use/utils.py:677
			response = await client.get('https://pypi.org/pypi/browser-use/json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #2efd9d4dff48c4c9 Environment-variable access.
repo/examples/apps/ad-use/ad_generator.py:15
		os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d05df07ae5cfe801 Environment-variable access.
repo/examples/apps/ad-use/ad_generator.py:16
		os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'critical'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #612b5f2dc45289b2 Environment-variable access.
repo/examples/apps/ad-use/ad_generator.py:19
		os.environ['BROWSER_USE_SETUP_LOGGING'] = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b620bc501d34fd94 Environment-variable access.
repo/examples/apps/ad-use/ad_generator.py:20
		os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'info'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #706835c03949210a Environment-variable access.
repo/examples/apps/ad-use/ad_generator.py:44
GOOGLE_API_KEY = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e08f0b9c629a4296 Environment-variable access.
repo/examples/apps/msg-use/login.py:8
GOOGLE_API_KEY = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4a6cb22e20b8eb97 Environment-variable access.
repo/examples/apps/msg-use/scheduler.py:19
		os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #045c4dddcb007b9c Environment-variable access.
repo/examples/apps/msg-use/scheduler.py:20
		os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'critical'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5e96cedfb56030fe Environment-variable access.
repo/examples/apps/msg-use/scheduler.py:23
		os.environ['BROWSER_USE_SETUP_LOGGING'] = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #558ce5fd90e9071a Environment-variable access.
repo/examples/apps/msg-use/scheduler.py:24
		os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'info'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3ea564dfa98cf9c0 Environment-variable access.
repo/examples/apps/msg-use/scheduler.py:37
GOOGLE_API_KEY = os.getenv('GOOGLE_API_KEY') or os.getenv('GEMINI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #82f987a265ab04bd Environment-variable access.
repo/examples/apps/news-use/news_monitor.py:23
		os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5355dff15b7b906a Environment-variable access.
repo/examples/apps/news-use/news_monitor.py:24
		os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'critical'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ddf5e91a04c0c31a Environment-variable access.
repo/examples/apps/news-use/news_monitor.py:27
		os.environ['BROWSER_USE_SETUP_LOGGING'] = 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #717f614e00152e44 Environment-variable access.
repo/examples/apps/news-use/news_monitor.py:28
		os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'info'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a2abda4eee2f639d Environment-variable access.
repo/examples/apps/news-use/news_monitor.py:43
GEMINI_API_KEY = os.getenv('GOOGLE_API_KEY') or 'xxxx'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #1abe2bcd54940bf1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/apps/news-use/news_monitor.py:96 · flow /tmp/closeopen-456vqd82/repo/examples/apps/news-use/news_monitor.py:43 → /tmp/closeopen-456vqd82/repo/examples/apps/news-use/news_monitor.py:96
		print(f'[DEBUG] Raw result type: {type(raw)}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #bf2571defd8630bd PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/apps/news-use/news_monitor.py:97 · flow /tmp/closeopen-456vqd82/repo/examples/apps/news-use/news_monitor.py:43 → /tmp/closeopen-456vqd82/repo/examples/apps/news-use/news_monitor.py:97
		print(f'[DEBUG] Raw result: {raw[:500] if isinstance(raw, str) else raw}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #b97f187386054751 Filesystem access.
repo/examples/apps/news-use/news_monitor.py:181
		with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #772963f4f0ed7564 Filesystem access.
repo/examples/apps/news-use/news_monitor.py:199
			with open(file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c6e8f1da8d278c55 Filesystem access.
repo/examples/apps/news-use/news_monitor.py:208
	with open(file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8821424c82d9cd75 Environment-variable access.
repo/examples/beta_agent/basic.py:18
	cdp_url = os.environ.get('BU_CDP_URL') or os.environ.get('BROWSER_USE_CDP_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b97581218d84838 Environment-variable access.
repo/examples/beta_agent/basic.py:20
	task = os.environ.get('BU_TASK', 'Open https://example.com and report the page title.')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #19a9c73eee974a15 Environment-variable access.
repo/examples/beta_agent/basic.py:21
	max_steps = int(os.environ.get('BU_MAX_STEPS', '20'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #6e37af979da5c898 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/browser/playwright_integration.py:111
				async with session.get(
					f'http://localhost:{port}/json/version', timeout=aiohttp.ClientTimeout(total=1)
				) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #a6d8917930d29ef1 Environment-variable access.
repo/examples/cloud/01_basic_task.py:24
API_KEY = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9c20ef3886cc00a0 Environment-variable access.
repo/examples/cloud/01_basic_task.py:30
BASE_URL = os.getenv('BROWSER_USE_BASE_URL', 'https://api.browser-use.com/api/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1e2b730e01d52028 Environment-variable access.
repo/examples/cloud/01_basic_task.py:31
TIMEOUT = int(os.getenv('BROWSER_USE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #451b0e0803676fac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/cloud/01_basic_task.py:41
			response = requests.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #44131efb9741377d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/01_basic_task.py:77 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/01_basic_task.py:24 → /tmp/closeopen-456vqd82/repo/examples/cloud/01_basic_task.py:77
	print(f'✅ Task created with ID: {task_id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #0951f80f06601b51 Environment-variable access.
repo/examples/cloud/02_fast_mode_gemini.py:28
API_KEY = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f893d144bd026e7c Environment-variable access.
repo/examples/cloud/02_fast_mode_gemini.py:34
BASE_URL = os.getenv('BROWSER_USE_BASE_URL', 'https://api.browser-use.com/api/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e10a6bc4b51773aa Environment-variable access.
repo/examples/cloud/02_fast_mode_gemini.py:35
TIMEOUT = int(os.getenv('BROWSER_USE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #c8535016d7f508c3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/cloud/02_fast_mode_gemini.py:45
			response = requests.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #a5363480d987d659 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/02_fast_mode_gemini.py:93 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:28 → /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:93
	print(f'✅ Fast task created with ID: {task_id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #614a13d672c71dba PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/02_fast_mode_gemini.py:139 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:28 → /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:139
		print(f'\r{step_msg:<80}', end='', flush=True)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #8541a98b9df46cc8 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/02_fast_mode_gemini.py:148 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:28 → /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:148
			print(f'\r🏁 Task completed in {total_time:.1f}s! {avg_msg}' + ' ' * 20)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #06071b6fbd42f4c4 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/02_fast_mode_gemini.py:152 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:28 → /tmp/closeopen-456vqd82/repo/examples/cloud/02_fast_mode_gemini.py:152
			print(f'\r❌ Task {status} after {elapsed:.1f}s' + ' ' * 30)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #cff825ed87c955a4 Environment-variable access.
repo/examples/cloud/03_structured_output.py:27
API_KEY = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6f531f31426fdb5f Environment-variable access.
repo/examples/cloud/03_structured_output.py:33
BASE_URL = os.getenv('BROWSER_USE_BASE_URL', 'https://api.browser-use.com/api/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7b0354524b4fe977 Environment-variable access.
repo/examples/cloud/03_structured_output.py:34
TIMEOUT = int(os.getenv('BROWSER_USE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #a58f698151a0630c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/cloud/03_structured_output.py:44
			response = requests.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #82e9b5f0c68e2c1a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/03_structured_output.py:127 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:27 → /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:127
	print(f'✅ Structured task created: {task_id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #6cffc1a8f0e7f131 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/03_structured_output.py:162 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:27 → /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:162
		print(f'\r{status_msg:<80}', end='', flush=True)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #ebc787d9e9a3cb88 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/03_structured_output.py:165 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:27 → /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:165
			print(f'\r✅ Structured data extracted! ({steps} steps in {elapsed:.1f}s)' + ' ' * 20)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #e04386428d45ef21 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/03_structured_output.py:169 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:27 → /tmp/closeopen-456vqd82/repo/examples/cloud/03_structured_output.py:169
			print(f'\r❌ Task {status} after {steps} steps' + ' ' * 30)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #00703c68a05bf682 Environment-variable access.
repo/examples/cloud/04_proxy_usage.py:26
API_KEY = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f263e7a757fa8456 Environment-variable access.
repo/examples/cloud/04_proxy_usage.py:32
BASE_URL = os.getenv('BROWSER_USE_BASE_URL', 'https://api.browser-use.com/api/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #83e7f80ecfd81898 Environment-variable access.
repo/examples/cloud/04_proxy_usage.py:33
TIMEOUT = int(os.getenv('BROWSER_USE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #1da3080487b07e3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/cloud/04_proxy_usage.py:43
			response = requests.request(method, url, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #10020affac57b720 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/04_proxy_usage.py:87 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:26 → /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:87
	print(f'✅ Task created with {country_code.upper()} proxy: {task_id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #f8e6cad123883d34 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/04_proxy_usage.py:181 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:26 → /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:181
		print(f'\r{status_msg:<80}', end='', flush=True)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #c99681c77f61c5d1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/04_proxy_usage.py:184 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:26 → /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:184
			print(f'\r✅ Task completed in {steps} steps! ({elapsed:.1f}s total)' + ' ' * 20)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #c653eea90d63c052 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/04_proxy_usage.py:188 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:26 → /tmp/closeopen-456vqd82/repo/examples/cloud/04_proxy_usage.py:188
			print(f'\r❌ Task {status} after {steps} steps' + ' ' * 30)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #a6942ef9ee0ff253 Environment-variable access.
repo/examples/cloud/05_search_api.py:24
API_KEY = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #41831a8335d9c722 Environment-variable access.
repo/examples/cloud/05_search_api.py:30
BASE_URL = os.getenv('BROWSER_USE_BASE_URL', 'https://api.browser-use.com/api/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #17ceca954054e11d Environment-variable access.
repo/examples/cloud/05_search_api.py:31
TIMEOUT = int(os.getenv('BROWSER_USE_TIMEOUT', '30'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #e419144db0771a47 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/cloud/05_search_api.py:63
		async with session.post(f'{BASE_URL}/simple-search', json=payload, headers=HEADERS) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #aecd7094571a5d60 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/05_search_api.py:68 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:24 → /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:68
					print(f'✅ Found results from {len(result.get("results", []))} websites in {elapsed:.1f}s')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #5df4fdd53db89347 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/05_search_api.py:76 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:24 → /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:76
				print(f'❌ Search failed: {response.status} - {error_text} (after {elapsed:.1f}s)')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only Excluded from app score #924765912f32f304 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/cloud/05_search_api.py:108
		async with session.post(f'{BASE_URL}/search-url', json=payload, headers=HEADERS) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #5050e255afcf3ba0 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/05_search_api.py:113 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:24 → /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:113
					print(f'✅ Extracted content from {result.get("url", "website")} in {elapsed:.1f}s')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #45208e1b5020a75d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/cloud/05_search_api.py:121 · flow /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:24 → /tmp/closeopen-456vqd82/repo/examples/cloud/05_search_api.py:121
				print(f'❌ URL search failed: {response.status} - {error_text} (after {elapsed:.1f}s)')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #9eefb13ccf727063 Environment-variable access.
repo/examples/custom-functions/2fa.py:13
secret_key = os.environ.get('OTP_SECRET_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0b4c6ad46b484e77 Environment-variable access.
repo/examples/custom-functions/advanced_search.py:32
SERP_API_KEY = os.getenv('SERPER_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #ef968a5e6a22c9d6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/custom-functions/advanced_search.py:42
	conn = http.client.HTTPSConnection('google.serper.dev')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #7061060a51769495 Environment-variable access.
repo/examples/custom-functions/cua.py:222
		client = AsyncOpenAI(api_key=os.getenv('OPENAI_API_KEY'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #231a650b7d689956 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/custom-functions/cua.py:257 · flow /tmp/closeopen-456vqd82/repo/examples/custom-functions/cua.py:222 → /tmp/closeopen-456vqd82/repo/examples/custom-functions/cua.py:257
		print(f'📥 CUA response received: {response}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #91f1f8873ce913d7 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/custom-functions/cua.py:264 · flow /tmp/closeopen-456vqd82/repo/examples/custom-functions/cua.py:222 → /tmp/closeopen-456vqd82/repo/examples/custom-functions/cua.py:264
		print(f'🎬 Executing CUA action: {action.type} - {action}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #725f7316872f7d7a Environment-variable access.
repo/examples/custom-functions/cua.py:341
	if not os.getenv('OPENAI_API_KEY'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0697a319d1ea8d04 Filesystem access.
repo/examples/custom-functions/file_upload.py:86
			await anyio.Path(file_path).write_text('Test file content for upload example')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8e4a37e283ec8778 Environment-variable access.
repo/examples/custom-functions/onepassword_2fa.py:20
OP_SERVICE_ACCOUNT_TOKEN = os.getenv('OP_SERVICE_ACCOUNT_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #276c2140da638876 Environment-variable access.
repo/examples/custom-functions/onepassword_2fa.py:21
OP_ITEM_ID = os.getenv('OP_ITEM_ID')  # Go to 1Password, right click on the item, click "Copy Secret Reference"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f2a874e547a7b281 Environment-variable access.
repo/examples/custom-functions/parallel_agents.py:288
	api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #de7b3bd23e4486d9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/custom-functions/parallel_agents.py:297 · flow /tmp/closeopen-456vqd82/repo/examples/custom-functions/parallel_agents.py:288 → /tmp/closeopen-456vqd82/repo/examples/custom-functions/parallel_agents.py:297
		print(f'⚠️  Warning: GOOGLE_API_KEY seems too short ({len(api_key)} characters)')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #69e822a408ceca65 Filesystem access.
repo/examples/custom-functions/save_to_file_hugging_face.py:34
	with open('models.txt', 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f9ebd3d7f39c136e Filesystem access.
repo/examples/features/add_image_context.py:39
		with open(image_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7b484d9a193c8270 Environment-variable access.
repo/examples/features/download_file.py:14
api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #d4ff327eab0c8c6b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/examples/features/large_blocklist.py:42
	with urllib.request.urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #c3303e1d8e9735ae Environment-variable access.
repo/examples/features/scrolling_page.py:16
if not os.getenv('OPENAI_API_KEY'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d66aeada53a2d3f5 Environment-variable access.
repo/examples/features/secure.py:53
os.environ['ANONYMIZED_TELEMETRY'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9b3f97063bb38de1 Environment-variable access.
repo/examples/features/secure.py:59
api_key = os.getenv('AZURE_OPENAI_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a194e4c0b9bd3ab2 Environment-variable access.
repo/examples/features/secure.py:60
azure_endpoint = os.getenv('AZURE_OPENAI_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c30ffa0b2a8daf5f Environment-variable access.
repo/examples/integrations/discord/discord_example.py:50
bot_token = os.getenv('DISCORD_BOT_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8cd9cd1176f9b48f Environment-variable access.
repo/examples/integrations/discord/discord_example.py:54
api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cfdf6a7f5b4af92f Filesystem access.
repo/examples/integrations/gmail_2fa_integration.py:67
			with open(self.credentials_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9c3dfe107a531475 Environment-variable access.
repo/examples/integrations/slack/slack_example.py:16
bot_token = os.getenv('SLACK_BOT_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9f4f1c43088c7aae Environment-variable access.
repo/examples/integrations/slack/slack_example.py:20
signing_secret = os.getenv('SLACK_SIGNING_SECRET')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #eab91399cf71b49e Environment-variable access.
repo/examples/integrations/slack/slack_example.py:24
api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #08eaa222869b0191 Environment-variable access.
repo/examples/models/azure_openai.py:31
api_key = os.getenv('AZURE_OPENAI_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #42e8ed83174301d4 Environment-variable access.
repo/examples/models/azure_openai.py:32
azure_endpoint = os.getenv('AZURE_OPENAI_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f3d1f19f6c4e1e3f Environment-variable access.
repo/examples/models/browser_use_llm.py:18
if not os.getenv('BROWSER_USE_API_KEY'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8464487c4c45cabe Environment-variable access.
repo/examples/models/browser_use_provider_models.py:29
if not os.getenv('BROWSER_USE_API_KEY'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2f371a0b2adc220c Environment-variable access.
repo/examples/models/cerebras_example.py:38
	api_key = os.getenv('CEREBRAS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #86999bacb21d5853 Environment-variable access.
repo/examples/models/deepseek-chat.py:13
deepseek_api_key = os.getenv('DEEPSEEK_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b64017ddcdcaec70 Environment-variable access.
repo/examples/models/gemini-3.py:13
api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #795fc0ec29b9fb03 Environment-variable access.
repo/examples/models/gemini.py:13
api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a9a21042c1554c5f Environment-variable access.
repo/examples/models/llama4-groq.py:15
groq_api_key = os.environ.get('GROQ_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #75686256376d94be Environment-variable access.
repo/examples/models/modelscope_example.py:17
api_key = os.getenv('MODELSCOPE_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #61e2ca51503d7d1f Environment-variable access.
repo/examples/models/moonshot.py:11
api_key = os.getenv('MOONSHOT_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #85972bd24c8cc71c Environment-variable access.
repo/examples/models/novita.py:20
api_key = os.getenv('NOVITA_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d457fa4e8b42181 Environment-variable access.
repo/examples/models/openrouter.py:21
	api_key=os.getenv('OPENROUTER_API_KEY'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bcf7d4c5ccd77348 Environment-variable access.
repo/examples/models/qwen.py:11
api_key = os.getenv('ALIBABA_CLOUD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0044ecc71d406b9c Environment-variable access.
repo/examples/models/vercel_ai_gateway.py:23
api_key = os.getenv('AI_GATEWAY_API_KEY') or os.getenv('VERCEL_OIDC_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #275292437a63f348 Environment-variable access.
repo/examples/models/vercel_ai_gateway.py:63
						'apiKey': os.getenv('ANTHROPIC_API_KEY', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0c6775852a05c330 Environment-variable access.
repo/examples/observability/openLLMetry.py:16
api_key = os.getenv('TRACELOOP_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #13b5358c48e7eaa5 Environment-variable access.
repo/examples/sandbox/example.py:50
	if not os.getenv('BROWSER_USE_API_KEY'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7510f72213e3f87f Environment-variable access.
repo/examples/sandbox/structured_output.py:39
	if not os.getenv('BROWSER_USE_API_KEY'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a6ed911b71d043c7 Environment-variable access.
repo/examples/ui/command_line.py:36
		api_key = os.getenv('ANTHROPIC_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4dd6fc4393b6c380 Environment-variable access.
repo/examples/ui/command_line.py:44
		api_key = os.getenv('OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #78a65a159c58bfcb Environment-variable access.
repo/examples/ui/gradio_demo.py:67
	os.environ['OPENAI_API_KEY'] = api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #585f9b4bd3cd14aa Environment-variable access.
repo/examples/ui/streamlit_demo.py:33
		api_key = os.getenv('ANTHROPIC_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #118ca9fc23aaf331 Environment-variable access.
repo/examples/ui/streamlit_demo.py:42
		api_key = os.getenv('OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #18534c1dcedeca80 Filesystem access.
repo/examples/use-cases/apply_to_job.py:120
	with open(test_data_path) as f:  # noqa: ASYNC230

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9487b807d6fea551 Environment-variable access.
repo/examples/use-cases/check_appointment.py:19
if not os.getenv('OPENAI_API_KEY'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #57caf766b18d5a32 Environment-variable access.
repo/examples/use-cases/find_influencer_profiles.py:35
BEARER_TOKEN = os.getenv('BEARER_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #cb52997cb6cd0465 Hardcoded external endpoint. Review what data is sent to this destination.
repo/examples/use-cases/find_influencer_profiles.py:48
		response = await client.post(
			'https://asktessa.ai/api/search',
			headers=headers,
			json={'query': query},
		)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #5e18a6e2fc5bb11a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/examples/use-cases/find_influencer_profiles.py:61 · flow /tmp/closeopen-456vqd82/repo/examples/use-cases/find_influencer_profiles.py:35 → /tmp/closeopen-456vqd82/repo/examples/use-cases/find_influencer_profiles.py:61
	print(result_text)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #9c0342cdd27e3128 Environment-variable access.
repo/examples/use-cases/onepassword.py:28
	token = os.getenv('OP_SERVICE_ACCOUNT_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #3f85f821316d1f46 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/sync_browser_harness_skill.py:18
		with urlopen(source, timeout=30) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #994b9ec884221ffa Filesystem access.
repo/scripts/sync_browser_harness_skill.py:20
	return Path(source).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b5a576d219c13878 Filesystem access.
repo/scripts/sync_browser_harness_skill.py:55
			actual = output_path.read_text(encoding='utf-8') if output_path.exists() else ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d524061edb31ed5a Filesystem access.
repo/scripts/sync_browser_harness_skill.py:72
		output_path.write_text(expected, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

lmnr

python dependency
medium telemetry dependency Excluded from app score #0b3411692b2aabd7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:4
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95ebb37e1cfbbdc5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/__init__.py:5
from opentelemetry.sdk.resources import SERVICE_NAME

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0a5184a85f0ce583 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1983279e165f0606 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/decorators/__init__.py:7
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #be8806282011277d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:6
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import GEN_AI_PROMPT

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #53660967ac1211be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/__init__.py:7
from opentelemetry.trace import SpanKind, Status, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #942a323bb4e4abe0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:3
from opentelemetry.sdk.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2784a56b6076a573 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/litellm/utils.py:4
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b77b84945e1cad1d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ef82b9f536b36625 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:29
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aa72e43ac13c221c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:30
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b62cee218490a6ae Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:31
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_SYSTEM,
    GEN_AI_USAGE_COMPLETION_TOKENS,
    GEN_AI_USAGE_PROMPT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4ec8d67aa7c11c00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:36
from opentelemetry.semconv_ai import (
    SUPPRESS_LANGUAGE_MODEL_INSTRUMENTATION_KEY,
    LLMRequestTypeValues,
    SpanAttributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #51252438731a9f0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:41
from opentelemetry.trace import Span, SpanKind, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #50dd3cc25f99b02f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/__init__.py:42
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85584b3ec662c084 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/span_utils.py:15
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_COMPLETION,
    GEN_AI_PROMPT,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_COMPLETION_TOKENS,
    GEN_AI_USAGE_PROMPT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1acce42c76c9a236 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/span_utils.py:27
from opentelemetry.semconv_ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #792e1cf58094f83c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:11
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_COMPLETION_TOKENS,
    GEN_AI_USAGE_PROMPT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5047cd00b44bb8c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:17
from opentelemetry.semconv_ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b28faf950f5c2fef Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/streaming.py:18
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9342e733d8904a7e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:10
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2206a37804abc174 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:12
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_RESPONSE_MODEL,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #094dff3f5fbcd2df Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:15
from opentelemetry.semconv_ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d6bdb6cdec031eaa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #037913b00afc75f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/__init__.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3eed5c703d6bdc7d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:11
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #638e4866129eedd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/span_utils.py:12
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f2b890a93b66fc6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:10
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c11a3e949e44c82f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #693c315ad9f8940d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #022945b9e084212d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:11
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae87a4f9d0abd998 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_agent/__init__.py:12
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d90701be8814573d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:9
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #aeec067315231adf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:10
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #658576f6f2d85a5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:12
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #99493056a7381c49 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae694d1757199098 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/cua_computer/__init__.py:14
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b369a4f8f9441039 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:7
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a51d0008f4c3edba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:8
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #81dd338fe88b759d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:9
from opentelemetry.trace import Status, StatusCode, Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a60f4fec1376bbb2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:10
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bfa434c76cac0796 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:11
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0d1ed98d7fdfb87b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:12
from opentelemetry._logs import LogRecord, Logger, get_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ddd83001fa2a8b12 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/daytona/wrappers.py:13
from opentelemetry._logs.severity import SeverityNumber

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ec6b5e81d0b064f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:33
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #156a0e4d324c5c92 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:36
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #66e09c60278a7e95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:37
from opentelemetry.trace import get_tracer, Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0e33ec48db3150ab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:38
from opentelemetry.semconv._incubating.attributes import gen_ai_attributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad541cfb7b5f4e9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:39
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e82c35c49ea9c75 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:41
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #24d034ab6453b016 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:42
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #36a616e13786201f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:44
from opentelemetry.semconv_ai import (
    SUPPRESS_LANGUAGE_MODEL_INSTRUMENTATION_KEY,
    SpanAttributes,
    LLMRequestTypeValues,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f2e688b92783cf3c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/rollout.py:12
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7564bd4eb6fa1865 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/utils.py:13
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c92c6efcb4dea121 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:7
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72e6c1ea0a6865f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:19
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a6891c58cc69281e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:20
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY, unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #60b058584ffb4620 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:21
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_SYSTEM,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #14610abe94052222 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:24
from opentelemetry.semconv_ai import (
    SUPPRESS_LANGUAGE_MODEL_INSTRUMENTATION_KEY,
    LLMRequestTypeValues,
    SpanAttributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4632d111d406b3dd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:29
from opentelemetry.trace import SpanKind, Tracer, get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b23aefc002c4f62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:30
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e9b4182281c05287 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/span_utils.py:9
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_COMPLETION,
    GEN_AI_PROMPT,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_COMPLETION_TOKENS,
    GEN_AI_USAGE_PROMPT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26708037f818a732 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/span_utils.py:21
from opentelemetry.semconv_ai import (
    SpanAttributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e3e45c17554ce402 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:6
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5db8a0d55249beff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:13
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #017705a4b6e85b99 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:14
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #628d283c7dd4fab9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/kernel/__init__.py:16
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c98e32ba3cbb9aab Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:12
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8df86e199db9bf16 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:14
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #78bd1b6a9612f8bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:15
from opentelemetry.context import get_value, attach, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b0213de3efb00956 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:17
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a81fe616e109c7a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/__init__.py:18
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #85275f80e2198008 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/langgraph/utils.py:5
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8bce0193ee9e56e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/__init__.py:4
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f761830b774eaa89 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #338309b254f5e2a9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/completions/streaming.py:4
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43df29394b96ce83 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/__init__.py:3
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2bdaeb99a9596c97 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/litellm/wrappers/responses/streaming.py:3
from opentelemetry.trace import Span, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0a61a083f5f47317 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/__init__.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a5f001877ab7e14 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/rollout.py:25
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79bdc0e9ba9fb39d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:12
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_PROMPT,
    GEN_AI_REQUEST_MAX_TOKENS,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_REQUEST_TEMPERATURE,
    GEN_AI_REQUEST_TOP_P,
    GEN_AI_RESPONSE_ID,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_SYSTEM,
    GEN_AI_USAGE_COMPLETION_TOKENS,
    GEN_AI_USAGE_PROMPT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72808c2805e9267d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:24
from opentelemetry.semconv_ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ed09c9a5994e6b4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:25
from opentelemetry.trace.propagation import set_span_in_context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6d686467891979ca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/__init__.py:26
from opentelemetry.trace.propagation.tracecontext import TraceContextTextMapPropagator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fdc166cee5377e2a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:5
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4d8892fea4441fbd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:30
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #68c2bb1fcb72484d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:31
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1921689770f79b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:32
from opentelemetry.semconv_ai import (
    SUPPRESS_LANGUAGE_MODEL_INSTRUMENTATION_KEY,
    LLMRequestTypeValues,
    SpanAttributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #564069b58864fb40 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:37
from opentelemetry.trace import SpanKind, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0b696d23bacf98e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/chat_wrappers.py:38
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8297cec34ae17911 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #44f7e8b7730180a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:29
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7530ec9faf1f6827 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:30
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bafc920a13976f42 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:31
from opentelemetry.semconv_ai import (
    SUPPRESS_LANGUAGE_MODEL_INSTRUMENTATION_KEY,
    LLMRequestTypeValues,
    SpanAttributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #872cdc3f9a4746e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:36
from opentelemetry.trace import SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d5d41a2f7385679b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/completion_wrappers.py:37
from opentelemetry.trace.status import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cee909cd59255ea8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/config.py:3
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4335c62c645d481a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #27fcbeef7bf9a6f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:24
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3b66dced1b2740a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:25
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5f3c83e2ed8f1aaf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:26
from opentelemetry.semconv_ai import (
    SUPPRESS_LANGUAGE_MODEL_INSTRUMENTATION_KEY,
    LLMRequestTypeValues,
    SpanAttributes,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e3d9937e813e24e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/embeddings_wrappers.py:31
from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c2a25302e11c994 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/image_gen_wrappers.py:3
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9af4a9a82ef60be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/image_gen_wrappers.py:13
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2a2d11d32e74a4c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/image_gen_wrappers.py:14
from opentelemetry.metrics import Counter, Histogram

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #eab2777926557e4d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/shared/image_gen_wrappers.py:15
from opentelemetry.semconv_ai import SUPPRESS_LANGUAGE_MODEL_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #79207f8ca10201a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:11
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #460c93939f9122f5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:12
from opentelemetry._events import EventLogger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c68529d574a6c885 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:3
from opentelemetry._events import get_event_logger

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b06efc1eb7d05427 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:4
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f2f1d3b1915ff4e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:19
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76d585c485773181 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v0/__init__.py:20
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4f05fd7ef6e50385 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #842af7790d0403c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:34
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #be93de2cd213f417 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/__init__.py:35
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #dd5ade77dd7bd188 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:4
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4a0c7f21319080fb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:18
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e7ce23e49cf58f2f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:19
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3d8ebed3fa1539f0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:20
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_COMPLETION,
    GEN_AI_PROMPT,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_SYSTEM,
    GEN_AI_USAGE_COMPLETION_TOKENS,
    GEN_AI_USAGE_PROMPT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00560cf136ed2f68 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:29
from opentelemetry.semconv_ai import LLMRequestTypeValues, SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e279be06e52cdf96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/assistant_wrappers.py:30
from opentelemetry.trace import SpanKind, Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1aa9a10f943c6ee0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:3
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #367320b388f3f87b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:4
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_COMPLETION,
    GEN_AI_USAGE_COMPLETION_TOKENS,
    GEN_AI_USAGE_PROMPT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f6f31fc35cc4208c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/event_handler_wrapper.py:9
from opentelemetry.trace import Status, StatusCode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #43fdcdcc9152a6c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:45
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #921f61c2bb1866f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:46
from opentelemetry.instrumentation.utils import _SUPPRESS_INSTRUMENTATION_KEY

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e0885772f41976ba Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:47
from opentelemetry.semconv_ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32a4ec3123c74314 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:48
from opentelemetry.semconv.attributes.error_attributes import ERROR_TYPE

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e4cb93af54794642 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:49
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_COMPLETION,
    GEN_AI_PROMPT,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_ID,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_SYSTEM,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc45f28e65858e62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/v1/responses_wrappers.py:59
from opentelemetry.trace import SpanKind, Span, StatusCode, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3853a823c30375c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openhands_ai/__init__.py:17
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #76f771fc04a81162 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openhands_ai/__init__.py:18
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9b23bd51dc3d27e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openhands_ai/__init__.py:19
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f640a83e1ab32576 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:1
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #025fec63cbe2d30c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:2
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #46c776e0909c2cf8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/opentelemetry/__init__.py:3
from opentelemetry.trace import TraceFlags, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e8302d6534cebfa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:8
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #70112feed40063be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/base_instrumentor.py:9
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #181466fd30bf976a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/types.py:3
from opentelemetry.trace import Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b763b1232fa073a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:6
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cba91481347718bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/shared/utils.py:7
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e71f1331c9b0bec7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:5
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bbbaffc8d271676f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:6
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1758a3be28f5392 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/skyvern/__init__.py:7
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7b990c72d40c535b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:59
from opentelemetry import context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d4762afeddab267 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:60
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6648c81844842816 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/threading/__init__.py:61
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #23522a465d449cfb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:24
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #684af283d1d6c573 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:25
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4473c408f67df871 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:30
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1008cee04481189 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:31
from opentelemetry.sdk.trace import TracerProvider, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2317dcc9aa2a6002 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:32
from opentelemetry.sdk.trace.export import SpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #25510cbadfd487a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:33
from opentelemetry._logs import get_logger_provider, set_logger_provider, NoOpLoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26da5d5f9f9ac457 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:34
from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6cf9f416283285a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/__init__.py:35
from opentelemetry.sdk._logs.export import BatchLogRecordProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c74bedd5b92a28a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:3
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad9107dc7ac91c2e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:27
        from opentelemetry.instrumentation.alephalpha import AlephAlphaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #20fb74026b364c30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:51
        from opentelemetry.instrumentation.bedrock import BedrockInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df0b2eb04cd510e7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:122
        from opentelemetry.instrumentation.chromadb import ChromaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8643733806ea7fd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:147
        from opentelemetry.instrumentation.cohere import CohereInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32fd29ad8a05fb79 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:159
        from opentelemetry.instrumentation.crewai import CrewAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e769303c55a2346 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:224
        from opentelemetry.instrumentation.haystack import HaystackInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3f9438e156d82137 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:246
        from opentelemetry.instrumentation.lancedb import LanceInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #901bc6bb718ddad2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:258
        from opentelemetry.instrumentation.langchain import LangchainInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #017a6fa31bcc5bdf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:294
        from opentelemetry.instrumentation.llamaindex import LlamaIndexInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5d1c6f3667757b8f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:306
        from opentelemetry.instrumentation.marqo import MarqoInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fa3957ea52dfb6c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:318
        from opentelemetry.instrumentation.mcp import McpInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d090e35f3b89e60 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:330
        from opentelemetry.instrumentation.milvus import MilvusInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3967334d4d756c00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:342
        from opentelemetry.instrumentation.mistralai import MistralAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bafcdc67b4a8a33c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:354
        from opentelemetry.instrumentation.ollama import OllamaInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c36a785d3ece6a53 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:409
        from opentelemetry.instrumentation.pinecone import PineconeInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d279ce4366b58f1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:436
        from opentelemetry.instrumentation.qdrant import QdrantInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc79a2da1e9f88c3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:448
        from opentelemetry.instrumentation.replicate import ReplicateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #32c37c917e4f7cad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:460
        from opentelemetry.instrumentation.sagemaker import SageMakerInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #177c2d6b03547020 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:482
        from opentelemetry.instrumentation.together import TogetherAiInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #19c30204257ea4a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:494
        from opentelemetry.instrumentation.transformers import TransformersInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35200fabfd5aa176 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:506
        from opentelemetry.instrumentation.vertexai import VertexAIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #56ed749d2cea038f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:521
        from opentelemetry.instrumentation.watsonx import WatsonxInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #70fdfdc339e3b110 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/_instrument_initializers.py:533
        from opentelemetry.instrumentation.weaviate import WeaviateInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ab48f15a7666bb99 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/attributes.py:2
from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
    GEN_AI_SYSTEM,
    GEN_AI_REQUEST_MODEL,
    GEN_AI_RESPONSE_MODEL,
    GEN_AI_USAGE_INPUT_TOKENS,
    GEN_AI_USAGE_OUTPUT_TOKENS,
    GEN_AI_RESPONSE_ID,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5776ba268513cc3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/attributes.py:10
from opentelemetry.semconv_ai import SpanAttributes

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1e197a76825f41d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/context.py:7
from opentelemetry.context import Context, Token, create_key, get_value, set_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9959355881b053f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:6
from opentelemetry.sdk.trace.export import SpanExporter, SpanExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #370959cea87f317c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:7
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #254ea419e9cf6342 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:8
from opentelemetry.sdk._logs import ReadableLogRecord

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0c5314c2e30999d6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:9
from opentelemetry.sdk._logs.export import LogRecordExporter, LogRecordExportResult

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3bb69adf2374ba34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:10
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import (
    OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #016b3f3cfdb283f6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:13
from opentelemetry.exporter.otlp.proto.grpc._log_exporter import (
    OTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d6f4667d956433f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:16
from opentelemetry.exporter.otlp.proto.http import Compression as HTTPCompression

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f65f9b8215c03ab0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:17
from opentelemetry.exporter.otlp.proto.http.trace_exporter import (
    OTLPSpanExporter as HTTPOTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #704e07867b1dbe24 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/exporter.py:20
from opentelemetry.exporter.otlp.proto.http._log_exporter import (
    OTLPLogExporter as HTTPOTLPLogExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c4b1394ebf29ec3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:6
from opentelemetry.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c786a7ccb145b761 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/instruments.py:11
    from opentelemetry.sdk._logs import LoggerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c6f965cb08847e3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:6
from opentelemetry.sdk.trace.export import (
    SpanProcessor,
    SpanExporter,
    BatchSpanProcessor,
    SimpleSpanProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae7c5f23aeac95b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:12
from opentelemetry.sdk.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f24ed95acc4b97d8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/processor.py:13
from opentelemetry.context import Context, get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a1d2d499e175757a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:8
from opentelemetry.sdk.resources import Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #230b02bf89e09a30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:9
from opentelemetry.sdk.trace import Event, ReadableSpan, Span as SDKSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3383596d49b6bd46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:10
from opentelemetry.sdk.util.instrumentation import (
    InstrumentationInfo,
    InstrumentationScope,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a40be06c19688113 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:14
from opentelemetry.trace import Link, Span, SpanContext, SpanKind, Status

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #057600086147a502 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:15
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83fae8b5b492f693 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/span.py:16
from opentelemetry.context import detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6756abf1c4c04f22 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:4
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45a895ca821e5365 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/tracer.py:5
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8d50e83636779692 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/tracing/utils.py:1
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4faf49bc8d8b8ad5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:12
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf4c0f79f2cc107b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:13
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #191cdfe7f4885705 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_cdp_otel.py:14
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cc9599307dc23c2c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:6
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03fcc054174596a0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:7
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd924941a14c2a8d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/browser_use_otel.py:8
from opentelemetry.trace import get_tracer, Tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bec2ce016b1522e1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:7
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #80b5393e10fb294f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:8
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b16729e1b9be8bca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/bubus_otel.py:9
from opentelemetry.trace import NonRecordingSpan, get_current_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1f62a882188b0bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:9
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1acc85956b137112 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:10
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2ea72f7c2647a1f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:11
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #244a1da84f706ccf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/patchright_otel.py:12
from opentelemetry.trace import get_tracer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0ce502928f306919 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:15
from opentelemetry.instrumentation.instrumentor import BaseInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbcb847a40ba3c6a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:16
from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #798ff48cf78c97fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/playwright_otel.py:17
from opentelemetry.trace import (
    get_tracer,
    Tracer,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3d6e2d65a841b8f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ae403e9c8a64cbf1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:18
from opentelemetry.context import get_value

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e1825ad8c4736d73 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:34
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #085452c5f2a23f65 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:35
from opentelemetry import context as context_api

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cbc85bdb55968f8a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:36
from opentelemetry.trace import INVALID_TRACE_ID, Span, Status, StatusCode, use_span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2e04529d550eeeb1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:37
from opentelemetry.sdk.trace.id_generator import RandomIdGenerator

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #83f15db7237bbcc2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:38
from opentelemetry.util.types import AttributeValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #00abb7b4bf3dd725 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/src/lmnr/sdk/types.py:10
from opentelemetry.trace import SpanContext, TraceFlags

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 85 low-confidence finding(s)
low env_fs dependency Excluded from app score #3b2f338125ca0d48 Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/datasets.py:113
        output_path.write_text(_dump_json([item.model_dump() for item in data]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4244c27ef30fd052 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:33
        os.environ["LMNR_FRONTEND_PORT"] = str(args.frontend_port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72a2d4ce8e9d5fd0 Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/evals.py:112
            with open(args.output_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f9f64356c3e83b91 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:28
        with urllib.request.urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #db3ae919b5e7833a Filesystem access.
pkgs/python/[email protected]/src/lmnr/cli/rules.py:32
        with open(target_file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #905ef1847d1cd4ba Environment-variable access.
pkgs/python/[email protected]/src/lmnr/cli/worker.py:206
        os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73e39608b6356ce6 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/cli/worker.py:221
        project_api_key = os.environ.get("LMNR_PROJECT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82cee3627e43604a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/anthropic/utils.py:33
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f07537004522852 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/proxy.py:32
        env_val = os.environ.get("LMNR_CC_PROXY_MAX_PORTS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b1666078fc9c6da Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:31
        if key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b548ce43bdc98dc Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:33
            snapshot[key] = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35fedaa2a1db498e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:49
            os.environ[key] = value if value is not None else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daed12c2e020124b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:51
            os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e36f0d0cb2e19c6a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:123
        return env_dict.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e3017730d9c17f9 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:185
        "ANTHROPIC_BASE_URL": os.environ.get("ANTHROPIC_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d7c5deb348a1027 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:186
        "ANTHROPIC_ORIGINAL_BASE_URL": os.environ.get("ANTHROPIC_ORIGINAL_BASE_URL"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c448f56c42945c7 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:187
        "HTTP_PROXY": os.environ.get("HTTP_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67ed8d0481a5bd25 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:188
        "HTTPS_PROXY": os.environ.get("HTTPS_PROXY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc32776917ab3661 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:193
    if "ANTHROPIC_ORIGINAL_BASE_URL" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef8493f8dd33caa1 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:196
            os.environ["ANTHROPIC_ORIGINAL_BASE_URL"] = target

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71e0bb5a4f095451 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:200
    os.environ["ANTHROPIC_BASE_URL"] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad0f01f480137fb6 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:204
        os.environ.pop(proxy_var, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b548883196ab6d3 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:207
    if is_truthy_env(os.environ.get(FOUNDRY_USE_ENV)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f03a16ed99e70925 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:208
        snapshot[FOUNDRY_BASE_URL_ENV] = os.environ.get(FOUNDRY_BASE_URL_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f9d7bfa6be103ce Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:209
        snapshot[FOUNDRY_RESOURCE_ENV] = os.environ.get(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #141eb86299097de9 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:211
        os.environ[FOUNDRY_BASE_URL_ENV] = proxy_url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94d8b6742a5479d1 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/utils.py:212
        os.environ.pop(FOUNDRY_RESOURCE_ENV, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d73fe409d42655d6 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:212
            if FOUNDRY_RESOURCE_ENV in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f62c816b86a5e95 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:213
                original_env[FOUNDRY_RESOURCE_ENV] = os.environ[FOUNDRY_RESOURCE_ENV]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #515db2e078168680 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:215
                os.environ.pop(FOUNDRY_RESOURCE_ENV)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d987eba1e1e683ed Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:219
                if proxy_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #137c894aedbf4ea8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:220
                    original_env[proxy_var] = os.environ[proxy_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a843432e56a7cbaa Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:222
                    os.environ.pop(proxy_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04df774ac5ec9f1a Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/claude_agent/wrappers.py:396
        return options.env.get(key) or os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8709df4b68a473d2 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/google_genai/__init__.py:92
        os.getenv("LAMINAR_TRACE_CONTENT") or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ceeccb7b147d88 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/__init__.py:281
    return (os.getenv("TRACELOOP_METRICS_ENABLED") or "true").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #268f94aa7b8148cc Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/groq/utils.py:24
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #285a407628b67f29 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/opentelemetry_lib/opentelemetry/instrumentation/openai/utils.py:166
        os.getenv(LMNR_TRACE_CONTENT) or "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f116855570b7943 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:58
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac60fd62a4d5fcfa Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/cdp_utils.py:61
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fa50a62bc448e22 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:129
with open(os.path.join(current_dir, "recorder", "record.umd.min.cjs"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f94891850a07bad Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/browser/pw_utils.py:132
with open(os.path.join(current_dir, "inject_script.js"), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #191ea17f974f9444 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/browser_events.py:30
        response = await self._client.post(
            url,
            content=compressed_payload,
            headers={
                **self._headers(),
                "Content-Encoding": "gzip",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b43837bf755947b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/datasets.py:27
        response = await self._client.get(
            f"{self._base_url}/v1/datasets",
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e866ee95eb2b3d5b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/datasets.py:39
        response = await self._client.get(
            f"{self._base_url}/v1/datasets",
            params={"name": name},
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #15b807b3a43f41ad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/datasets.py:78
            response = await self._client.post(
                f"{self._base_url}/v1/datasets/datapoints",
                json={
                    **identifier,
                    "datapoints": [serialize(point) for point in batch],
                    "createDataset": create_dataset,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2e37d0be5519b57f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/datasets.py:122
        response = await self._client.get(
            f"{self._base_url}/v1/datasets/datapoints",
            params=params,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7ba47b67aa9eca70 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:41
        response = await self._client.post(
            self._base_url + "/v1/evals",
            json={
                "name": name,
                "groupName": group_name,
                "metadata": metadata,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ff322a60f33ecef7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:137
        response = await self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints",
            json={
                "points": points,
                "groupName": group_name,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #45cf34ea7cf7b6ce Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:179
        response = await self._client.get(
            self._base_url + "/v1/datasets/datapoints",
            params=params,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ca3c1cd206db225d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:214
        response = await self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints/{datapoint_id}",
            json={
                "executorOutput": (
                    json_dumps(serialize(executor_output))[
                        :INITIAL_EVALUATION_DATAPOINT_MAX_DATA_LENGTH
                    ]
                    if executor_output is not None
                    else None
                ),
                "scores": scores,
                "traceId": str(trace_id) if trace_id is not None else None,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7b688ccaeec67276 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evals.py:256
            response = await self._client.post(
                self._base_url + f"/v1/evals/{eval_id}/datapoints",
                json={
                    "points": points,
                    "groupName": group_name,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #297a354c351adcd9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/evaluators.py:76
        response = await self._client.post(
            self._base_url + "/v1/evaluators/score",
            json=payload,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #691edf2c8a71a84f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/sql.py:41
        response = await self._client.post(
            f"{self._base_url}/v1/sql/query",
            headers=self._headers(),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5f316312020db0bf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/asynchronous/resources/tags.py:65
        response = await self._client.post(
            url,
            content=json.dumps(payload),
            headers={
                **self._headers(),
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #77c87e245a54891a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/browser_events.py:29
        response = self._client.post(
            url,
            content=compressed_payload,
            headers={
                **self._headers(),
                "Content-Encoding": "gzip",
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #454bafc10323fd9e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/datasets.py:27
        response = self._client.get(
            f"{self._base_url}/v1/datasets",
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ce553dc4f7d9323f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/datasets.py:39
        response = self._client.get(
            f"{self._base_url}/v1/datasets",
            params={"name": name},
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c22b793597658e4d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/datasets.py:78
            response = self._client.post(
                f"{self._base_url}/v1/datasets/datapoints",
                json={
                    **identifier,
                    "datapoints": [serialize(point) for point in batch],
                    "createDataset": create_dataset,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3038bc32057b04a9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/datasets.py:122
        response = self._client.get(
            f"{self._base_url}/v1/datasets/datapoints",
            params=params,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #93d5843b422b922f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:41
        response = self._client.post(
            self._base_url + "/v1/evals",
            json={
                "name": name,
                "groupName": group_name,
                "metadata": metadata,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4b675fd587f710c2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:135
        response = self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints",
            json={
                "points": points,
                "groupName": group_name,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #de34a558fce3871a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:170
        response = self._client.post(
            self._base_url + f"/v1/evals/{eval_id}/datapoints/{datapoint_id}",
            json={
                "executorOutput": (
                    json_dumps(serialize(executor_output))[
                        :INITIAL_EVALUATION_DATAPOINT_MAX_DATA_LENGTH
                    ]
                    if executor_output is not None
                    else None
                ),
                "scores": scores,
                "traceId": str(trace_id) if trace_id is not None else None,
            },
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #eb254d1fd784694a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:215
        response = self._client.get(
            self._base_url + "/v1/datasets/datapoints",
            params=params,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f6be607588a6d174 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evals.py:253
            response = self._client.post(
                self._base_url + f"/v1/evals/{eval_id}/datapoints",
                json={
                    "points": points,
                    "groupName": group_name,
                },
                headers=self._headers(),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #be4366e190208f81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/evaluators.py:76
        response = self._client.post(
            self._base_url + "/v1/evaluators/score",
            json=payload,
            headers=self._headers(),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b433f43a30743881 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/sql.py:41
        response = self._client.post(
            f"{self._base_url}/v1/sql/query",
            headers=self._headers(),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ec6effb2d0ddcb5d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/client/synchronous/resources/tags.py:65
        response = self._client.post(
            url,
            content=json.dumps(payload),
            headers={
                **self._headers(),
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9a924c3f1c43fd11 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:47
        result = orjson.loads(file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46cf56fb34f9266b Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:53
        return [dict(row) for row in csv.DictReader(file.read_text().splitlines())]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9e3205f8b9c5c79 Filesystem access.
pkgs/python/[email protected]/src/lmnr/sdk/datasets/file_utils.py:56
            orjson.loads(line) for line in file.read_text().splitlines() if line.strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dee76dd4e41f120e Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/decorators.py:136
        rollout_session_id = os.environ.get("LMNR_ROLLOUT_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45c5099545a2eb5d Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:292
        if not os.getenv("OTEL_ATTRIBUTE_COUNT_LIMIT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eb4e2ffc1a682e7 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:295
            os.environ["OTEL_ATTRIBUTE_COUNT_LIMIT"] = "10000"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6184adc0b8dad0af Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/laminar.py:325
        env_context = os.getenv("LMNR_SPAN_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92f9aec31bc9c04b Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/log.py:70
    if val := os.getenv("LMNR_LOG_LEVEL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b7d24f5a52f23bac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/rollout/cache_client.py:76
            response = client.post(
                f"{self.base_url}/cached",
                json={"path": path, "index": index},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ddea00b504e0c18d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/rollout/cache_client.py:130
            response = client.post(
                f"{self.base_url}/cached",
                json={"path": "__metadata__", "index": 0},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cb6b741e42d4be11 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/sdk/rollout/cache_client.py:172
            response = client.post(
                f"{self.base_url}/cached",
                json={"path": "__metadata__", "index": 0},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #354e3a99deeecb48 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/rollout/instrumentation.py:43
            cache_server_url = os.getenv("LMNR_ROLLOUT_STATE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d17fac3829ced93 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/rollout_control.py:47
    return os.environ.get("LMNR_ROLLOUT_SESSION_ID") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca74bff8edc05487 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/rollout_control.py:97
    return os.environ.get("LMNR_ROLLOUT_SESSION_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20c400398dbedc81 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/rollout_control.py:117
    return os.environ.get("LMNR_ROLLOUT_STATE_SERVER_ADDRESS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61d25d8592858ce8 Environment-variable access.
pkgs/python/[email protected]/src/lmnr/sdk/utils.py:115
    if val := os.getenv(key):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d587cd39a37f5845 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/lmnr/version.py:23
        response = httpx.get("https://pypi.org/pypi/lmnr/json")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

posthog

python dependency
medium telemetry dependency Excluded from app score #5bd3c53483ce250b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:6
from posthog.args import ExceptionArg, OptionalCaptureArgs, OptionalSetArgs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #97f8c06c5a3e63f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:7
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2160fb8796e6486d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:8
from posthog.contexts import (
    identify_context as inner_identify_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #74547d7514d0cfd0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:11
from posthog.contexts import (
    new_context as inner_new_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a8aa7f3043deca16 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:14
from posthog.contexts import (
    scoped as inner_scoped,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c771068166fe650e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:17
from posthog.contexts import (
    set_capture_exception_code_variables_context as inner_set_capture_exception_code_variables_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #47954ca6eece4533 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:20
from posthog.contexts import (
    set_code_variables_ignore_patterns_context as inner_set_code_variables_ignore_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4a9bef2ec6dace6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:23
from posthog.contexts import (
    set_code_variables_mask_patterns_context as inner_set_code_variables_mask_patterns_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd333647f6e8b612 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:26
from posthog.contexts import (
    set_context_device_id as inner_set_context_device_id,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #deb82d3314a1a87a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:29
from posthog.contexts import (
    set_context_session as inner_set_context_session,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c1d623bdf1002ce9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:32
from posthog.contexts import (
    tag as inner_tag,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a3ecf3831ed23c9a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:35
from posthog.contexts import (
    get_tags as inner_get_tags,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9d62105ae29c38ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:38
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f535fb33dce0deb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:42
from posthog.feature_flags import (
    InconclusiveMatchError as InconclusiveMatchError,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #72a153381eceff10 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:45
from posthog.feature_flags import (
    RequiresServerEvaluation as RequiresServerEvaluation,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #603e6cd337b0d62e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:48
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData as FlagDefinitionCacheData,
    FlagDefinitionCacheProvider as FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f25b61dbe2a9570b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:52
from posthog.request import (
    disable_connection_reuse as disable_connection_reuse,
    enable_keep_alive as enable_keep_alive,
    set_socket_options as set_socket_options,
    SocketOptions as SocketOptions,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #61295a3313a125cc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:58
from posthog.types import (
    FeatureFlag,
    FlagsAndPayloads,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #610fbc3a1e5d38e6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:62
from posthog.types import (
    FeatureFlagResult as FeatureFlagResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #892f5f788301114d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/__init__.py:65
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba07859fe6b35a28 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:13
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8ab568d2b682b09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #87e0849e8a1d7524 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:18
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bd8fe8c179cb20a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:25
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3a58c27f67bf9bf9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:26
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b06e6a7d830caf59 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:27
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #841975c6de1c899f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:218
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #48f85ae64b8955e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:219
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8dedf6a27b914ccf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic.py:223
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #487dcfb0f20eb142 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ba1722499cf4a0f4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:14
from posthog.ai.types import StreamingContentBlock, TokenUsage, ToolInProgress

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f56c21ec822ab52e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:15
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2356d0fd0fa6d8ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:19
from posthog.ai.anthropic.anthropic_converter import (
    extract_anthropic_usage_from_event,
    handle_anthropic_content_block_start,
    handle_anthropic_text_delta,
    handle_anthropic_tool_delta,
    finalize_anthropic_tool_input,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b5d4b4cf44e5fb0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:26
from posthog.ai.sanitization import sanitize_anthropic

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8f5706d134f98383 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:27
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #66f96b2e6b1779a8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:218
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8dd362ceeafbb7fa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:219
        from posthog.ai.anthropic.anthropic_converter import (
            format_anthropic_streaming_input,
            format_anthropic_streaming_output_complete,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5454e9de8ac0018a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_async.py:223
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7e97f6cccc29383 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedMessage,
    FormattedTextContent,
    StreamingContentBlock,
    TokenUsage,
    ToolInProgress,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6a302ae2dd811879 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_converter.py:412
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6777ae0a0cc835b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:10
from posthog.ai.anthropic.anthropic import WrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #24f9bb19fe752d4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:11
from posthog.ai.anthropic.anthropic_async import AsyncWrappedMessages

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #643515a619d0f9ff Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:12
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #49e814cb12613127 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/anthropic/anthropic_providers.py:13
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b3359ddeca52c06c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:6
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45a21086fcc5e0b0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:7
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d881d89a09f31fdb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:16
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a42723f7dd66ca39 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:17
from posthog.ai.utils import (
    call_llm_and_track_usage,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d72e1278712588a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:22
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4894204220657ac0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:27
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fd1c6cf65b43324a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:28
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d944b95c8e2e5fe0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:6
from posthog.ai.types import TokenUsage, StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca159cb1367079c6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:7
from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #58e34f2bb04b8d5c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:16
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2858ad6dca4698be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:17
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    capture_streaming_event,
    merge_usage_stats,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f260e464b5a62bd Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:22
from posthog.ai.gemini.gemini_converter import (
    extract_gemini_usage_from_chunk,
    extract_gemini_content_from_chunk,
    format_gemini_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a36e062ac212b743 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:27
from posthog.ai.sanitization import sanitize_gemini

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f9adfe0a6ffe590b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:28
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #006ba2e9f732daca Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:10
from posthog.ai.types import (
    FormattedContentItem,
    FormattedMessage,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d838fbef84e434cb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_converter.py:351
            from posthog.ai.types import FormattedMessage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #889a2753fc8710e2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:44
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #09f14002bdfa9373 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:45
from posthog.ai.sanitization import sanitize_langchain

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #17d58a09032ac44e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:46
from posthog.ai.utils import get_model_params, with_privacy_mode

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #66d552d3327fc081 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/langchain/callbacks.py:47
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #30459b8a7e4204f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:5
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c640fc2535f04582 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:14
from posthog.ai.utils import (
    call_llm_and_track_usage,
    extract_available_tool_calls,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #73a0011758521173 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:20
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bc066ab5dc771b30 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:26
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #920b1c9edd1c7d34 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:27
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a27378b3b9df2d4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:28
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a4ce42915c94bd4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:192
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b33080f49705bdf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:193
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6ce674b06e3ff117 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:197
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b11ddedef9c9f8c0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:419
        from posthog.ai.types import StreamingEventData

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #646473dcf212a5b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:420
        from posthog.ai.openai.openai_converter import (
            format_openai_streaming_input,
            format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #304730c9fd9d50e8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai.py:424
        from posthog.ai.utils import capture_streaming_event

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #876c2999c7f62c46 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:5
from posthog.ai.types import TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #383700b5961200f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:14
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e982c2d10d7ed254 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:15
from posthog.ai.utils import (
    call_llm_and_track_usage_async,
    extract_available_tool_calls,
    get_model_params,
    merge_usage_stats,
    with_privacy_mode,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a9f33fdd2e34e4ad Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:22
from posthog.ai.openai.openai_converter import (
    extract_openai_usage_from_chunk,
    extract_openai_content_from_chunk,
    extract_openai_tool_calls_from_chunk,
    accumulate_openai_tool_calls,
    format_openai_streaming_output,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #22b7a474a5957c8f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:29
from posthog.ai.sanitization import sanitize_openai, sanitize_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #371fbbc215205949 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_async.py:30
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #bf150ee71c2f6377 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:11
from posthog.ai.types import (
    FormattedContentItem,
    FormattedFunctionCall,
    FormattedImageContent,
    FormattedMessage,
    FormattedTextContent,
    TokenUsage,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2040bd665c342dd4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_converter.py:739
    from posthog.ai.utils import merge_system_prompt

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #16157f5ac859d9a4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:8
from posthog.ai.openai.openai import (
    WrappedBeta,
    WrappedChat,
    WrappedEmbeddings,
    WrappedResponses,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a84744c728d0132b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:14
from posthog.ai.openai.openai_async import WrappedBeta as AsyncWrappedBeta

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b29192b3994903ea Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:15
from posthog.ai.openai.openai_async import WrappedChat as AsyncWrappedChat

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #28e770e4bc4245b1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:16
from posthog.ai.openai.openai_async import WrappedEmbeddings as AsyncWrappedEmbeddings

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7197813921e03b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:17
from posthog.ai.openai.openai_async import WrappedResponses as AsyncWrappedResponses

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #918dcf90cab57c7d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:20
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3951147c7d22ddc3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai/openai_providers.py:21
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c39ce79cb5b37436 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:8
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #45a54ece816a7f62 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/__init__.py:17
from posthog.ai.openai_agents.processor import PostHogTracingProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2f6ae4257dca0df0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:23
from posthog import setup

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #95c8d40535536f3d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/openai_agents/processor.py:24
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0c89f7b5d37d3028 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:5
from posthog import get_tags, identify_context, new_context, tag

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c0f1b4ff9b8df55b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:6
from posthog.ai.sanitization import (
    sanitize_anthropic,
    sanitize_gemini,
    sanitize_langchain,
    sanitize_openai,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7512ec1cd9978c0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:12
from posthog.ai.types import FormattedMessage, StreamingEventData, TokenUsage

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #26e2336f2b6f919c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:13
from posthog.client import Client as PostHogClient

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #871e2a126c97623e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:112
        from posthog.ai.anthropic.anthropic_converter import (
            extract_anthropic_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b94ed6e209729054 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:118
        from posthog.ai.openai.openai_converter import (
            extract_openai_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e78a109b27c98515 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:124
        from posthog.ai.gemini.gemini_converter import (
            extract_gemini_usage_from_response,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #074e742bc8b56514 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:138
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7e91dc20a20b3240 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:142
        from posthog.ai.openai.openai_converter import format_openai_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5adf141178e20d9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:146
        from posthog.ai.gemini.gemini_converter import format_gemini_response

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6175023e9856ac4b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:157
        from posthog.ai.anthropic.anthropic_converter import extract_anthropic_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8bccbaaee1011c2d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:161
        from posthog.ai.gemini.gemini_converter import extract_gemini_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6db097da3e156b4a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:165
        from posthog.ai.openai.openai_converter import extract_openai_tools

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9ef87887841645f3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:178
        from posthog.ai.anthropic.anthropic_converter import format_anthropic_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #696b339f150b9cee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:184
        from posthog.ai.gemini.gemini_converter import format_gemini_input_with_system

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4b7b53c97914821c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/ai/utils.py:190
        from posthog.ai.openai.openai_converter import format_openai_input

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #300ca62c6573ac05 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/args.py:8
from posthog.types import SendFeatureFlagsOptions

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #de4959c178a51e06 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:14
from posthog.args import ID_TYPES, ExceptionArg, OptionalCaptureArgs, OptionalSetArgs

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1504790460b802c1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:15
from posthog.consumer import Consumer

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2d7c30b613df1674 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:16
from posthog.contexts import (
    _get_current_context,
    get_capture_exception_code_variables_context,
    get_code_variables_ignore_patterns_context,
    get_code_variables_mask_patterns_context,
    get_context_device_id,
    get_context_distinct_id,
    get_context_session_id,
    new_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #adb9f01170da644a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:26
from posthog.exception_capture import ExceptionCapture

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c5b105202d512b5f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:27
from posthog.exception_utils import (
    DEFAULT_CODE_VARIABLES_IGNORE_PATTERNS,
    DEFAULT_CODE_VARIABLES_MASK_PATTERNS,
    exc_info_from_error,
    exception_is_already_captured,
    exceptions_from_error_tuple,
    handle_in_app,
    mark_exception_as_captured,
    try_attach_code_variables_to_frames,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4668a925d589f4aa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:37
from posthog.feature_flags import (
    InconclusiveMatchError,
    RequiresServerEvaluation,
    match_feature_flag_properties,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #578f96cb321b895c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:42
from posthog.flag_definition_cache import (
    FlagDefinitionCacheData,
    FlagDefinitionCacheProvider,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a967df2f762c39a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:46
from posthog.poller import Poller

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8059785f6d3e2eb0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:47
from posthog.request import (
    DEFAULT_HOST,
    APIError,
    QuotaLimitError,
    RequestsConnectionError,
    RequestsTimeout,
    batch_post,
    determine_server_host,
    flags,
    get,
    remote_config,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #526e87a07337854f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:59
from posthog.types import (
    FeatureFlag,
    FeatureFlagError,
    FeatureFlagResult,
    FlagMetadata,
    FlagsAndPayloads,
    FlagsResponse,
    FlagValue,
    SendFeatureFlagsOptions,
    normalize_flags_response,
    to_flags_and_payloads,
    to_payloads,
    to_values,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f1e94702cbbd7a7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:73
from posthog.utils import (
    FlagCache,
    RedisFlagCache,
    SizeLimitedDict,
    clean,
    guess_timezone,
    system_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c1fb2179ec735dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/client.py:81
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a28e871c10ce5786 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/consumer.py:8
from posthog.request import APIError, DatetimeSerializer, batch_post

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #07759a15b7f1b5b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/contexts.py:7
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b7fc0b5d957c4b72 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/contexts.py:162
    from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8e0a8db9e3d4b33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_capture.py:12
    from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7a614f592a7cc6b8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/exception_utils.py:33
from posthog.args import ExceptionArg, ExcInfo  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #17d550f0b1916253 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:10
from posthog import utils

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b8fbdb36f370bc9e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:11
from posthog.types import FlagValue

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cd91d031f033ccb9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/feature_flags.py:12
from posthog.utils import convert_to_datetime_aware, is_valid_regex

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9885021aa6c0b26d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:2
from posthog import contexts

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d9ef1c5edf1513c4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:3
from posthog.client import Client

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e51513a21ac123a2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/integrations/django.py:317
            from posthog import capture_exception

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c35b447c445cfc9a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:17
from posthog.utils import remove_trailing_slash

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0aebebf06206c213 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/posthog/request.py:18
from posthog.version import VERSION

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #8917781f18d9c3f4 Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini.py:187
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a6d00355ca4876d Environment-variable access.
pkgs/python/[email protected]/posthog/ai/gemini/gemini_async.py:187
                api_key = os.environ.get("GOOGLE_API_KEY") or os.environ.get("API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af7599b9bbba88de Environment-variable access.
pkgs/python/[email protected]/posthog/ai/sanitization.py:11
    return os.environ.get("_INTERNAL_LLMA_MULTIMODAL", "").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8b22a228e1297c2b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/posthog/request.py:207
    res = (session or _get_session()).post(
        url, data=data, headers=headers, timeout=timeout
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

browser-use

python dependency
medium telemetry dependency Excluded from app score #d58502cf16cd5792 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/agent/service.py:2212
		self.telemetry.capture(
			AgentTelemetryEvent(
				task=self.task,
				model=self.llm.model,
				model_provider=self.llm.provider,
				max_steps=max_steps,
				max_actions_per_step=self.settings.max_actions_per_step,
				use_vision=self.settings.use_vision,
				version=self.version,
				source=self.source,
				cdp_url=urlparse(self.browser_session.cdp_url).hostname
				if self.browser_session and self.browser_session.cdp_url
				else None,
				agent_type=None,  # Regular Agent (not code-use)
				action_errors=self.history.errors(),
				action_history=action_history_data,
				urls_visited=self.history.urls(),
				steps=self.state.n_steps,
				total_input_tokens=token_summary.prompt_tokens,
				total_output_tokens=token_summary.completion_tokens,
				prompt_cached_tokens=token_summary.prompt_cached_tokens,
				total_tokens=token_summary.total_tokens,
				total_duration_seconds=self.history.total_duration_seconds(),
				success=self.history.is_successful(),
				final_result_response=final_result_str,
				error_message=agent_run_error,
				judge_verdict=judge_verdict,
				judge_reasoning=judge_reasoning,
				judge_failure_reason=judge_failure_reason,
				judge_reached_captcha=judge_reached_captcha,
				judge_impossible_task=judge_impossible_task,
			)
		)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4e59bca964e8351f Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/beta/service.py:4761
		self.telemetry.capture(
			AgentTelemetryEvent(
				task=self.task,
				model=model,
				model_provider=provider,
				max_steps=max_steps,
				max_actions_per_step=self.settings.max_actions_per_step,
				use_vision=self.settings.use_vision,
				version=self.version or '',
				source=self.source,
				cdp_url=urlparse(cdp_url).hostname if cdp_url else None,
				agent_type='rust_core',
				action_errors=self.history.errors(),
				action_history=action_history_data,
				urls_visited=[url for url in self.history.urls() if url],
				steps=self.history.number_of_steps(),
				total_input_tokens=total_input_tokens,
				total_output_tokens=total_output_tokens,
				prompt_cached_tokens=prompt_cached_tokens,
				total_tokens=total_tokens,
				total_duration_seconds=self.history.total_duration_seconds(),
				success=self.history.is_successful(),
				final_result_response=final_result_str,
				error_message=agent_run_error,
			)
		)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #fc4d86098f02555a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:90 · flow /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:41 → /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:90
			logger.info(f'🌤️ Cloud browser created successfully: {browser_response.id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #0456492c0bb17451 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:91 · flow /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:41 → /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:91
			logger.debug(f'🌤️ CDP URL: {browser_response.cdpUrl}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #8adff6c954b8fee6 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:93 · flow /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:41 → /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:93
			logger.info(f'\033[36m🔗 Live URL: {browser_response.liveUrl}\033[0m')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #ed079a33ae1b9575 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:183 · flow /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:130 → /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:183
			logger.info(f'🌤️ Cloud browser session stopped: {browser_response.id}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #7389e52508625a6f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:184 · flow /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:130 → /tmp/closeopen-456vqd82/pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:184
			logger.debug(f'🌤️ Status: {browser_response.status}')

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium telemetry dependency Excluded from app score #75515cc9fd52755b Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/mcp/client.py:119
			self._telemetry.capture(
				MCPClientTelemetryEvent(
					server_name=self.server_name,
					command=self.command,
					tools_discovered=len(self._tools),
					version=get_browser_use_version(),
					action='connect',
					duration_seconds=duration,
					error_message=error_msg,
				)
			)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d20a4e64caedf0c2 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/mcp/client.py:199
			self._telemetry.capture(
				MCPClientTelemetryEvent(
					server_name=self.server_name,
					command=self.command,
					tools_discovered=0,  # Tools cleared on disconnect
					version=get_browser_use_version(),
					action='disconnect',
					duration_seconds=duration,
					error_message=error_msg,
				)
			)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ea0a417393dd82e7 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/mcp/client.py:342
					self._telemetry.capture(
						MCPClientTelemetryEvent(
							server_name=self.server_name,
							command=self.command,
							tools_discovered=len(self._tools),
							version=get_browser_use_version(),
							action='tool_call',
							tool_name=tool.name,
							duration_seconds=duration,
							error_message=error_msg,
						)
					)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c085653d1569c8df Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/mcp/client.py:386
					self._telemetry.capture(
						MCPClientTelemetryEvent(
							server_name=self.server_name,
							command=self.command,
							tools_discovered=len(self._tools),
							version=get_browser_use_version(),
							action='tool_call',
							tool_name=tool.name,
							duration_seconds=duration,
							error_message=error_msg,
						)
					)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #77cae7211004b05c Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/mcp/server.py:476
				self._telemetry.capture(
					MCPServerTelemetryEvent(
						version=get_browser_use_version(),
						action='tool_call',
						tool_name=name,
						duration_seconds=duration,
						error_message=error_msg,
					)
				)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6fafa8d0b6aac527 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/mcp/server.py:1263
	server._telemetry.capture(
		MCPServerTelemetryEvent(
			version=get_browser_use_version(),
			action='start',
			parent_process_cmdline=get_parent_process_cmdline(),
		)
	)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c132e33183ffaf69 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/browser_use/mcp/server.py:1275
		server._telemetry.capture(
			MCPServerTelemetryEvent(
				version=get_browser_use_version(),
				action='stop',
				duration_seconds=duration,
				parent_process_cmdline=get_parent_process_cmdline(),
			)
		)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cec4e9279170c118 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/browser_use/telemetry/service.py:85
			from posthog import Posthog

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 160 low-confidence finding(s)
low env_fs dependency Excluded from app score #baaa287819e02942 Environment-variable access.
pkgs/python/[email protected]/browser_use/__init__.py:7
if os.environ.get('BROWSER_USE_SETUP_LOGGING', 'true').lower() != 'false':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #197b4e73ab9882c4 Filesystem access.
pkgs/python/[email protected]/browser_use/agent/judge.py:27
		with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #147a1c8896c9404f Filesystem access.
pkgs/python/[email protected]/browser_use/agent/message_manager/utils.py:27
	await anyio.Path(target_path).write_text(
		await _format_conversation(input_messages, response),
		encoding=encoding or 'utf-8',
	)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84017cd64c9661c5 Filesystem access.
pkgs/python/[email protected]/browser_use/agent/views.py:632
			with open(filepath, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb99e20cccc8a914 Filesystem access.
pkgs/python/[email protected]/browser_use/agent/views.py:697
		with open(filepath, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #071c2a44714a8e00 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:188
	env_path = os.environ.get('BROWSER_USE_TERMINAL_BINARY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ec829edc5937ac6 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:194
	but_home = Path(os.environ.get('BUT_HOME', '~/.browser-use-terminal')).expanduser()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ccaebc59b4d29ef Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:195
	but_install_dir = Path(os.environ.get('BUT_INSTALL_DIR', '~/.local/bin')).expanduser()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #504e3b1bdf4ca956 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:236
	env_binary = os.environ.get('BROWSER_USE_TERMINAL_BINARY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c60d64ee582b393d Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:338
		self.stream_limit = int(os.environ.get('BROWSER_USE_SDK_STREAM_LIMIT_BYTES', str(64 * 1024 * 1024)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a3c740a06c54ea6 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:339
		self.read_chunk_size = int(os.environ.get('BROWSER_USE_SDK_READ_CHUNK_BYTES', str(1024 * 1024)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f70bbd05751d4a9d Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:340
		self.max_line_bytes = int(os.environ.get('BROWSER_USE_SDK_MAX_LINE_BYTES', str(512 * 1024 * 1024)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01f8e47aea83816c Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:688
	return os.environ.get('BROWSER_USE_RUST_MODEL', 'gpt-5.3-codex-spark')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c36301d8dc4107d Filesystem access.
pkgs/python/[email protected]/browser_use/beta/service.py:1088
			loaded = json.loads(path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7da4d1770e625ef Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:1201
	raw = os.getenv('BROWSER_USE_RUST_DIRECT_INITIAL_NAVIGATION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f57e2d1098b1b981 Filesystem access.
pkgs/python/[email protected]/browser_use/beta/service.py:3797
		data = base64.b64encode(image_path.read_bytes()).decode('ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d367e2056a143b9 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:3914
	max_spans = _int_value(os.getenv('BROWSER_USE_RUST_LAMINAR_MAX_LLM_SPANS') or 80)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5573575d3f71016f Filesystem access.
pkgs/python/[email protected]/browser_use/beta/service.py:4044
	with open(file_path, encoding='utf-8') as history_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bf4b55d95b91a16 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:4853
			max_spans=_int_value(os.getenv('BROWSER_USE_RUST_LAMINAR_MAX_TOOL_SPANS') or 160),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ded85c0556ea110 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:6419
		explicit = os.environ.get('BROWSER_USE_SDK_SERVER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #480f16f945a7d02b Filesystem access.
pkgs/python/[email protected]/browser_use/beta/service.py:6606
		target.write_text(
			json.dumps(self._conversation_snapshot(), indent=2, default=str),
			encoding=self.settings.save_conversation_path_encoding or 'utf-8',
		)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be5f0af2358835e2 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:6691
		state_dir = os.environ.get('BROWSER_USE_RUST_STATE_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c25771e3feb3392e Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:6697
		value = os.environ.get('BROWSER_USE_RUST_BROWSER_MODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef6504b49add5e49 Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:6700
		value = os.environ.get('BROWSER_USE_BROWSER_MODE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8927f127942463ed Environment-variable access.
pkgs/python/[email protected]/browser_use/beta/service.py:6713
		env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a184d5b6c19953fd Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/_cdp_timeout.py:68
DEFAULT_CDP_REQUEST_TIMEOUT_S: float = _parse_env_cdp_timeout(os.getenv('BROWSER_USE_CDP_TIMEOUT_S'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27473756511fd0bb Filesystem access.
pkgs/python/[email protected]/browser_use/browser/chrome.py:106
		with open(local_state_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c8e4f511ebb53b8 Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:41
		api_token = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #927f636afbfe451f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:65
			response = await self.client.post(url, headers=headers, json=request_body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7630c87e59c43715 Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/cloud/cloud.py:130
		api_token = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e813872f6fbe7a5f Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/events.py:31
	env_value = os.getenv(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0653c285ec9c3519 Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/profile.py:21
	env_val = os.getenv('BROWSER_USE_DISABLE_EXTENSIONS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fc1db3bef3f0619 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/profile.py:1000
			with open(manifest_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61d557abdac771e6 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/profile.py:1113
			with open(bg_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a5fbc0b41459308 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/profile.py:1159
				with open(bg_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0cb12f2d000675d1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/browser/profile.py:1175
			with urllib.request.urlopen(url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #35f8c8e091d42b7d Filesystem access.
pkgs/python/[email protected]/browser_use/browser/profile.py:1176
				with open(output_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82dae5f1f47e2f75 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/profile.py:1206
			with open(crx_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0474dcdc148f421 Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/python_highlights.py:532
	filename = os.getenv('BROWSER_USE_SCREENSHOT_FILE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17712d75d83658bd Filesystem access.
pkgs/python/[email protected]/browser_use/browser/python_highlights.py:537
				with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #758c87426095d693 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/session.py:1464
			output_file.write_text(json.dumps(storage_state, indent=2, ensure_ascii=False), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2b8eab8bfdad37b7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/browser/session.py:1825
				version_info = await client.get(url, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7e8f9b86fce08978 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/views.py:136
			with open(path_obj, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c7bb3c91142e37f Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/watchdogs/local_browser_watchdog.py:245
		playwright_path = os.environ.get('PLAYWRIGHT_BROWSERS_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30fc362bfe7e4ba3 Environment-variable access.
pkgs/python/[email protected]/browser_use/browser/watchdogs/local_browser_watchdog.py:335
						env_value = os.environ.get(env_key, '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ef9713413508024a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/browser/watchdogs/local_browser_watchdog.py:417
					async with session.get(f'http://127.0.0.1:{port}/json/version') as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #29aee62494dbca21 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/watchdogs/storage_state_watchdog.py:198
						existing_state = json.loads(json_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f48211f6580cfdf9 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/watchdogs/storage_state_watchdog.py:205
				temp_path.write_text(json.dumps(merged_state, indent=4, ensure_ascii=False), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3997856972d4c16 Filesystem access.
pkgs/python/[email protected]/browser_use/browser/watchdogs/storage_state_watchdog.py:247
			content = await anyio.Path(str(load_path)).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #853a25af7feb3511 Environment-variable access.
pkgs/python/[email protected]/browser_use/cli.py:30
	os.environ['BH_CLIENT'] = 'browser-use-cli'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5d9ec658742b95e Environment-variable access.
pkgs/python/[email protected]/browser_use/cli.py:31
	os.environ['BH_CLIENT_VERSION'] = _browser_use_version()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a76149c10d01a285 Environment-variable access.
pkgs/python/[email protected]/browser_use/cli.py:67
	os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'critical'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fe4a6c8ef36c2fa Environment-variable access.
pkgs/python/[email protected]/browser_use/cli.py:68
	os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f0be5a916659742 Filesystem access.
pkgs/python/[email protected]/browser_use/config.py:23
		if Path('/.dockerenv').exists() or 'docker' in Path('/proc/1/cgroup').read_text().lower():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0118c6d1af3db145 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:55
		return os.getenv('BROWSER_USE_LOGGING_LEVEL', 'info').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a1601af620f5669 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:59
		return os.getenv('ANONYMIZED_TELEMETRY', 'true').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57f284a4d8bdaaad Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:63
		return os.getenv('BROWSER_USE_CLOUD_SYNC', str(self.ANONYMIZED_TELEMETRY)).lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c69a3ec382f0610 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:67
		url = os.getenv('BROWSER_USE_CLOUD_API_URL', 'https://api.browser-use.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d942e59907d059e9 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:73
		url = os.getenv('BROWSER_USE_CLOUD_UI_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #919df6cc4110c053 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:81
		url = os.getenv('BROWSER_USE_MODEL_PRICING_URL', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9de872f1b8d4a4bb Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:89
		return Path(os.getenv('XDG_CACHE_HOME', '~/.cache')).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23f55dde03a0cd13 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:93
		return Path(os.getenv('XDG_CONFIG_HOME', '~/.config')).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb2e9433229e577 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:97
		path = Path(os.getenv('BROWSER_USE_CONFIG_DIR', str(self.XDG_CONFIG_HOME / 'browseruse'))).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c999e96a283d6033 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:125
				Path(os.getenv('BROWSER_USE_CONFIG_DIR', str(self.XDG_CONFIG_HOME / 'browseruse'))).expanduser().resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bcb248e3efac036 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:135
		return os.getenv('OPENAI_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793fcd515111da33 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:139
		return os.getenv('ANTHROPIC_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc265d1c9c393bec Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:143
		return os.getenv('GOOGLE_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af29894f15673ecc Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:147
		return os.getenv('DEEPSEEK_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16fa26927d50359a Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:151
		return os.getenv('GROK_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bf3072bb850901f Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:155
		return os.getenv('NOVITA_API_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22526bed90c5361e Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:159
		return os.getenv('AZURE_OPENAI_ENDPOINT', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a6a8a5b90627fab Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:163
		return os.getenv('AZURE_OPENAI_KEY', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48fc6806b4601d44 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:167
		return os.getenv('SKIP_LLM_API_KEY_VERIFICATION', 'false').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27351e7763cab537 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:171
		return os.getenv('DEFAULT_LLM', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20dec33248a43f3f Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:176
		return os.getenv('IN_DOCKER', 'false').lower()[:1] in 'ty1' or is_running_in_docker()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39a24e41b243f3b0 Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:180
		return os.getenv('IS_IN_EVALS', 'false').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d02e5cc4aaf8becd Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:184
		return os.getenv('BROWSER_USE_VERSION_CHECK', 'true').lower()[:1] in 'ty1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #724e1727434c74ae Environment-variable access.
pkgs/python/[email protected]/browser_use/config.py:188
		return os.getenv('WIN_FONT_DIR', 'C:\\Windows\\Fonts')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bca9fc7cd07171f Filesystem access.
pkgs/python/[email protected]/browser_use/config.py:320
		with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b75898689bfebb42 Filesystem access.
pkgs/python/[email protected]/browser_use/config.py:325
		with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f7b00db46b4adbb Filesystem access.
pkgs/python/[email protected]/browser_use/config.py:342
		with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fccd8b2c52fa0328 Filesystem access.
pkgs/python/[email protected]/browser_use/config.py:353
			with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39c1ee3e763b6190 Filesystem access.
pkgs/python/[email protected]/browser_use/filesystem/file_system.py:113
		file_path.write_text(self.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8551bd2c985f3f0 Filesystem access.
pkgs/python/[email protected]/browser_use/filesystem/file_system.py:118
			await asyncio.get_event_loop().run_in_executor(executor, lambda: file_path.write_text(self.content))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #83ae1cb8aff7b60c Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/init_cmd.py:43
		with request.urlopen(url, timeout=5) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e0bb805675d466a1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/init_cmd.py:70
		with request.urlopen(url, timeout=5) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ab6ab3df051f8707 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/init_cmd.py:84
		with request.urlopen(url, timeout=5) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0943580f49dcd57e Filesystem access.
pkgs/python/[email protected]/browser_use/init_cmd.py:184
		output_path.write_text(content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb3f640a26edef93 Filesystem access.
pkgs/python/[email protected]/browser_use/integrations/gmail/service.py:126
				await anyio.Path(self.token_file).write_text(self.creds.to_json())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c7b13aec09acc7d Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/aws/chat_bedrock.py:77
		access_key = self.aws_access_key_id or getenv('AWS_ACCESS_KEY_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a355f3a92e7ec5fb Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/aws/chat_bedrock.py:78
		secret_key = self.aws_secret_access_key or getenv('AWS_SECRET_ACCESS_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87614481c0356b0c Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/aws/chat_bedrock.py:79
		session_token = self.aws_session_token or getenv('AWS_SESSION_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65e4f9c2b515accc Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/aws/chat_bedrock.py:80
		region = self.aws_region or getenv('AWS_REGION') or getenv('AWS_DEFAULT_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d4810d42bf6fb414 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/llm/aws/serializer.py:69
			response = httpx.get(url, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1dd53c93c00696da Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/azure/chat.py:73
		self.api_key = self.api_key or os.getenv('AZURE_OPENAI_KEY') or os.getenv('AZURE_OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9adc44d15e987d5a Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/azure/chat.py:74
		self.azure_endpoint = self.azure_endpoint or os.getenv('AZURE_OPENAI_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e39f771295d6137 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/azure/chat.py:75
		self.azure_deployment = self.azure_deployment or os.getenv('AZURE_OPENAI_DEPLOYMENT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c469ec1d0b3d8f2 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/browser_use/chat.py:92
		self.api_key = api_key or os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ec1ab1b1d51077 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/browser_use/chat.py:93
		self.base_url = base_url or os.getenv('BROWSER_USE_LLM_URL', 'https://llm.api.browser-use.com')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #fb881a8168383ffa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/llm/browser_use/chat.py:263
			response = await client.post(
				f'{self.base_url}/v1/chat/completions',
				json=payload,
				headers={
					'Authorization': f'Bearer {self.api_key}',
					'Content-Type': 'application/json',
				},
			)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #00f212ba5304715b Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/mistral/chat.py:55
		key = self.api_key or os.getenv('MISTRAL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #585f1ce8f42184df Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/mistral/chat.py:61
		return str(os.getenv('MISTRAL_BASE_URL', self.base_url)).rstrip('/')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #53da675ea119e24e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/llm/mistral/chat.py:148
		response = await client.post(url, headers=self._auth_headers(), json=payload, params=self._query_params())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8697cfccf8ddcbae Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:119
		api_key = os.getenv('MISTRAL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d1a9a4b7d795a02 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:120
		base_url = os.getenv('MISTRAL_BASE_URL', 'https://api.mistral.ai/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #820a341d5728d78d Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:171
		api_key = os.getenv('OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f440c87b71d837 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:176
		api_key = os.getenv('AZURE_OPENAI_KEY') or os.getenv('AZURE_OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8df5675549e56815 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:177
		azure_endpoint = os.getenv('AZURE_OPENAI_ENDPOINT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65f8e10336456133 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:182
		api_key = os.getenv('GOOGLE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d852227c36fe996 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:189
		api_key = os.getenv('ANTHROPIC_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fb540abf64b2452 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:194
		api_key = os.getenv('MISTRAL_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02df99d63cd01ec5 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:195
		base_url = os.getenv('MISTRAL_BASE_URL', 'https://api.mistral.ai/v1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bed089f7d0e62e6 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:215
		api_key = os.getenv('CEREBRAS_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48f5974c6eb7561a Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/models.py:222
		api_key = os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d8ade627ecca136 Environment-variable access.
pkgs/python/[email protected]/browser_use/llm/vercel/chat.py:350
		api_key = self.api_key or os.getenv('AI_GATEWAY_API_KEY') or os.getenv('VERCEL_OIDC_TOKEN')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba1085e918271a55 Filesystem access.
pkgs/python/[email protected]/browser_use/mcp/cli_mcp.py:139
		with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5e736e33272fc2e Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/cli_mcp.py:171
	os.environ.setdefault('BH_CLIENT', 'browser-use-mcp')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8b031193b97548e Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:30
os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'critical'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6655080080e689b5 Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:31
os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #857d547e51614024 Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:64
	os.environ['BROWSER_USE_LOGGING_LEVEL'] = 'warning'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a516bc59b3d371c Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:65
	os.environ['BROWSER_USE_SETUP_LOGGING'] = 'false'  # Prevent automatic logging setup

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad7f618f176ce7ae Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:652
		model_provider = llm_config.get('model_provider') or os.getenv('MODEL_PROVIDER')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9dce745102953ff Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:656
			llm_model = llm_config.get('model') or os.getenv('MODEL') or 'us.anthropic.claude-sonnet-4-20250514-v1:0'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24357be49ff0e4d2 Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:657
			aws_region = llm_config.get('region') or os.getenv('REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8be3412e315efdd Environment-variable access.
pkgs/python/[email protected]/browser_use/mcp/server.py:667
			api_key = llm_config.get('api_key') or os.getenv('OPENAI_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a71470909801b10c Environment-variable access.
pkgs/python/[email protected]/browser_use/observability.py:34
	lmnr_debug_mode = os.getenv('LMNR_LOGGING_LEVEL', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65fd8b8d5157bcfc Environment-variable access.
pkgs/python/[email protected]/browser_use/observability.py:49
	if os.environ.get('BROWSER_USE_VERBOSE_OBSERVABILITY', 'false').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55480206f52f1e80 Environment-variable access.
pkgs/python/[email protected]/browser_use/observability.py:53
	if os.environ.get('BROWSER_USE_VERBOSE_OBSERVABILITY', 'false').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66aadee6b1164251 Filesystem access.
pkgs/python/[email protected]/browser_use/sandbox/sandbox.py:127
		with open(module.__file__) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c98a6896df9c98e Environment-variable access.
pkgs/python/[email protected]/browser_use/sandbox/sandbox.py:288
			api_key = BROWSER_USE_API_KEY or os.getenv('BROWSER_USE_API_KEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed9d48d68a73c424 Filesystem access.
pkgs/python/[email protected]/browser_use/skills/browser_use.py:55
		return skill_path.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9ceec2ac5d85d7b Filesystem access.
pkgs/python/[email protected]/browser_use/skills/browser_use.py:58
		text = resources.files('browser_harness').joinpath('SKILL.md').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aef559d7a52825f Environment-variable access.
pkgs/python/[email protected]/browser_use/skills/install.py:15
	config_home = os.environ.get('XDG_CONFIG_HOME')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e237fe802d4b107 Filesystem access.
pkgs/python/[email protected]/browser_use/skills/install.py:178
			output_path.write_text(text, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c829d0568b44572b Environment-variable access.
pkgs/python/[email protected]/browser_use/skills/service.py:30
		self.api_key = api_key or os.getenv('BROWSER_USE_API_KEY') or ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b91d6814fbe0e0bc Filesystem access.
pkgs/python/[email protected]/browser_use/sync/auth.py:29
			device_id = device_id_path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b72628851eedf55 Filesystem access.
pkgs/python/[email protected]/browser_use/sync/auth.py:43
	device_id_path.write_text(device_id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68a8edc2ad1fb650 Filesystem access.
pkgs/python/[email protected]/browser_use/sync/auth.py:62
				with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec2fde3b5ab595f3 Filesystem access.
pkgs/python/[email protected]/browser_use/sync/auth.py:76
		with open(config_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #fadde3a82f5a9727 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/sync/auth.py:132
			response = await self.http_client.post(
				f'{self.base_url.rstrip("/")}/api/v1/oauth/device/authorize',
				data={
					'client_id': self.client_id,
					'scope': self.scope,
					'agent_session_id': agent_session_id or '',
					'device_id': self.device_id,
				},
			)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d4e882c27bc2a9eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/sync/auth.py:145
				response = await client.post(
					f'{self.base_url.rstrip("/")}/api/v1/oauth/device/authorize',
					data={
						'client_id': self.client_id,
						'scope': self.scope,
						'agent_session_id': agent_session_id or '',
						'device_id': self.device_id,
					},
				)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fd2c09e1d63c0f8e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/sync/auth.py:173
					response = await self.http_client.post(
						f'{self.base_url.rstrip("/")}/api/v1/oauth/device/token',
						data={
							'grant_type': 'urn:ietf:params:oauth:grant-type:device_code',
							'device_code': device_code,
							'client_id': self.client_id,
						},
					)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #59e02f27d93bc6c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/sync/auth.py:225
						response = await client.post(
							f'{self.base_url.rstrip("/")}/api/v1/oauth/device/token',
							data={
								'grant_type': 'urn:ietf:params:oauth:grant-type:device_code',
								'device_code': device_code,
								'client_id': self.client_id,
							},
						)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #af7d5b84b8b322d3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/sync/service.py:85
				response = await client.post(
					f'{self.base_url.rstrip("/")}/api/v1/events',
					json={'events': [event_data]},
					headers=headers,
					timeout=10.0,
				)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #cd0e264ab63b7294 Environment-variable access.
pkgs/python/[email protected]/browser_use/telemetry/service.py:33
	_device_id = os.environ.get('BROWSER_USE_DEVICE_ID') or _persisted_device_id() or _machine_fingerprint() or uuid7str()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0377631a3d3d3d82 Filesystem access.
pkgs/python/[email protected]/browser_use/telemetry/service.py:40
			with open(DEVICE_ID_PATH) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #189600934a952e37 Filesystem access.
pkgs/python/[email protected]/browser_use/telemetry/service.py:45
		with open(tmp_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #97c85fa593519f0d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/tokens/openrouter_pricing.py:77
			response = await client.get(OPENROUTER_MODELS_URL, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #32ce1baebdf4b468 Environment-variable access.
pkgs/python/[email protected]/browser_use/tokens/service.py:57
		self.include_cost = include_cost or os.getenv('BROWSER_USE_CALCULATE_COST', 'false').lower() == 'true'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b46ceffb8fa7774 Filesystem access.
pkgs/python/[email protected]/browser_use/tokens/service.py:122
			cached = CachedPricingData.model_validate_json(await anyio.Path(cache_file).read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16f43a1c36dd332e Filesystem access.
pkgs/python/[email protected]/browser_use/tokens/service.py:143
			content = await anyio.Path(cache_file).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8c570dcef98888e4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/tokens/service.py:155
				response = await client.get(self.pricing_url, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dc3aae18f812f6cd Filesystem access.
pkgs/python/[email protected]/browser_use/tokens/service.py:170
			await anyio.Path(cache_file).write_text(cached.model_dump_json(indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b8dd03e865d2e22 Filesystem access.
pkgs/python/[email protected]/browser_use/tokens/service.py:622
					cached = CachedPricingData.model_validate_json(cache_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #444e99ef93a328a2 Environment-variable access.
pkgs/python/[email protected]/browser_use/tools/service.py:142
_DEFAULT_ACTION_TIMEOUT_S = _parse_env_action_timeout(os.getenv('BROWSER_USE_ACTION_TIMEOUT_S'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b67c9c9149d3a40 Environment-variable access.
pkgs/python/[email protected]/browser_use/utils.py:485
	return any_or_all(os.getenv(key, '').strip() for key in keys)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #83ddb36ee9d4e3a5 Filesystem access.
pkgs/python/[email protected]/browser_use/utils.py:649
			with open(pyproject_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ac969c898108b37 Environment-variable access.
pkgs/python/[email protected]/browser_use/utils.py:654
					os.environ['LIBRARY_VERSION'] = version  # used by bubus event_schema so all Event schemas include versioning

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12b7c0818520122b Environment-variable access.
pkgs/python/[email protected]/browser_use/utils.py:661
		os.environ['LIBRARY_VERSION'] = version

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e3d2285ea0095b77 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/browser_use/utils.py:677
			response = await client.get('https://pypi.org/pypi/browser-use/json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

mcp

python dependency
medium pii_flow dependency Excluded from app score #deb0df655e35365f A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:443 · flow /tmp/closeopen-456vqd82/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:424 → /tmp/closeopen-456vqd82/pkgs/python/[email protected]/src/mcp/client/auth/oauth2.py:443
        return httpx.Request("POST", token_url, data=refresh_data, headers=headers)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 30 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #15cd62452f1421a5 Environment-variable access.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:50
    context_json = os.environ.get("MCP_CONFORMANCE_CONTEXT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #160f9e626f3e7e54 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/clients/conformance-auth-client/mcp_conformance_auth_client/__init__.py:113
            response = await client.get(
                authorization_url,
                follow_redirects=False,  # Don't follow redirects automatically
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #0173ad28a1aca9c5 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:343
    server_url = os.getenv("MCP_SERVER_PORT", 8000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #555de23d3e6b8196 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:344
    transport_type = os.getenv("MCP_TRANSPORT_TYPE", "streamable-http")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ce1750ac1898aaeb Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-auth-client/mcp_simple_auth_client/main.py:345
    client_metadata_url = os.getenv("MCP_CLIENT_METADATA_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b7d79d432cb72a33 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:24
        self.api_key = os.getenv("LLM_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0e153cff4c2ec3e9 Filesystem access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:45
        with open(file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #50d6301eb74dd4b0 Environment-variable access.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:83
            env={**os.environ, **self.config["env"]} if self.config.get("env") else None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #225fc73640c2fade Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/clients/simple-chatbot/mcp_simple_chatbot/main.py:251
                response = client.post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #de4021c3adfc3923 Filesystem access.
pkgs/python/[email protected]/examples/fastmcp/icons_demo.py:14
icon_data = base64.standard_b64encode(icon_path.read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aac5c00c72661e0f Environment-variable access.
pkgs/python/[email protected]/examples/fastmcp/memory.py:52
PROFILE_DIR = (Path.home() / ".fastmcp" / os.environ.get("USER", "anon") / "memory").resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #4d0382c9ec099057 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fastmcp/text_me.py:49
        response = client.post(
            "https://api.surgemsg.com/messages",
            headers={
                "Authorization": f"Bearer {surge_settings.api_key}",
                "Surge-Account": surge_settings.account_id,
                "Content-Type": "application/json",
            },
            json={
                "body": text_content,
                "conversation": {
                    "contact": {
                        "first_name": surge_settings.my_first_name,
                        "last_name": surge_settings.my_last_name,
                        "phone_number": surge_settings.my_phone_number,
                    }
                },
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #879668a73dc9c760 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/servers/simple-auth/mcp_simple_auth/token_verifier.py:53
                response = await client.post(
                    self.introspection_endpoint,
                    data={"token": token},
                    headers={"Content-Type": "application/x-www-form-urlencoded"},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #0d2f6620d4550e1b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/servers/simple-tool/mcp_simple_tool/server.py:16
        response = await client.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #6a5fbb581851b5f9 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/completion_client.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9db459205d573a27 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/display_utilities.py:17
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #83762c7fe431e888 Environment-variable access.
pkgs/python/[email protected]/examples/snippets/clients/stdio_client.py:19
    env={"UV_INDEX": os.environ.get("UV_INDEX", "")},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9df4b0628f8fa96e Filesystem access.
pkgs/python/[email protected]/scripts/update_readme_snippets.py:53
        code = file.read_text().rstrip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b51e8c954de0d2a3 Filesystem access.
pkgs/python/[email protected]/scripts/update_readme_snippets.py:109
    content = readme_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bd4f14316d044f32 Filesystem access.
pkgs/python/[email protected]/scripts/update_readme_snippets.py:135
            readme_path.write_text(updated_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98a6a9818eb564c3 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:24
        path = Path(os.environ.get("XDG_CONFIG_HOME", Path.home() / ".config"), "Claude")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ffca13d1fd585a2 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:77
            config_file.write_text("{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6dfc552cd592a81 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:88
        config = json.loads(config_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #445e2098bff2c329 Filesystem access.
pkgs/python/[email protected]/src/mcp/cli/claude.py:135
        config_file.write_text(json.dumps(config, indent=2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9faa0461c2371153 Environment-variable access.
pkgs/python/[email protected]/src/mcp/cli/cli.py:282
            env=dict(os.environ.items()),  # Convert to list of tuples for env update

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0fab060dac8921bb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/mcp/client/sse.py:139
                                    response = await client.post(
                                        endpoint_url,
                                        json=session_message.message.model_dump(
                                            by_alias=True,
                                            mode="json",
                                            exclude_none=True,
                                        ),
                                    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ae36f44962e971d6 Environment-variable access.
pkgs/python/[email protected]/src/mcp/client/stdio/__init__.py:59
        value = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0fed4a0e8def16d4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/mcp/server/fastmcp/resources/types.py:161
            response = await client.get(self.url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c1e427f1c347a425 Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:47
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6334751f2434013 Filesystem access.
pkgs/python/[email protected]/src/mcp/server/fastmcp/utilities/types.py:94
            with open(self.path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

rich

python dependency
medium telemetry dependency Excluded from app score #72e01f9ed017fcb7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/rich/progress.py:173
        yield from progress.track(
            sequence,
            total=total,
            completed=completed,
            description=description,
            update_period=update_period,
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #650f1028f3d8e983 Environment-variable access.
pkgs/python/[email protected]/rich/_unicode_data/__init__.py:67
        unicode_version = os.environ.get("UNICODE_VERSION", "latest")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2debc3d712e5a535 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:441
        self.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c167423825049c86 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:612
    term.write_text("went back and wrapped to prev line")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #780664857324a31e Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:615
    term.write_text("we go up")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5ae14711a3878e9 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:618
    term.write_text("and down")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9dbe0767d1689a4 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:623
    term.write_text("we went up and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51850ca2c6a1ade4 Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:628
    term.write_text("we went down and back 2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d1e3f2d9236f70c Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:636
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3812f0ec41fa0fea Filesystem access.
pkgs/python/[email protected]/rich/_win32_console.py:646
    term.write_text("The red arrow shows the cursor location, and direction of erase")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb311872b3594d89 Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:19
                term.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7744a6bc30360e40 Filesystem access.
pkgs/python/[email protected]/rich/_windows_renderer.py:28
                    term.write_text("\r")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d058ea2e399870b5 Environment-variable access.
pkgs/python/[email protected]/rich/console.py:521
        or os.getenv("DATABRICKS_RUNTIME_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20ce74f66e55a8b1 Environment-variable access.
pkgs/python/[email protected]/rich/console.py:623
    _environ: Mapping[str, str] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #102205443adda5b3 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2220
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #caaba977d1de076b Filesystem access.
pkgs/python/[email protected]/rich/console.py:2326
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbd10af85ba0fe35 Filesystem access.
pkgs/python/[email protected]/rich/console.py:2615
        with open(path, "w", encoding="utf-8") as write_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6d211ba7fc44cb9 Environment-variable access.
pkgs/python/[email protected]/rich/diagnose.py:32
    env = {name: os.getenv(name) for name in env_names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47858baa2b2fda77 Filesystem access.
pkgs/python/[email protected]/rich/json.py:134
            json_data = Path(args.path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85323a5117836ab9 Filesystem access.
pkgs/python/[email protected]/rich/markdown.py:768
        with open(args.path, encoding="utf-8") as markdown_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd16aefd60255203 Filesystem access.
pkgs/python/[email protected]/rich/progress.py:1373
        handle = io.open(file, "rb", buffering=buffering)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb659158ab3a30dd Filesystem access.
pkgs/python/[email protected]/rich/syntax.py:357
        code = Path(path).read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2387a576963abc31 Filesystem access.
pkgs/python/[email protected]/rich/theme.py:72
        with open(path, encoding=encoding) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

InquirerPy

python dependency
expand_more 43 low-confidence finding(s)
low env_fs dependency Excluded from app score #5973123fdf4e7c95 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/base/simple.py:95
            if vi_mode or bool(os.getenv("INQUIRERPY_VI_MODE", False))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7536e9ee7bea59e8 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/base/simple.py:106
        self._raise_kbi = not os.getenv(
            "INQUIRERPY_NO_RAISE_KBI", not raise_keyboard_interrupt
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff806a23f799e360 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/base/simple.py:332
            self._raise_kbi = not os.getenv(
                "INQUIRERPY_NO_RAISE_KBI", not raise_keyboard_interrupt
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdcd9c6fc188e178 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:107
            "questionmark": os.getenv("INQUIRERPY_STYLE_QUESTIONMARK", "#e5c07b"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bd4e8aea1eacd96 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:108
            "answermark": os.getenv("INQUIRERPY_STYLE_ANSWERMARK", "#e5c07b"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c43a9ea2277da9ec Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:109
            "answer": os.getenv("INQUIRERPY_STYLE_ANSWER", "#61afef"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7e649843cc56aa6 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:110
            "input": os.getenv("INQUIRERPY_STYLE_INPUT", "#98c379"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2a49bcd23783cb0 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:111
            "question": os.getenv("INQUIRERPY_STYLE_QUESTION", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #096495691167a1e5 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:112
            "answered_question": os.getenv("INQUIRERPY_STYLE_ANSWERED_QUESTION", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12ced1ad62479fb6 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:113
            "instruction": os.getenv("INQUIRERPY_STYLE_INSTRUCTION", "#abb2bf"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28bede5ac17d2a8a Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:114
            "long_instruction": os.getenv(
                "INQUIRERPY_STYLE_LONG_INSTRUCTION", "#abb2bf"
            ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4b1a76104a2ace9 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:117
            "pointer": os.getenv("INQUIRERPY_STYLE_POINTER", "#61afef"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f47f3ec1e437999 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:118
            "checkbox": os.getenv("INQUIRERPY_STYLE_CHECKBOX", "#98c379"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b073026d12163cf Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:119
            "separator": os.getenv("INQUIRERPY_STYLE_SEPARATOR", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9852db9a09f9f49 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:120
            "skipped": os.getenv("INQUIRERPY_STYLE_SKIPPED", "#5c6370"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aaccae4fa61559de Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:121
            "validator": os.getenv("INQUIRERPY_STYLE_VALIDATOR", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69b9c621b33d2741 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:122
            "marker": os.getenv("INQUIRERPY_STYLE_MARKER", "#e5c07b"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ebd64c31add46c5 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:123
            "fuzzy_prompt": os.getenv("INQUIRERPY_STYLE_FUZZY_PROMPT", "#c678dd"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54abaf4c039bf5f6 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:124
            "fuzzy_info": os.getenv("INQUIRERPY_STYLE_FUZZY_INFO", "#abb2bf"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bcf40ad815766e2 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:125
            "fuzzy_border": os.getenv("INQUIRERPY_STYLE_FUZZY_BORDER", "#4b5263"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ff58c6e51e73255 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:126
            "fuzzy_match": os.getenv("INQUIRERPY_STYLE_FUZZY_MATCH", "#c678dd"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc64d68827494821 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:127
            "spinner_pattern": os.getenv("INQUIRERPY_STYLE_SPINNER_PATTERN", "#e5c07b"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d9221975e912395 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:128
            "spinner_text": os.getenv("INQUIRERPY_STYLE_SPINNER_TEXT", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae057aea4461baec Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:133
            "questionmark": os.getenv("INQUIRERPY_STYLE_QUESTIONMARK", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cccd37e37ce5b5ab Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:134
            "answermark": os.getenv("INQUIRERPY_STYLE_ANSWERMARK", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d65c8818f119e60 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:135
            "answer": os.getenv("INQUIRERPY_STYLE_ANSWER", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #147736fd4250e7f9 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:136
            "input": os.getenv("INQUIRERPY_STYLE_INPUT", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcb64437fe2b512b Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:137
            "question": os.getenv("INQUIRERPY_STYLE_QUESTION", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b61da92f88e8b99 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:138
            "answered_question": os.getenv("INQUIRERPY_STYLE_ANSWERED_QUESTION", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81ddf9284846fb0d Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:139
            "instruction": os.getenv("INQUIRERPY_STYLE_INSTRUCTION", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #859011bdbc144046 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:140
            "long_instruction": os.getenv("INQUIRERPY_STYLE_LONG_INSTRUCTION", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0322e79fe84ce39b Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:141
            "pointer": os.getenv("INQUIRERPY_STYLE_POINTER", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdeffd99f6b4c3bf Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:142
            "checkbox": os.getenv("INQUIRERPY_STYLE_CHECKBOX", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e43c1f0314fa1f0f Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:143
            "separator": os.getenv("INQUIRERPY_STYLE_SEPARATOR", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efc9308357f952c2 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:144
            "skipped": os.getenv("INQUIRERPY_STYLE_SKIPPED", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d13816cb0e32c15 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:145
            "validator": os.getenv("INQUIRERPY_STYLE_VALIDATOR", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eba0ac4712a907ac Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:146
            "marker": os.getenv("INQUIRERPY_STYLE_MARKER", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #382d1c8a63cab84f Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:147
            "fuzzy_prompt": os.getenv("INQUIRERPY_STYLE_FUZZY_PROMPT", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a864aec51d33f450 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:148
            "fuzzy_info": os.getenv("INQUIRERPY_STYLE_FUZZY_INFO", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5791650c0e44dfb Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:149
            "fuzzy_border": os.getenv("INQUIRERPY_STYLE_FUZZY_BORDER", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a328a627746cecb2 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:150
            "fuzzy_match": os.getenv("INQUIRERPY_STYLE_FUZZY_MATCH", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e49fe33a44f4df5 Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:151
            "spinner_pattern": os.getenv("INQUIRERPY_STYLE_SPINNER_PATTERN", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7ebd9dbf299509a Environment-variable access.
pkgs/python/[email protected]/InquirerPy/utils.py:152
            "spinner_text": os.getenv("INQUIRERPY_STYLE_SPINNER_TEXT", ""),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

agentmail

python dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #a1b5858ec25a57c9 Environment-variable access.
pkgs/python/[email protected]/src/agentmail/client.py:60
        api_key: typing.Optional[typing.Union[str, typing.Callable[[], str]]] = os.getenv("AGENTMAIL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f083f7eb5d1dbe7a Environment-variable access.
pkgs/python/[email protected]/src/agentmail/client.py:134
        api_key: typing.Optional[typing.Union[str, typing.Callable[[], str]]] = os.getenv("AGENTMAIL_API_KEY"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #87385b9c0acb78f1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/domains/client.py:92
        _response = self._raw_client.get(domain, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #add0d964a062fb3f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/domains/client.py:249
        _response = await self._raw_client.get(domain, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5127ae06c05ceb50 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/drafts/client.py:111
        _response = self._raw_client.get(draft_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #029ae8f2b21ac029 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/drafts/client.py:223
        _response = await self._raw_client.get(draft_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #919e75734a3b7b9a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/client.py:102
        _response = self._raw_client.get(inbox_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #175522155a0c3ea4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/client.py:276
        _response = await self._raw_client.get(inbox_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fd7f80a3b3f6b81e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/drafts/client.py:137
        _response = self._raw_client.get(inbox_id, draft_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2adecfa8a1556eee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/drafts/client.py:413
        _response = await self._raw_client.get(inbox_id, draft_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #110a9c9878d3fba2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/messages/client.py:137
        _response = self._raw_client.get(inbox_id, message_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b9fdab74b4899ed6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/messages/client.py:496
        _response = await self._raw_client.get(inbox_id, message_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b9da13083299f264 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/metrics/client.py:76
        _response = self._raw_client.get(
            inbox_id,
            start_timestamp=start_timestamp,
            end_timestamp=end_timestamp,
            event_types=event_types,
            request_options=request_options,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e2625d43137ea821 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/metrics/client.py:154
        _response = await self._raw_client.get(
            inbox_id,
            start_timestamp=start_timestamp,
            end_timestamp=end_timestamp,
            event_types=event_types,
            request_options=request_options,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #afe12c42cf27233a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/threads/client.py:124
        _response = self._raw_client.get(inbox_id, thread_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #437e734573e00c55 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/inboxes/threads/client.py:306
        _response = await self._raw_client.get(inbox_id, thread_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a7ee765297354475 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/threads/client.py:112
        _response = self._raw_client.get(thread_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #58f6d367b083e476 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/threads/client.py:275
        _response = await self._raw_client.get(thread_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #28fe93037149375a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/webhooks/client.py:94
        _response = self._raw_client.get(webhook_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7a2bc85ff4739295 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/agentmail/webhooks/client.py:257
        _response = await self._raw_client.get(webhook_id, request_options=request_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

aiohttp

python dependency
expand_more 28 low-confidence finding(s)
low env_fs dependency Excluded from app score #c2ad3597741138df Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:78
NO_EXTENSIONS = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3a7cea265fc1397 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:87
    not sys.flags.ignore_environment and bool(os.environ.get("PYTHONASYNCIODEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae37c7fd35b1efed Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:204
    netrc_env = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3b582c4d13c86988 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/aiohttp/test_utils.py:357
        resp = await self._session.request(method, self.make_url(path), **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2c0b11ba75c47b86 Environment-variable access.
pkgs/python/[email protected]/aiohttp/web_fileresponse.py:50
NOSENDFILE: Final[bool] = bool(os.environ.get("AIOHTTP_NOSENDFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #7fe93f863af1d433 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:65
                async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #c41038f7eda4262b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:87
                    async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #cc4ec5fd83fc80ea Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6c523902e12677db Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:23
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #380618738fea69a3 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:32
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #74e457bac689d2f6 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/client_auth.py:9
    async with session.get("http://httpbin.org/basic-auth/andrew/password") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #0ee0d7280ba9e47d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/client_json.py:9
    async with session.get("http://httpbin.org/get") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #42d94e9e38f8e2bd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/curl.py:12
        async with session.request("GET", url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #10c90381c5a41480 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/digest_auth_qop_auth.py:48
            async with session.get(url) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #12c36af5938363d7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fake_server.py:111
        async with session.get(
            "https://graph.facebook.com/v2.7/me", params={"access_token": token}
        ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #47653a3e41f651de Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fake_server.py:116
        async with session.get(
            "https://graph.facebook.com/v2.7/me/friends", params={"access_token": token}
        ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #ffc5459bd83306fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/logging_middleware.py:146
            coro = session.get(f"http://localhost:8080/hello/User{i}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #627a74275e6ad635 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/token_refresh_middleware.py:64
            async with session.post(
                self.token_endpoint,
                json={"refresh_token": self.refresh_token},
                middlewares=(),  # Disable middleware for this request
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #8eec9d47a1e4b97f Filesystem access.
pkgs/python/[email protected]/examples/web_ws.py:21
        with open(WS_FILE, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #692cadb7d486092c Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:12
data = tomllib.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7956103fec90af9 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:19
with open(Path("requirements", "runtime-deps.in"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #667e67e5c8e817e0 Environment-variable access.
pkgs/python/[email protected]/setup.py:12
    os.environ.get("AIOHTTP_USE_SYSTEM_DEPS", os.environ.get("USE_SYSTEM_DEPS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #607bc6efee5664cf Environment-variable access.
pkgs/python/[email protected]/setup.py:14
NO_EXTENSIONS: bool = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3eee33749d3c317a Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:30
        hasher.update(full_src.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #27b5c046aa2f933e Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:37
        dst_hash = dst.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6ef095915311fd35 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:41
        dst.write_text(src_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0b580be302e1d8cc Filesystem access.
pkgs/python/[email protected]/tools/cleanup_changes.py:30
    changes = (root / "CHANGES.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bd529a3fe1a24857 Filesystem access.
pkgs/python/[email protected]/tools/gen.py:16
    code = compile(hdrs_file.read_text(), str(hdrs_file), "exec")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anthropic

python dependency
expand_more 42 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #cad655cbf90ed1d6 Filesystem access.
pkgs/python/[email protected]/examples/memory/basic.py:94
                content = full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e4da364d1822517c Filesystem access.
pkgs/python/[email protected]/examples/memory/basic.py:116
        full_path.write_text(command.file_text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ae5a7f4c3a6b2762 Filesystem access.
pkgs/python/[email protected]/examples/memory/basic.py:126
        content = full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dbab20d3ac164e60 Filesystem access.
pkgs/python/[email protected]/examples/memory/basic.py:134
        full_path.write_text(new_content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #180125fca9b48e5e Filesystem access.
pkgs/python/[email protected]/examples/memory/basic.py:146
        lines = full_path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3e6068ee64746728 Filesystem access.
pkgs/python/[email protected]/examples/memory/basic.py:151
        full_path.write_text("\n".join(lines) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ae5d172e542117e9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/_base_client.py:310
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ea33511cbed9f0f1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:93
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7293e32961fc018 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:97
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2aacd938e7d9bd7b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:101
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1e9aa9153dfedc5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:333
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #957088c0e97d5012 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:337
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #004b90fe0396731c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:341
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #141c158c7e1ab830 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd9f63925b6b5ae8 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed050d259492c3b7 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b7e540b4f28856c Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93942bb043d14e5b Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:461
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f9e29cf7940a38c Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:474
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a62d919edd0790 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_models.py:110
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a9376345d147d7 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:534
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c21aa9e27dc19efe Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:576
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a83ad83c3277fd67 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_utils/_logs.py:17
    env = os.environ.get("ANTHROPIC_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58b6002a7e1b0832 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b4d7807391bcd6e Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9e3b20c9947e8cb Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_utils.py:367
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2f52d8f92fa0610 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:25
        files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3b8d2aa15a15c6 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:42
        files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9179a35beed33a0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:75
    aws_region = os.environ.get("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f11bced3477e3fc Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:170
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8b538c1495616a3 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:312
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3152044a5d51d6b6 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:146
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85adac7f49ada39a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:147
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48b5da4be1a3f7be Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:148
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52ef90a026a28858 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:323
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #564e392a149f089f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:324
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e62f1149c561f671 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:325
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3be567b0b02a5434 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:44
        project_id = os.environ.get("ANTHROPIC_VERTEX_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c33ac2ae99d57816 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:111
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fff0b36cee1535f1 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:118
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8114c55201911a16 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:256
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f84c76472ef1d3a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:263
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anyio

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #8867cf75d57168a5 Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:211
    sys.stdin = open(os.devnull)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f237bc34827bcb8 Filesystem access.
pkgs/python/[email protected]/src/anyio/to_process.py:212
    sys.stdout = open(os.devnull, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

boto3

python dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling reachable #011dea3a942c2ea2 Filesystem access.
pkgs/python/[email protected]/boto3/docs/__init__.py:50
        with open(service_doc_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fbe061ef42f2c87a Filesystem access.
pkgs/python/[email protected]/boto3/docs/service.py:201
            with open(examples_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e20d0b0d5fc551fd Filesystem access.
pkgs/python/[email protected]/setup.py:24
    init = open(os.path.join(ROOT, 'boto3', '__init__.py')).read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #742ea7885a900b66 Filesystem access.
pkgs/python/[email protected]/setup.py:32
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

botocore

python dependency
expand_more 35 low-confidence finding(s)
low env_fs dependency Excluded from app score #d2c8112fcc696bc5 Environment-variable access.
pkgs/python/[email protected]/botocore/compat.py:288
    disabled = os.environ.get('BOTO_DISABLE_CRT', "false")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65433d1609dc69e9 Environment-variable access.
pkgs/python/[email protected]/botocore/configprovider.py:364
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b331d3c047f4447 Environment-variable access.
pkgs/python/[email protected]/botocore/configprovider.py:606
        if os.environ.get('AWS_EXECUTION_ENV'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4ce282cc592cf96 Environment-variable access.
pkgs/python/[email protected]/botocore/configprovider.py:607
            default_region = os.environ.get('AWS_DEFAULT_REGION')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ed2c1bbfbc4a53f Environment-variable access.
pkgs/python/[email protected]/botocore/configprovider.py:608
            current_region = os.environ.get('AWS_REGION', default_region)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0ce4053dfd587ef Environment-variable access.
pkgs/python/[email protected]/botocore/configprovider.py:968
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #537fc2dad2a3c914 Environment-variable access.
pkgs/python/[email protected]/botocore/credentials.py:1212
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d779225410bf2af8 Environment-variable access.
pkgs/python/[email protected]/botocore/credentials.py:1338
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8123335e5582f420 Environment-variable access.
pkgs/python/[email protected]/botocore/credentials.py:1500
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d76e42a301acae37 Environment-variable access.
pkgs/python/[email protected]/botocore/credentials.py:1922
        if env_key and env_key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deb45bc23a053d4b Environment-variable access.
pkgs/python/[email protected]/botocore/credentials.py:1923
            return os.environ[env_key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13334d399a5a86c1 Environment-variable access.
pkgs/python/[email protected]/botocore/credentials.py:2078
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a1ac64559e8e506 Filesystem access.
pkgs/python/[email protected]/botocore/credentials.py:2111
            with open(auth_token_file_path) as token_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #57b32b9c3dc7fda3 Filesystem access.
pkgs/python/[email protected]/botocore/docs/__init__.py:53
        with open(service_file_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #eb0e31e5b18a5bad Filesystem access.
pkgs/python/[email protected]/botocore/docs/bcdoc/restdoc.py:284
        with open(sub_resource_file_path, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #642fcc6d2bd9902f Environment-variable access.
pkgs/python/[email protected]/botocore/endpoint.py:449
        return os.environ.get('REQUESTS_CA_BUNDLE', True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #228f46cc54305a6f Environment-variable access.
pkgs/python/[email protected]/botocore/handlers.py:112
    has_lambda_name = 'AWS_LAMBDA_FUNCTION_NAME' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #650f6013a2d0f8b1 Environment-variable access.
pkgs/python/[email protected]/botocore/handlers.py:113
    trace_id = os.environ.get('_X_AMZN_TRACE_ID')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e66a9e0e3ac1ad63 Environment-variable access.
pkgs/python/[email protected]/botocore/handlers.py:383
                os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34b822053d3d8bdf Environment-variable access.
pkgs/python/[email protected]/botocore/handlers.py:383
                os.environ.get(
                    'BOTO_EXPERIMENTAL__NO_EMPTY_CONTINUE',
                    False,
                )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b72f97f90ec27bda Environment-variable access.
pkgs/python/[email protected]/botocore/httpsession.py:176
        sslkeylogfile = os.environ.get("SSLKEYLOGFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae000c634657c535 Environment-variable access.
pkgs/python/[email protected]/botocore/httpsession.py:455
                os.environ.get('BOTO_EXPERIMENTAL__ADD_PROXY_HOST_HEADER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f86d1dd4c3c390c Environment-variable access.
pkgs/python/[email protected]/botocore/plugin.py:61
            context.plugins = os.environ.get('BOTOCORE_EXPERIMENTAL__PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1cba2ca91d9bf86 Environment-variable access.
pkgs/python/[email protected]/botocore/plugin.py:64
    return os.environ.get('BOTOCORE_EXPERIMENTAL__PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #050661c27f4961e2 Environment-variable access.
pkgs/python/[email protected]/botocore/session.py:575
        if os.environ.get('AWS_EXECUTION_ENV') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #491cbe97c38888be Environment-variable access.
pkgs/python/[email protected]/botocore/session.py:576
            base += ' exec-env/{}'.format(os.environ.get('AWS_EXECUTION_ENV'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf95e926440f97b Environment-variable access.
pkgs/python/[email protected]/botocore/tokens.py:351
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e44640871550d63 Environment-variable access.
pkgs/python/[email protected]/botocore/useragent.py:358
            execution_env=os.environ.get('AWS_EXECUTION_ENV'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf419446227d2be3 Environment-variable access.
pkgs/python/[email protected]/botocore/utils.py:417
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5387e686948280d0 Environment-variable access.
pkgs/python/[email protected]/botocore/utils.py:738
            environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bec8137f6b672c5 Filesystem access.
pkgs/python/[email protected]/botocore/utils.py:3560
            with open(actual_key) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d76f777fe146faf Environment-variable access.
pkgs/python/[email protected]/botocore/utils.py:3621
        environ = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3198ff72735fd870 Environment-variable access.
pkgs/python/[email protected]/botocore/utils.py:3706
    if 'AWS_LOGIN_CACHE_DIRECTORY' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00405fffdb143ec1 Environment-variable access.
pkgs/python/[email protected]/botocore/utils.py:3707
        path = os.path.expandvars(os.environ['AWS_LOGIN_CACHE_DIRECTORY'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a1d6d82319dd0a5 Filesystem access.
pkgs/python/[email protected]/setup.py:43
    long_description=open('README.rst').read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

browser-harness

python dependency
expand_more 102 low-confidence finding(s)
low env_fs dependency Excluded from app score #35d9bff18cbc803c Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/_ipc.py:18
BH_TMP_DIR = os.environ.get("BH_TMP_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f67eea7347698ca5 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/_ipc.py:19
BH_RUNTIME_DIR = os.environ.get("BH_RUNTIME_DIR") or BH_TMP_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f60b5be18313baa0 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/_ipc.py:20
BH_RUNTIME_DIR_SHARED = os.environ.get("BH_RUNTIME_DIR_SHARED") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3825199066bb81aa Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/_ipc.py:21
BH_TMP_DIR_SHARED = os.environ.get("BH_TMP_DIR_SHARED") == "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04ea139f9eaa721e Filesystem access.
pkgs/python/[email protected]/src/browser_harness/_ipc.py:60
        d = json.loads(port_path(name).read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #795ed55f5e1e5960 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/_ipc.py:184
    tmp.write_text(json.dumps({"port": port, "token": _server_token}), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ffe3a5fc927f2d0 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/admin.py:36
            with open(f"/proc/{pid}/stat", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9aabf51ac165f5b Filesystem access.
pkgs/python/[email protected]/src/browser_harness/admin.py:117
    for line in p.read_text(encoding="utf-8-sig", errors="replace").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37d462b925dfb537 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:122
        os.environ.setdefault(k.strip(), v.strip().strip('"').strip("'"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5b936d7b366eaa7 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:127
NAME = os.environ.get("BU_NAME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e75864651ea7c1 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/admin.py:137
        return ipc.log_path(name or NAME).read_text(encoding="utf-8", errors="replace").strip().splitlines()[-1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #908582cc053f9b00 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:173
        or os.environ.get("BU_CDP_WS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df66ac9d08ec755d Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:174
        or os.environ.get("BU_CDP_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03cb7e9d723e25f5 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:282
        raw = (os.environ.get(key) or "").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #597fac6581512ef4 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:347
        e = {**os.environ, **({"BU_NAME": name} if name else {}), **(env or {})}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #998fd02ea88baa5e Filesystem access.
pkgs/python/[email protected]/src/browser_harness/admin.py:349
            stderr_sink = open(ipc.log_path(name or NAME), "ab")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1f42a58244231389 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/admin.py:478
    return json.loads(urllib.request.urlopen(req, timeout=60).read() or b"{}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3b3eb07abc1877f6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/admin.py:491
    return json.loads(urllib.request.urlopen(f"{cdp_url}/json/version", timeout=15).read())["webSocketDebuggerUrl"]

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #67dc88aad54ce39f Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:501
        return bool(os.environ.get("DISPLAY") or os.environ.get("WAYLAND_DISPLAY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd930f598e1c0780 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/admin.py:632
    r = subprocess.run(cmd, text=True, encoding="utf-8", errors="replace", capture_output=True, env={**os.environ, "BROWSER_USE_API_KEY": key})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8a2b9159904a0be Filesystem access.
pkgs/python/[email protected]/src/browser_harness/admin.py:676
        return json.loads(VERSION_CACHE.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #334c9d99b5e3090a Filesystem access.
pkgs/python/[email protected]/src/browser_harness/admin.py:684
        VERSION_CACHE.write_text(json.dumps(data))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6a3a1ffd26353f6e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/admin.py:700
        tag = json.loads(urllib.request.urlopen(PYPI_JSON, timeout=5).read()).get("info", {}).get("version") or ""

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8a8b3626d7e484a4 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/auth.py:119
    return (os.environ.get("BROWSER_USE_CLOUD_API_URL") or AUTH_BASE).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39a7136e1076ceb7 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/auth.py:123
    return os.environ.get("BROWSER_HARNESS_OAUTH_CLIENT_ID") or DEFAULT_CLIENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10e9496ae7211053 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/auth.py:127
    override = os.environ.get("BH_AUTH_PATH")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c1e9d52623d8d81 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/auth.py:136
        return json.loads(path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #315c5d2c330cd50d Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/auth.py:180
    env_key = os.environ.get("BROWSER_USE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43dfbd6ef6551b3b Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/auth.py:191
    if os.environ.get("BROWSER_USE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78bcd334b4d7583f Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/auth.py:220
        "device_name": os.environ.get("BH_DEVICE_NAME") or "browser-harness",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bce6e955da6779f Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/auth.py:298
        {"client_id": client_id(), "device_name": os.environ.get("BH_DEVICE_NAME") or "browser-harness"},

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #04d1fdafb57550a9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/auth.py:432
        with urllib.request.urlopen(req, timeout=60) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a6d191f4568e0a73 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:23
    for line in p.read_text(encoding="utf-8-sig", errors="replace").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf20651f001f51ec Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:28
        os.environ.setdefault(k.strip(), v.strip().strip('"').strip("'"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #036d6a8bebd9a5fb Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:33
NAME = os.environ.get("BU_NAME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69dd0b6010624f9f Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:79
        local = Path(os.environ.get("LOCALAPPDATA") or Path.home() / "AppData/Local")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d8cd9336b94c8f0 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:89
REMOTE_ID = os.environ.get("BU_BROWSER_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #109d53f903c20568 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:90
BROWSER_KIND = "cloud" if REMOTE_ID else ("cdp" if (os.environ.get("BU_CDP_WS") or os.environ.get("BU_CDP_URL")) else "local")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a19e4e47e11a9ce Filesystem access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:94
    open(LOG, "a", encoding="utf-8", errors="replace").write(f"{msg}\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6606d98ea971a622 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:115
            active = (base / "DevToolsActivePort").read_text(encoding="utf-8", errors="replace").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16d6d0ee5c214255 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:126
    if url := os.environ.get("BU_CDP_WS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #448ced95e03aa003 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:128
    if url := os.environ.get("BU_CDP_URL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2c8304c46939cc69 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/daemon.py:137
                return json.loads(urllib.request.urlopen(f"{base_url}/json/version", timeout=5).read())["webSocketDebuggerUrl"]

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2ff0ba8f01227a7a Filesystem access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:156
                active = (base / "DevToolsActivePort").read_text(encoding="utf-8", errors="replace").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #bebeb529c11ef3a9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/daemon.py:168
                return json.loads(urllib.request.urlopen(f"http://127.0.0.1:{port}/json/version", timeout=1).read())["webSocketDebuggerUrl"]

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9efb52cac65a2fe4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/daemon.py:181
            with urllib.request.urlopen(f"http://127.0.0.1:{probe_port}/json/version", timeout=1) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #26d61c496a223c25 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/daemon.py:202
        urllib.request.urlopen(req, timeout=15).read()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #50973cd0e0bc89bc Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:270
            if os.environ.get("BU_CDP_WS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #696edc266786f779 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:438
    open(LOG, "w").close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14fcfeac4001d6dc Filesystem access.
pkgs/python/[email protected]/src/browser_harness/daemon.py:439
    open(PID, "w").write(str(os.getpid()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22d5130ed5986b83 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/helpers.py:28
    for line in p.read_text(encoding="utf-8-sig", errors="replace").splitlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44a12412719e4630 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/helpers.py:33
        os.environ.setdefault(k.strip(), v.strip().strip('"').strip("'"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ae60673bd7106b4 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/helpers.py:38
NAME = os.environ.get("BU_NAME", "default")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9c1a173ed1bb8c6 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/helpers.py:132
    if os.environ.get("BH_DOMAIN_SKILLS") != "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6c7c410fc72e178 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/helpers.py:153
    if os.environ.get("BH_DEBUG_CLICKS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71d0a577640a5e5a Filesystem access.
pkgs/python/[email protected]/src/browser_harness/helpers.py:247
    open(path, "wb").write(base64.b64decode(r["data"]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f065f409e7aa8cf4 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/helpers.py:478
    if os.environ.get("BROWSER_USE_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b54f51d519ee4d60 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/helpers.py:487
    with urllib.request.urlopen(urllib.request.Request(url, headers=h), timeout=timeout) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #569f83d567a26ec3 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/paths.py:10
    raw = os.environ.get("BH_HOME") or os.environ.get("BROWSER_HARNESS_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f612e5b72e27f303 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/paths.py:13
    base = os.environ.get("XDG_CONFIG_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18b8630a224fdd83 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/paths.py:28
    raw = os.environ.get("BH_CONFIG_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1714b1763eaafc4 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/paths.py:33
    raw = os.environ.get("BH_RUNTIME_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe3f03aecb71dbe3 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/paths.py:38
    raw = os.environ.get("BH_TMP_DIR")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad4547dfa39b9f24 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/paths.py:43
    raw = os.environ.get("BH_AGENT_WORKSPACE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d48419da18be987 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:80
        data = json.loads(_config_path().read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5da6cf9dcaee1eb Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:87
    raw = os.environ.get("BH_RECORD")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85ceaeadb3c4ee2f Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:94
    return _recordings_root() / f".active-{os.environ.get('BU_NAME', 'default')}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3902977b6c544030 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:108
    (d / "meta.json").write_text(json.dumps(meta), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #127800b9acd2e970 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:109
    _marker().write_text(str(d), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f50ce087b0a8df61 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:133
    d = m.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b470ff1c928e6f2 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:182
    tmp.write_text(json.dumps({"enabled": bool(enabled)}) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cc066c4a23d2b57 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:194
        return json.loads((Path(d) / "meta.json").read_text(encoding="utf-8")).get("auto") is True

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7f4394de52ba81f Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:204
        return float(os.environ.get("BH_RECORD_IDLE", "180"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8467c2ff5dd1c998 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:218
    (d / "meta.json").write_text(json.dumps(meta), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cef9c8efd849bd25 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/recorder.py:219
    _marker().write_text(str(d), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #720eb709c00aeecc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_harness/run.py:80
            urllib.request.urlopen(f"http://127.0.0.1:{port}/json/version", timeout=0.3).close()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #22f300cf28b6261f Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/run.py:92
    return bool(os.environ.get("BU_CDP_URL") or os.environ.get("BU_CDP_WS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a892133df13c3e8 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/run.py:106
    print(resources.files("browser_harness").joinpath("SKILL.md").read_text(encoding="utf-8"), end="")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3479efb03604c8 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/run.py:357
        os.environ["BH_DEBUG_CLICKS"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e58acaba8cc721c Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/run.py:377
            and os.environ.get("BU_AUTOSPAWN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b213df625168b144 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:54
        return json.loads(_config_path().read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec99fb666832ab78 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:66
        path.write_text(json.dumps(data, indent=2, sort_keys=True) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c93de43e79f68cca Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:83
    return any((os.environ.get(name) or "").lower() in {"0", "false", "no", "off"} for name in DISABLE_ENVS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f593925955b07726 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:167
        value = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a282f9ca07bbf7a Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:191
    host = os.environ.get("BH_POSTHOG_HOST", POSTHOG_HOST).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef8c42f254c2ab37 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:194
        "timeout": float(os.environ.get("BH_TELEMETRY_TIMEOUT", "5")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #465f725071e41890 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:265
                "client": os.environ.get("BH_CLIENT") or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3087d703e104a03b Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:266
                "client_version": os.environ.get("BH_CLIENT_VERSION") or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c17760a8e5d8d1ed Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:268
                "model": os.environ.get("BROWSER_USE_AGENT_MODEL") or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3818c429447001e Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/telemetry.py:269
                "model_provider": os.environ.get("BROWSER_USE_MODEL_PROVIDER") or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b5d93818b515e37 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:102
        value = json.loads(path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e82392d4afe06d30 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:111
    return hashlib.sha256(path.read_bytes()).hexdigest()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a055c9e06288bae Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:116
        text = path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #284887de887f4cac Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:156
    (recording / SOURCE_MANIFEST).write_text(json.dumps(manifest, indent=2) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc25be5597d9388c Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:619
    path.write_text(f"window.COMPOSITION = {body};\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2190aa58c2a6ed2e Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:625
        lines = events_path.read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4baba1e34be5b7d6 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:672
    for source_line, line in enumerate(events_path.read_text(encoding="utf-8").splitlines(), 1):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c614aa04eb17507f Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video.py:709
    output.write_text(json.dumps(summary, indent=2) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0418bd568e2e3c97 Environment-variable access.
pkgs/python/[email protected]/src/browser_harness/video_render.py:107
    env = {**os.environ, "BH_RECORD": "0"}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d235ab75293b0f0 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video_render.py:327
    report_path.write_text(json.dumps(report, indent=2) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7cf0e2c4454ed11 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video_render.py:421
    review_report = json.loads(review_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e04f33aea88c1de0 Filesystem access.
pkgs/python/[email protected]/src/browser_harness/video_render.py:519
    report_path.write_text(json.dumps(report, indent=2) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

browser-use-sdk

python dependency
expand_more 108 low-confidence finding(s)
low egress dependency Excluded from app score #ec8bd390ece88531 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/_core/http.py:93
            response = self._client.request(method, path, json=json, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4df7fc8684284e32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/_core/http.py:139
            response = await self._client.request(method, path, json=json, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #6887bc655e608f82 Environment-variable access.
pkgs/python/[email protected]/src/browser_use_sdk/v2/client.py:38
        resolved_key = api_key or os.environ.get("BROWSER_USE_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5260437373447fa Environment-variable access.
pkgs/python/[email protected]/src/browser_use_sdk/v2/client.py:349
        resolved_key = api_key or os.environ.get("BROWSER_USE_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #eb7001532a839c44 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/browsers.py:100
            self._http.request("GET", f"/browsers/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #845bd90d1b37054e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/browsers.py:107
            self._http.request("PATCH", f"/browsers/{session_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9d38aaa9aa2257de Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/browsers.py:169
            await self._http.request("GET", f"/browsers/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e67a72ac9cbaeaf6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/browsers.py:176
            await self._http.request("PATCH", f"/browsers/{session_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9e405c6f3d2e9927 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/files.py:33
            self._http.request(
                "POST",
                f"/files/sessions/{session_id}/presigned-url",
                json=body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2f464f157aad672b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/files.py:57
            self._http.request(
                "POST",
                f"/files/browsers/{session_id}/presigned-url",
                json=body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1d9d020f4802cafd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/files.py:67
            self._http.request(
                "GET",
                f"/files/tasks/{task_id}/output-files/{file_id}",
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #19311d91cf47619c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/files.py:95
            await self._http.request(
                "POST",
                f"/files/sessions/{session_id}/presigned-url",
                json=body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a2708bb13422e188 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/files.py:119
            await self._http.request(
                "POST",
                f"/files/browsers/{session_id}/presigned-url",
                json=body,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f518dc3734134a8d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/files.py:129
            await self._http.request(
                "GET",
                f"/files/tasks/{task_id}/output-files/{file_id}",
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0cfc3f9e54edbf0b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/marketplace.py:47
            self._http.request("GET", f"/marketplace/skills/{slug}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #09953f89fac34c06 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/marketplace.py:53
            self._http.request("POST", f"/marketplace/skills/{skill_id}/clone")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dba668e32f892aeb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/marketplace.py:72
            self._http.request(
                "POST", f"/marketplace/skills/{skill_id}/execute", json=body
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1bc869255ae0e41e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/marketplace.py:111
            await self._http.request("GET", f"/marketplace/skills/{slug}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #abc16069b878c884 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/marketplace.py:117
            await self._http.request("POST", f"/marketplace/skills/{skill_id}/clone")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #afe127b5285847dd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/marketplace.py:136
            await self._http.request(
                "POST", f"/marketplace/skills/{skill_id}/execute", json=body
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e9853147bb9628c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/profiles.py:54
            self._http.request("GET", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #309ca18307fd3423 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/profiles.py:73
            self._http.request("PATCH", f"/profiles/{profile_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #220bb4991a419b37 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/profiles.py:78
        self._http.request("DELETE", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #34ea03d0599c2f6a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/profiles.py:133
            await self._http.request("GET", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8f8cbb6e4c07fefe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/profiles.py:152
            await self._http.request("PATCH", f"/profiles/{profile_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7b749b61749589bf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/profiles.py:157
        await self._http.request("DELETE", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #61d34651190a8689 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:106
            self._http.request("GET", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #736127fc80ef5e9e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:113
            self._http.request("PATCH", f"/sessions/{session_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #20280b1367c1655c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:122
        self._http.request("DELETE", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bb802401e8f6ef47 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:127
            self._http.request("GET", f"/sessions/{session_id}/public-share")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #08804f691a8ce6b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:133
            self._http.request("POST", f"/sessions/{session_id}/public-share")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3e874cf4117a07c0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:138
        self._http.request("DELETE", f"/sessions/{session_id}/public-share")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ab23a28b4c11bd15 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:142
        self._http.request("POST", f"/sessions/{session_id}/purge")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a83df3b9dfd320d2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:210
            await self._http.request("GET", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #08e89fe701206e4e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:217
            await self._http.request("PATCH", f"/sessions/{session_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #461735d76cf42274 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:226
        await self._http.request("DELETE", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8a94a6917e90618c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:231
            await self._http.request("GET", f"/sessions/{session_id}/public-share")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2aa108f19dd09ca3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:237
            await self._http.request("POST", f"/sessions/{session_id}/public-share")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a0af912c3855a231 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:242
        await self._http.request("DELETE", f"/sessions/{session_id}/public-share")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #480c2314367fc73a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/sessions.py:246
        await self._http.request("POST", f"/sessions/{session_id}/purge")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e6b09ea45b8b89a6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:74
            self._http.request("GET", f"/skills/{skill_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2abaf435d97db45a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:102
            self._http.request("PATCH", f"/skills/{skill_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #786202ff2b382a71 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:107
        self._http.request("DELETE", f"/skills/{skill_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ddaad79da7b965b9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:112
            self._http.request("POST", f"/skills/{skill_id}/cancel")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1677b1e4e5906794 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:131
            self._http.request("POST", f"/skills/{skill_id}/execute", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0a07823f7247088e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:151
            self._http.request("POST", f"/skills/{skill_id}/refine", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f99d1b51d06b3563 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:157
            self._http.request("POST", f"/skills/{skill_id}/rollback")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c472a36bd2461d17 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:169
            self._http.request(
                "GET",
                f"/skills/{skill_id}/executions",
                params={
                    "pageSize": page_size,
                    "pageNumber": page_number,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #18eb4e924396bb05 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:182
            self._http.request(
                "GET",
                f"/skills/{skill_id}/executions/{execution_id}/output",
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4053abf16c976511 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:250
            await self._http.request("GET", f"/skills/{skill_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dd89d779887f90ef Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:278
            await self._http.request("PATCH", f"/skills/{skill_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a38c9ee4da515ef7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:283
        await self._http.request("DELETE", f"/skills/{skill_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c862b62a25ef5084 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:288
            await self._http.request("POST", f"/skills/{skill_id}/cancel")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #48674435caf10635 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:307
            await self._http.request("POST", f"/skills/{skill_id}/execute", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #789c513310ef3f3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:327
            await self._http.request("POST", f"/skills/{skill_id}/refine", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4ad9760cb562e8ac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:333
            await self._http.request("POST", f"/skills/{skill_id}/rollback")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f160e2121edee875 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:345
            await self._http.request(
                "GET",
                f"/skills/{skill_id}/executions",
                params={
                    "pageSize": page_size,
                    "pageNumber": page_number,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c16d717d21a94193 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/skills.py:358
            await self._http.request(
                "GET",
                f"/skills/{skill_id}/executions/{execution_id}/output",
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cef66243c81a9b81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:174
            self._http.request("GET", f"/tasks/{task_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #56269c4f0760c757 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:181
            self._http.request("PATCH", f"/tasks/{task_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d10b22a5addc8f4a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:195
            self._http.request("GET", f"/tasks/{task_id}/status")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dd7c5609ec11b6c0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:201
            self._http.request("GET", f"/tasks/{task_id}/logs")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7671eae38d77dc7d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:308
            await self._http.request("GET", f"/tasks/{task_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b938365aef00614f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:315
            await self._http.request("PATCH", f"/tasks/{task_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #64106498341cc723 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:329
            await self._http.request("GET", f"/tasks/{task_id}/status")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d1458cc8ce240e73 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v2/resources/tasks.py:335
            await self._http.request("GET", f"/tasks/{task_id}/logs")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a9f2e1c906eae58e Environment-variable access.
pkgs/python/[email protected]/src/browser_use_sdk/v3/client.py:35
        resolved_key = api_key or os.environ.get("BROWSER_USE_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17686047ed6f5333 Environment-variable access.
pkgs/python/[email protected]/src/browser_use_sdk/v3/client.py:252
        resolved_key = api_key or os.environ.get("BROWSER_USE_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4b8eb2351806ea99 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/browsers.py:72
            self._http.request("GET", f"/browsers/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2834bb2230651e68 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/browsers.py:80
            self._http.request("PATCH", f"/browsers/{session_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #596a07b9c1998e79 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/browsers.py:143
            await self._http.request("GET", f"/browsers/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e9423cf2b5e7ef05 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/browsers.py:151
            await self._http.request("PATCH", f"/browsers/{session_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #135ad266f29a5aae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/profiles.py:56
            self._http.request("GET", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d46885133f031f7c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/profiles.py:75
            self._http.request("PATCH", f"/profiles/{profile_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #046f2982af46f10b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/profiles.py:80
        self._http.request("DELETE", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ff9012b21f1d3fbf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/profiles.py:124
            await self._http.request("GET", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b2b1212ed3e377cc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/profiles.py:143
            await self._http.request("PATCH", f"/profiles/{profile_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d48de5fbd2774804 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/profiles.py:148
        await self._http.request("DELETE", f"/profiles/{profile_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a03e7186b217d528 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:92
            self._http.request("GET", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9c493578485ac454 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:104
            self._http.request("POST", f"/sessions/{session_id}/stop", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #73c0514cd8691404 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:109
        self._http.request("DELETE", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fb64a0dd32e79d4b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:121
            self._http.request(
                "GET",
                f"/sessions/{session_id}/messages",
                params={
                    "after": after,
                    "before": before,
                    "limit": limit,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ff6b964a6eb9a47c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:229
            await self._http.request("GET", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #97ff96f63ea676dc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:241
            await self._http.request("POST", f"/sessions/{session_id}/stop", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ad39c5eb6c03d853 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:246
        await self._http.request("DELETE", f"/sessions/{session_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8384ba54d731325e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/sessions.py:258
            await self._http.request(
                "GET",
                f"/sessions/{session_id}/messages",
                params={
                    "after": after,
                    "before": before,
                    "limit": limit,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8f65dd6b76eeb6a7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:80
            self._http.request("GET", f"/workspaces/{workspace_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e69400c50e34bb8f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:96
            self._http.request("PATCH", f"/workspaces/{workspace_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a2c02288ba59de25 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:101
        self._http.request("DELETE", f"/workspaces/{workspace_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8216d960247a855f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:115
            self._http.request(
                "GET",
                f"/workspaces/{workspace_id}/files",
                params={
                    "prefix": prefix,
                    "limit": limit,
                    "cursor": cursor,
                    "includeUrls": include_urls,
                    "shallow": shallow,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9808c972300b96ee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:142
            self._http.request(
                "POST",
                f"/workspaces/{workspace_id}/files/upload",
                json=body,
                params={"prefix": prefix} if prefix else None,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3f9699fe1e782f51 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:152
        self._http.request(
            "DELETE",
            f"/workspaces/{workspace_id}/files",
            params={"path": path},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6c68b231cfaee718 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:160
        return self._http.request("GET", f"/workspaces/{workspace_id}/size")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8e30b09ab0ca7d91 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:186
                http.put(
                    item.upload_url,
                    content=p.read_bytes(),
                    headers={"Content-Type": _guess_content_type(str(p))},
                ).raise_for_status()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4c6be7a59f2eac1c Filesystem access.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:188
                    content=p.read_bytes(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #940f9213967ea693 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:222
            resp = http.get(match.url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5351ea3b71e8bfe1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:254
                    resp = http.get(f.url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0763f0e23a9ff30b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:304
            await self._http.request("GET", f"/workspaces/{workspace_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #55553795cbdb8e1c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:320
            await self._http.request("PATCH", f"/workspaces/{workspace_id}", json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6c5c72eea62339a9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:325
        await self._http.request("DELETE", f"/workspaces/{workspace_id}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d12f178715a37f67 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:339
            await self._http.request(
                "GET",
                f"/workspaces/{workspace_id}/files",
                params={
                    "prefix": prefix,
                    "limit": limit,
                    "cursor": cursor,
                    "includeUrls": include_urls,
                    "shallow": shallow,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c906f94343aebb43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:366
            await self._http.request(
                "POST",
                f"/workspaces/{workspace_id}/files/upload",
                json=body,
                params={"prefix": prefix} if prefix else None,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7681a3c9ba0cdb43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:376
        await self._http.request(
            "DELETE",
            f"/workspaces/{workspace_id}/files",
            params={"path": path},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d8354980dbb3e348 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:384
        return await self._http.request("GET", f"/workspaces/{workspace_id}/size")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5a4cd7c0d72db427 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:410
                r = await http.put(
                    item.upload_url,
                    content=p.read_bytes(),
                    headers={"Content-Type": _guess_content_type(str(p))},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a1a80cb5a7b447bc Filesystem access.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:412
                    content=p.read_bytes(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1ffa1bf27cc8d5ab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:447
            resp = await http.get(match.url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ed67082ddc8701e2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/browser_use_sdk/v3/resources/workspaces.py:479
                    resp = await http.get(f.url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

bubus

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #b3d9d92c3628cba2 Environment-variable access.
pkgs/python/[email protected]/bubus/models.py:29
BUBUS_LOGGING_LEVEL = os.getenv('BUBUS_LOGGING_LEVEL', 'WARNING').upper()  # WARNING normally, otherwise DEBUG when testing

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9034ae2c917cd547 Environment-variable access.
pkgs/python/[email protected]/bubus/models.py:30
LIBRARY_VERSION = os.getenv('LIBRARY_VERSION', '1.0.0')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

click

python dependency
expand_more 31 low-confidence finding(s)
low env_fs dependency Excluded from app score #748e14b48adc1169 Filesystem access.
pkgs/python/[email protected]/src/click/_compat.py:366
        return open(file, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1c862041f33eeda Filesystem access.
pkgs/python/[email protected]/src/click/_compat.py:368
    return open(file, mode, encoding=encoding, errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #136e8ec2bf4eb4a8 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:382
    pager_cmd_parts = shlex.split(os.environ.get("PAGER", ""), posix=False)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cd35918956c6baf Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:390
    if os.environ.get("TERM") in ("dumb", "emacs"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1a2263953759db7 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:442
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca520efbac13c77f Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:447
        less_flags = f"{os.environ.get('LESS', '')}{' '.join(cmd_params)}"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7966f168d29ddf02 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:581
            rv = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b4a3d6d8a510a96 Environment-variable access.
pkgs/python/[email protected]/src/click/_termui_impl.py:601
            environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30fb5a1eada8fd6d Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:665
            with open(name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07770cc1605d7022 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:694
        null = open("/dev/null", "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c601e693f183605 Filesystem access.
pkgs/python/[email protected]/src/click/_termui_impl.py:823
            f = open("/dev/tty")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fafacfae327ae51c Filesystem access.
pkgs/python/[email protected]/src/click/core.py:1159
                formatter.write_text(text)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b136a286f23fec15 Filesystem access.
pkgs/python/[email protected]/src/click/core.py:1180
                formatter.write_text(epilog)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd9ef105c9e9511d Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:1473
        instruction = os.environ.get(complete_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05b7ae0daa482dc6 Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:2506
            rv = os.environ.get(self.envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7981e90181e054a Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:2512
                rv = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e04a9338a039b95 Environment-variable access.
pkgs/python/[email protected]/src/click/core.py:3185
            rv = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4804395c4d8f3bcb Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:348
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db8b21dee105bd4d Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:349
        cword = int(os.environ["COMP_CWORD"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f467146257f401e6 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:370
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faeab4d676467458 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:371
        cword = int(os.environ["COMP_CWORD"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5d4bac7f25b301b Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:406
        cwords = split_arg_string(os.environ["COMP_WORDS"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a88d0b4b54989e7 Environment-variable access.
pkgs/python/[email protected]/src/click/shell_completion.py:407
        incomplete = os.environ["COMP_CWORD"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #879e6699e73f6e19 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:405
                old_env[key] = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9aec6f004223f413 Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:408
                        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #320f6abbd137768b Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:412
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2839766bed2a8cdb Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:418
                        del os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2906eb05865f1cdb Environment-variable access.
pkgs/python/[email protected]/src/click/testing.py:422
                    os.environ[key] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b80589033f5518c Filesystem access.
pkgs/python/[email protected]/src/click/utils.py:139
                open(filename, mode).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b7c37485a92ae4 Environment-variable access.
pkgs/python/[email protected]/src/click/utils.py:482
        folder = os.environ.get(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d458575b423eb5a Environment-variable access.
pkgs/python/[email protected]/src/click/utils.py:493
        os.environ.get("XDG_CONFIG_HOME", os.path.expanduser("~/.config")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

datamodel-code-generator

python dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #53ed561dee59cc0c Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__init__.py:599
                input_text_ = get_first_file(input_).read_text(encoding=config.encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ff2ad834b73b37 Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__init__.py:646
                    obj = load_yaml_dict(input_.read_text(encoding=config.encoding))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be57999f931f3d00 Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__init__.py:652
                    obj = json.loads(input_.read_text(encoding=config.encoding))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6db61428dfc12374 Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__init__.py:660
                    ast.literal_eval(input_.read_text(encoding=config.encoding))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2432d3f6c2c14fe4 Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__init__.py:826
        custom_file_header = config.custom_file_header_path.read_text(encoding=config.encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b51fbd7951f5cf8 Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__main__.py:784
    generated_content = _normalize_line_endings(generated_path.read_text(encoding=encoding))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cfd1ad73a0a85bf Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__main__.py:789
    actual_content = _normalize_line_endings(actual_path.read_text(encoding=encoding))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b3bb48a3f372659 Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__main__.py:825
        generated_content = _normalize_line_endings((generated_dir / rel_path).read_text(encoding=encoding))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b77e5c74fdeca24 Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/__main__.py:826
        actual_content = _normalize_line_endings((actual_dir / rel_path).read_text(encoding=encoding))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b95090834a85fe82 Environment-variable access.
pkgs/python/[email protected]/src/datamodel_code_generator/__main__.py:1088
    if "_ARGCOMPLETE" in os.environ:  # pragma: no cover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1c81adb00dc3e75b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/datamodel_code_generator/http.py:38
    return httpx.get(
        url,
        headers=headers,
        verify=not ignore_tls,
        follow_redirects=True,
        params=query_parameters,  # ty: ignore
        timeout=timeout,
    ).text

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9bad19eb78b420ac Filesystem access.
pkgs/python/[email protected]/src/datamodel_code_generator/parser/base.py:750
            text=path.read_text(encoding=encoding),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-api-core

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #b609b579725b4f5a Environment-variable access.
pkgs/python/[email protected]/google/api_core/client_logging.py:59
    scopes = os.getenv("GOOGLE_SDK_PYTHON_LOGGING_SCOPE", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f120a2f151fb5f61 Environment-variable access.
pkgs/python/[email protected]/google/api_core/operations_v1/abstract_operations_base_client.py:307
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54716056aad32f48 Environment-variable access.
pkgs/python/[email protected]/google/api_core/operations_v1/abstract_operations_base_client.py:333
            use_mtls_env = os.getenv("GOOGLE_API_USE_MTLS_ENDPOINT", "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-api-python-client

python dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #7067a9a60ba2743f Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:430
    if "REMOTE_ADDR" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c6fadea5422606a Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:431
        actual_url = _add_query_parameter(url, "userIp", os.environ["REMOTE_ADDR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd7dc5ce151648ce Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:573
        universe_domain_env = os.getenv(GOOGLE_CLOUD_UNIVERSE_DOMAIN, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0190b9094d908f7e Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:656
            use_client_cert_str = os.getenv(
                "GOOGLE_API_USE_CLIENT_CERTIFICATE", "false"
            ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cfcc769887476a9 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery.py:703
            use_mtls_endpoint = os.getenv(GOOGLE_API_USE_MTLS_ENDPOINT, "auto")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77169d3adf71f291 Environment-variable access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:37
    if "GAE_ENV" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22c1c3d923af62cb Filesystem access.
pkgs/python/[email protected]/googleapiclient/discovery_cache/__init__.py:72
        with open(os.path.join(DISCOVERY_DOC_DIR, doc_name), "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3658e6abfe23ade9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/googleapiclient/http.py:191
            resp, content = http.request(uri, method, *args, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #6ba425f0b5c7242f Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:594
        self._fd = open(self._filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9d720fb2a7c51c6 Filesystem access.
pkgs/python/[email protected]/googleapiclient/http.py:1735
            with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4392458f44c8f923 Filesystem access.
pkgs/python/[email protected]/googleapiclient/sample_tools.py:104
        with open(discovery_filename) as discovery_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87573816f5c5b758 Filesystem access.
pkgs/python/[email protected]/setup.py:52
with io.open(readme_filename, encoding="utf-8") as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ec1669b4a735da7 Filesystem access.
pkgs/python/[email protected]/setup.py:58
with open(os.path.join(package_root, "googleapiclient/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth

python dependency
expand_more 80 low-confidence finding(s)
low env_fs dependency Excluded from app score #eb451592f1d55823 Environment-variable access.
pkgs/python/[email protected]/google/auth/_agent_identity_utils.py:82
    cert_config_path = os.environ.get(environment_vars.GOOGLE_API_CERTIFICATE_CONFIG)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57d1d30f90944b00 Filesystem access.
pkgs/python/[email protected]/google/auth/_agent_identity_utils.py:90
            with open(cert_config_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd1979f36dd15d20 Environment-variable access.
pkgs/python/[email protected]/google/auth/_agent_identity_utils.py:142
        os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eea5ba3fb8dc2e3b Environment-variable access.
pkgs/python/[email protected]/google/auth/_agent_identity_utils.py:142
        os.environ.get(
            environment_vars.GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES,
            "true",
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29fbf99ddcdd97db Filesystem access.
pkgs/python/[email protected]/google/auth/_agent_identity_utils.py:155
    with open(cert_path, "rb") as cert_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #311457bed3581e08 Environment-variable access.
pkgs/python/[email protected]/google/auth/_agent_identity_utils.py:256
        os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e9164c361198ebf Environment-variable access.
pkgs/python/[email protected]/google/auth/_agent_identity_utils.py:256
        os.environ.get(
            environment_vars.GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES,
            "true",
        ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b6a478adbddfa20 Environment-variable access.
pkgs/python/[email protected]/google/auth/_cloud_sdk.py:53
        return os.environ[environment_vars.CLOUD_SDK_CONFIG_DIR]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9815bb5df76aec96 Environment-variable access.
pkgs/python/[email protected]/google/auth/_cloud_sdk.py:64
                os.environ[_WINDOWS_CONFIG_ROOT_ENV_VAR], _CONFIG_DIRECTORY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b7a3982ccc12602 Environment-variable access.
pkgs/python/[email protected]/google/auth/_cloud_sdk.py:69
            drive = os.environ.get("SystemDrive", "C:")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14f62106a3c84afe Filesystem access.
pkgs/python/[email protected]/google/auth/_cloud_sdk.py:87
    with open(os.devnull, "w") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecfe599489dec22d Filesystem access.
pkgs/python/[email protected]/google/auth/_default.py:183
    with io.open(filename, "r") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e828cf233415004 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default.py:333
    explicit_file = os.environ.get(environment_vars.CREDENTIALS, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7dcc9f266aca25a Environment-variable access.
pkgs/python/[email protected]/google/auth/_default.py:354
                os.environ[environment_vars.CREDENTIALS],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1df1ada99e28069 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default.py:368
    if os.environ.get(environment_vars.LEGACY_APPENGINE_RUNTIME) != "python27":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2e15893f02f2874 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default.py:702
    explicit_project_id = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4da05caa46a92dd0 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default.py:702
    explicit_project_id = os.environ.get(
        environment_vars.PROJECT, os.environ.get(environment_vars.LEGACY_PROJECT)
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95b4a19329369f81 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default.py:703
        environment_vars.PROJECT, os.environ.get(environment_vars.LEGACY_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e17107661ac8e0e3 Filesystem access.
pkgs/python/[email protected]/google/auth/_default_async.py:58
    with io.open(filename, "r") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3ad6b39341b3102 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default_async.py:138
    explicit_file = os.environ.get(environment_vars.CREDENTIALS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cb9a45c5eb517c7 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default_async.py:150
                os.environ[environment_vars.CREDENTIALS],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7ec8a16eafb6446 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default_async.py:259
    explicit_project_id = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6b3af14f297d581 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default_async.py:259
    explicit_project_id = os.environ.get(
        environment_vars.PROJECT, os.environ.get(environment_vars.LEGACY_PROJECT)
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81bfe09ad0695ff9 Environment-variable access.
pkgs/python/[email protected]/google/auth/_default_async.py:260
        environment_vars.PROJECT, os.environ.get(environment_vars.LEGACY_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #842370c837bf4f89 Environment-variable access.
pkgs/python/[email protected]/google/auth/_helpers.py:332
    value = os.environ.get(variable_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1063c42922dac9e2 Filesystem access.
pkgs/python/[email protected]/google/auth/_service_account_info.py:78
    with io.open(filename, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7f644676a2636a3a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/auth/aio/transport/aiohttp.py:163
            response = await self._session.request(
                method,
                url,
                data=body,
                headers=headers,
                timeout=client_timeout,
                **kwargs,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fb084d1d464e0970 Environment-variable access.
pkgs/python/[email protected]/google/auth/aws.py:425
        env_aws_access_key_id = os.environ.get(environment_vars.AWS_ACCESS_KEY_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef3dd084da1a27f1 Environment-variable access.
pkgs/python/[email protected]/google/auth/aws.py:426
        env_aws_secret_access_key = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3b73e68ce59c67c Environment-variable access.
pkgs/python/[email protected]/google/auth/aws.py:426
        env_aws_secret_access_key = os.environ.get(
            environment_vars.AWS_SECRET_ACCESS_KEY
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #955df10e3dde677d Environment-variable access.
pkgs/python/[email protected]/google/auth/aws.py:430
        env_aws_session_token = os.environ.get(environment_vars.AWS_SESSION_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #464a7fb63d8ced30 Environment-variable access.
pkgs/python/[email protected]/google/auth/aws.py:455
        env_aws_region = os.environ.get(environment_vars.AWS_REGION)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e087a1e618d680b Environment-variable access.
pkgs/python/[email protected]/google/auth/aws.py:459
        env_aws_region = os.environ.get(environment_vars.AWS_DEFAULT_REGION)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0689c9c8ce65d09e Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_metadata.py:48
_GCE_METADATA_HOST = os.getenv(environment_vars.GCE_METADATA_HOST, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61b294389650c3a8 Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_metadata.py:50
    _GCE_METADATA_HOST = os.getenv(
        environment_vars.GCE_METADATA_ROOT, _GCE_DEFAULT_HOST
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcd3d60959913b29 Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_metadata.py:89
        scheme, os.getenv(environment_vars.GCE_METADATA_IP, _GCE_DEFAULT_MDS_IP)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #692c87be77d716e5 Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_metadata.py:100
    _METADATA_DEFAULT_TIMEOUT = int(os.getenv(environment_vars.GCE_METADATA_TIMEOUT, 3))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d1b9570f42fd140 Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_metadata.py:108
        os.getenv(environment_vars.GCE_METADATA_DETECT_RETRIES, 3)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6342b2f11bebea3d Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_metadata.py:115
_NO_GCE_CHECK = os.getenv(environment_vars.NO_GCE_CHECK) == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89cb2c8a067cca53 Filesystem access.
pkgs/python/[email protected]/google/auth/compute_engine/_metadata.py:153
        with open(_GCE_PRODUCT_NAME_FILE, "r") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #25665f52ce4eda13 Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_mtls.py:90
    mode_str = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2f60979bce91ae1 Environment-variable access.
pkgs/python/[email protected]/google/auth/compute_engine/_mtls.py:90
    mode_str = os.environ.get(
        environment_vars.GCE_METADATA_MTLS_MODE, "default"
    ).lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cca4c7099d86e23 Environment-variable access.
pkgs/python/[email protected]/google/auth/credentials.py:255
        quota_from_env = os.environ.get(environment_vars.GOOGLE_CLOUD_QUOTA_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05418ac52c1d7da8 Filesystem access.
pkgs/python/[email protected]/google/auth/crypt/base.py:124
        with io.open(filename, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #882fd38562e29a5a Filesystem access.
pkgs/python/[email protected]/google/auth/external_account.py:714
        with io.open(filename, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2144ec66a2697dad Filesystem access.
pkgs/python/[email protected]/google/auth/external_account_authorized_user.py:456
        with io.open(filename, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a26876251da66af4 Environment-variable access.
pkgs/python/[email protected]/google/auth/iam.py:50
        os.getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE", "false").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #793a96270368090c Filesystem access.
pkgs/python/[email protected]/google/auth/identity_pool.py:108
        with open(self._path, "r", encoding="utf-8") as file_obj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #117ff1fd5b7e6684 Filesystem access.
pkgs/python/[email protected]/google/auth/identity_pool.py:197
            with open(self._trust_chain_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b936a38006024dfe Filesystem access.
pkgs/python/[email protected]/google/auth/pluggable.py:183
                with open(
                    self._credential_source_executable_output_file, encoding="utf-8"
                ) as output_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf26ac48e049e0c5 Environment-variable access.
pkgs/python/[email protected]/google/auth/pluggable.py:205
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbba476a37226afb Filesystem access.
pkgs/python/[email protected]/google/auth/pluggable.py:238
                open(self._credential_source_executable_output_file, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc79825aeb8f2b3b Environment-variable access.
pkgs/python/[email protected]/google/auth/pluggable.py:262
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a84de750e1e148 Environment-variable access.
pkgs/python/[email protected]/google/auth/pluggable.py:416
        env_allow_executables = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d0c4e867d2aaf2c Environment-variable access.
pkgs/python/[email protected]/google/auth/pluggable.py:416
        env_allow_executables = os.environ.get(
            "GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c017a09c3a8d3e13 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/auth/transport/_aiohttp_requests.py:192
            response = await self.session.request(
                method, url, data=body, headers=headers, timeout=timeout, **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b69f924b9fa9e9a8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/auth/transport/_aiohttp_requests.py:345
                response = await super(AuthorizedSession, self).request(
                    method,
                    url,
                    data=data,
                    headers=request_headers,
                    timeout=timeout,
                    **kwargs,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #73fcdc68d6eb8044 Filesystem access.
pkgs/python/[email protected]/google/auth/transport/_custom_tls_signer.py:228
        with open(self._enterprise_cert_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #b98632462c0c036f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/auth/transport/_http_client.py:104
            connection.request(method, path, body=body, headers=headers, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #48bb7221fe7b2413 Filesystem access.
pkgs/python/[email protected]/google/auth/transport/_mtls_helper.py:97
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab4bd564f24253e0 Environment-variable access.
pkgs/python/[email protected]/google/auth/transport/_mtls_helper.py:150
        env_path = environ.get(environment_vars.GOOGLE_API_CERTIFICATE_CONFIG, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba393cad9d716f4a Filesystem access.
pkgs/python/[email protected]/google/auth/transport/_mtls_helper.py:231
    with open(cert_path, "rb") as cert_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #626f3bba410988c7 Filesystem access.
pkgs/python/[email protected]/google/auth/transport/_mtls_helper.py:245
    with open(key_path, "rb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #466ce90f790a86b2 Environment-variable access.
pkgs/python/[email protected]/google/auth/transport/_mtls_helper.py:455
    use_client_cert = getenv("GOOGLE_API_USE_CLIENT_CERTIFICATE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f5e3c859519068e Environment-variable access.
pkgs/python/[email protected]/google/auth/transport/_mtls_helper.py:461
        cert_path = getenv("GOOGLE_API_CERTIFICATE_CONFIG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb0e38ec84dbefe4 Filesystem access.
pkgs/python/[email protected]/google/auth/transport/_mtls_helper.py:464
                with open(cert_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a6ba3559d327ccb Environment-variable access.
pkgs/python/[email protected]/google/auth/transport/mtls.py:41
    cert_config_path = getenv("GOOGLE_API_CERTIFICATE_CONFIG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e883841cc6ff532f Filesystem access.
pkgs/python/[email protected]/google/auth/transport/mtls.py:110
            with open(cert_path, "wb") as cert_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee2606edb3ac5c8d Filesystem access.
pkgs/python/[email protected]/google/auth/transport/mtls.py:112
            with open(key_path, "wb") as key_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f0069049b40fc821 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/auth/transport/requests.py:188
            response = self.session.request(
                method, url, data=body, headers=headers, timeout=timeout, **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #63abee155081d999 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/auth/transport/requests.py:543
            response = super(AuthorizedSession, self).request(
                method,
                url,
                data=data,
                headers=request_headers,
                timeout=timeout,
                **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #675e6a8d5bc492ed Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/auth/transport/urllib3.py:148
            response = self.http.request(
                method, url, body=body, headers=headers, **kwargs
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5a994582032b3912 Environment-variable access.
pkgs/python/[email protected]/google/oauth2/_id_token_async.py:239
    credentials_filename = os.environ.get(environment_vars.CREDENTIALS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeade5104e18556b Filesystem access.
pkgs/python/[email protected]/google/oauth2/_id_token_async.py:250
            with open(credentials_filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88dce05c3c68bb5d Filesystem access.
pkgs/python/[email protected]/google/oauth2/credentials.py:518
        with io.open(filename, "r", encoding="utf-8") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9a6fc1f71dcda5b Environment-variable access.
pkgs/python/[email protected]/google/oauth2/id_token.py:271
    credentials_filename = os.environ.get(environment_vars.CREDENTIALS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75823ff688d91812 Filesystem access.
pkgs/python/[email protected]/google/oauth2/id_token.py:282
            with open(credentials_filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b28502aa6fc09a12 Environment-variable access.
pkgs/python/[email protected]/google/oauth2/webauthn_handler.py:77
        plugin_cmd = os.environ.get(PluginHandler._ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012459a932051caa Filesystem access.
pkgs/python/[email protected]/setup.py:93
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8a2227d4be69eea Filesystem access.
pkgs/python/[email protected]/setup.py:99
with open(os.path.join(package_root, "google/auth/version.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-auth-oauthlib

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #01f7e6b3e3d514fa Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/flow.py:198
        with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdf7efbb706e0912 Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/helpers.py:94
    with open(client_secrets_file, "r") as json_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cdc2c9e4a2f90c3 Filesystem access.
pkgs/python/[email protected]/google_auth_oauthlib/tool/__main__.py:113
        with open(credentials, "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a942e789fa15a32 Filesystem access.
pkgs/python/[email protected]/setup.py:31
with io.open("README.rst", "r") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

google-genai

python dependency
expand_more 93 low-confidence finding(s)
low env_fs dependency Excluded from app score #b0b14f2b7fce07fb Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:102
  env_google_api_key = os.environ.get('GOOGLE_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c476d27d2e2b762 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:103
  env_gemini_api_key = os.environ.get('GEMINI_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56c1cd3aa0f1a76b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:188
  os.environ['GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES'] = (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74f5b84a284e3fbf Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:566
      if os.environ.get('GOOGLE_GENAI_USE_VERTEXAI', '0').lower() in [

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3053f210e3a34b66 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:603
    env_project = os.environ.get('GOOGLE_CLOUD_PROJECT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89f88767d1a03f2b Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:604
    env_location = os.environ.get('GOOGLE_CLOUD_LOCATION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2077add6a277bbd4 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:839
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ebdc15020465da9 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:840
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #859617684d4bf1f5 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:896
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4dfe1b89a2aebacd Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:897
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adaf1b79ba0c06e3 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:954
          cafile=os.environ.get('SSL_CERT_FILE', certifi.where()),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212a235c35ed47b8 Environment-variable access.
pkgs/python/[email protected]/google/genai/_api_client.py:955
          capath=os.environ.get('SSL_CERT_DIR'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d470b412c1b54d4d Filesystem access.
pkgs/python/[email protected]/google/genai/_api_client.py:1513
      with open(file_path, 'rb') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #875e97a01cc379ed Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:48
    return _default_base_vertex_url or os.getenv('GOOGLE_VERTEX_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7ddab978ddad3da Environment-variable access.
pkgs/python/[email protected]/google/genai/_base_url.py:50
    return _default_base_gemini_url or os.getenv('GOOGLE_GEMINI_BASE_URL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #53658e7fcaa6d354 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/_interactions/_base_client.py:321
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9ca2a6af2c81107c Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:103
            api_key = os.environ.get("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9642d4fe746ba50e Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:111
            base_url = os.environ.get("GEMINI_NEXT_GEN_API_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f515433490c5f0ee Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:325
            api_key = os.environ.get("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a2e3b7ad07b97a8 Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_client.py:333
            base_url = os.environ.get("GEMINI_NEXT_GEN_API_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c2d55ece52fdeaa Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:83
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41dfe233102bbb20 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:95
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b779ea22f8fb368 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:125
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5b2343946acd61b Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_files.py:137
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785801064006e397 Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_models.py:126
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dac3a9880f8e1f0 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_response.py:512
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f49e3ea3b36b0005 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_response.py:554
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d03e7bcea6ecd05 Environment-variable access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_logs.py:32
    env = os.environ.get("GEMINI_NEXT_GEN_API_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #005f6457655036d3 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_transform.py:263
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c55023e34abf1219 Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_transform.py:429
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3157b712175f327a Filesystem access.
pkgs/python/[email protected]/google/genai/_interactions/_utils/_utils.py:383
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #74ace90b539f3454 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:76
  resp = requests.get(file_url_path)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #31595a5bbeda89fd Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:105
  with open(file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c851c6bf665e41b Filesystem access.
pkgs/python/[email protected]/google/genai/_local_tokenizer_loader.py:122
    with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11109729106799de Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:198
      os.environ.get('PYTEST_CURRENT_TEST'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #321cf4659a243818 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:290
      self.replays_directory = os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a049ac3ed25fb9e1 Environment-variable access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:290
      self.replays_directory = os.environ.get(
          'GOOGLE_GENAI_REPLAYS_DIRECTORY', None
      )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c4805a1f5a6d85e Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:334
      with open(replay_file_path, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3267fe97d0f68fe2 Filesystem access.
pkgs/python/[email protected]/google/genai/_replay_api_client.py:361
    with open(replay_file_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #79f48ffe06c1f34f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1570
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d97ebf9ea8c64253 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1633
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #662e79706762461f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1712
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e8caa02731ef8bc4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1793
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #22627d83264cd17b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1836
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4d16141686779c2b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/batches.py:1919
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #625603ea5be11842 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:915
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #96a54ab9722f8146 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:982
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cf6d141c53996bdd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1049
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1367f322a0771844 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1129
    response = self._api_client.request(
        'patch', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #65ec5df98afa5c0e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/caches.py:1181
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8bd10386d5db2ce9 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:299
      default_factory=lambda: os.getenv('GOOGLE_GENAI_CLIENT_MODE', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66d59f9d27c42328 Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:303
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAYS_DIRECTORY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e791cdb3a057b10a Environment-variable access.
pkgs/python/[email protected]/google/genai/client.py:307
      default_factory=lambda: os.getenv('GOOGLE_GENAI_REPLAY_ID', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #c789cbef83f00d12 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:180
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #baf26f33343a6b72 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:242
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #43e7c0aaf6005a0b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/documents.py:286
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #69d58a8ee6e144c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:367
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b37f27067bb99631 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:432
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2bfa03963a6cf381 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:495
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9fc4590bff674874 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:535
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6d19213616b60f7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:594
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4e247b4227ada202 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/file_search_stores.py:682
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0c6be79835d33393 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:220
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3bda8a6d2fd1511f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:276
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2786d81d56383f75 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:353
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #493b73cdd04a6811 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:417
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3934ecfba646df3f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/files.py:475
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a463501b504e3613 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4306
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #38af194cd0928b24 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4505
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #de7768eb4a1dfdab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4581
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #acbdbce792292bfb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4652
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #845c35830b3e73dc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4718
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #eadf1d5b0187c2b9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4828
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6f3146100257381e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4913
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #50da38daa436aa03 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:4975
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6055a680f1a1bede Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5040
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8be5f15df51f1fb6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5110
    response = self._api_client.request(
        'patch', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #32fe6428a5a5dd81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5176
    response = self._api_client.request(
        'delete', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #733d98ae5f405740 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5271
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2fa78d1a49816c1e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5361
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #01acf465570d3c7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/models.py:5438
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b3eeee0f0bd9665c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:139
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b8b7230ff1982272 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:187
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7feff9179daf5989 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/operations.py:233
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e78acaeef1da5794 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tokens.py:257
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #88f54f749fed2e16 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1384
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #828349d3c4058ad3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1450
    response = self._api_client.request('get', path, request_dict, http_options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b8fb46d48ee7458b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1526
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #542458889cb59946 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1606
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #879f8e10784e6494 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/google/genai/tunings.py:1683
    response = self._api_client.request(
        'post', path, request_dict, http_options
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #06ad032754a117d8 Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:7914
    image_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0278e245292a339a Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:10058
    video_bytes = pathlib.Path(location).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d9da87f9a677afad Filesystem access.
pkgs/python/[email protected]/google/genai/types.py:18848
    with open(file_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

groq

python dependency
expand_more 16 low-confidence finding(s)
low egress dependency Excluded from app score #4ae388e34e91e5c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/groq/_base_client.py:302
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #02d835ab0dcac5f1 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:77
            api_key = os.environ.get("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d91c50d778458f3 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:85
            base_url = os.environ.get("GROQ_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c4170ba08b44352 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:281
            api_key = os.environ.get("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #980c106bc1632671 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:289
            base_url = os.environ.get("GROQ_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5326b01f7302a79 Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb36a1e9a1edc756 Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #123e1bd97f104f8b Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0b124728a10afae Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24bfa4dc196fa357 Environment-variable access.
pkgs/python/[email protected]/src/groq/_models.py:97
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a33efa651a1716a Filesystem access.
pkgs/python/[email protected]/src/groq/_response.py:492
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67152dd624c4f7fe Filesystem access.
pkgs/python/[email protected]/src/groq/_response.py:534
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba127be06ca264a Environment-variable access.
pkgs/python/[email protected]/src/groq/_utils/_logs.py:17
    env = os.environ.get("GROQ_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4f19a00c5982960 Filesystem access.
pkgs/python/[email protected]/src/groq/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0692b25a8dfbe341 Filesystem access.
pkgs/python/[email protected]/src/groq/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd6dbc27d4db666b Filesystem access.
pkgs/python/[email protected]/src/groq/_utils/_utils.py:367
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #6efc7b9f4a122458 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24062dae36ff09d3 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a09df05f877d5956 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbd1239077a43959 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

imageio

python dependency
expand_more 36 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #eccb76a73efc355e Filesystem access.
pkgs/python/[email protected]/docs/imageio_ext.py:48
        example_plugin = (
            Path(imageio.plugins.__file__).parent / "example.py"
        ).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80ed780711eed1f3 Environment-variable access.
pkgs/python/[email protected]/imageio/core/fetching.py:99
    if os.getenv("IMAGEIO_NO_INTERNET", "").lower() in ("1", "true", "yes"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baed2938bffbb5b1 Environment-variable access.
pkgs/python/[email protected]/imageio/core/fetching.py:115
    if os.getenv("CONTINUOUS_INTEGRATION", False):  # pragma: no cover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d8938fc2caa28f9 Filesystem access.
pkgs/python/[email protected]/imageio/core/fetching.py:166
            local_file = open(temp_file_name, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bedc3d2a007e751 Filesystem access.
pkgs/python/[email protected]/imageio/core/request.py:493
                self._file = open(self.filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3cfeecdcf6c57fd Filesystem access.
pkgs/python/[email protected]/imageio/core/request.py:495
                self._file = open(self.filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eef25605c0a5546 Environment-variable access.
pkgs/python/[email protected]/imageio/core/request.py:512
            timeout = os.getenv("IMAGEIO_REQUEST_TIMEOUT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23e7c81d51dea46a Filesystem access.
pkgs/python/[email protected]/imageio/core/request.py:539
                with open(self._filename_local, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c987508e061abff Filesystem access.
pkgs/python/[email protected]/imageio/core/request.py:554
                bytes = Path(self._filename_local).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #85c7506b58031f39 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/imageio/core/util.py:34
    return urlopen(*args, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #73ba459de0552db3 Environment-variable access.
pkgs/python/[email protected]/imageio/core/util.py:422
    userDir = os.getenv("IMAGEIO_USERDIR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bb0293ca35c06fc Environment-variable access.
pkgs/python/[email protected]/imageio/core/util.py:431
        path1, path2 = os.getenv("LOCALAPPDATA"), os.getenv("APPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ba0d4a52445535 Filesystem access.
pkgs/python/[email protected]/imageio/core/util.py:448
                open(os.path.join(localpath, "test.write"), "wb").close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13e3549ee1e4b5a0 Environment-variable access.
pkgs/python/[email protected]/imageio/plugins/__init__.py:73
env_plugin_order = os.getenv("IMAGEIO_FORMAT_ORDER", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dad9c51c8fdd6fce Environment-variable access.
pkgs/python/[email protected]/imageio/plugins/__init__.py:83
    formats.sort(*os.getenv("IMAGEIO_FORMAT_ORDER", "").split(","))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ee1cea53bab05cc Filesystem access.
pkgs/python/[email protected]/imageio/plugins/_bsdf.py:790
        with open(f, "wb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8cf1e26d1d1cd6b Filesystem access.
pkgs/python/[email protected]/imageio/plugins/_bsdf.py:812
        with open(f, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d413df5964606d6b Filesystem access.
pkgs/python/[email protected]/imageio/plugins/_dicom.py:151
            self._file = open(file, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57045b57c19b9ad6 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/_dicom.py:392
                self._file = open(self._filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7ed681639d3f1a5 Environment-variable access.
pkgs/python/[email protected]/imageio/plugins/_freeimage.py:73
    lib = os.getenv("IMAGEIO_FREEIMAGE_LIB", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c09efba425de0a6d Environment-variable access.
pkgs/python/[email protected]/imageio/plugins/_freeimage.py:500
        lib = os.getenv("IMAGEIO_FREEIMAGE_LIB", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e6616ee7a9fcf79 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/_swf.py:803
    fp = open(filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3da820b732c1aa7 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/_swf.py:830
    fp = open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43eff20e275e6045 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/_tifffile.py:4966
            self._fh = open(self._file, self._mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10bbd2a0a5cc1cad Filesystem access.
pkgs/python/[email protected]/imageio/plugins/dicom.py:132
                    with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6c42950d356308c Filesystem access.
pkgs/python/[email protected]/imageio/plugins/feisem.py:69
            with open(filename, encoding="utf8", errors="ignore") as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9db2f4e242c368b Filesystem access.
pkgs/python/[email protected]/imageio/plugins/lytro.py:206
                    meta_data = json.load(open(filename_base + ext))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd63d4a284a625fb Filesystem access.
pkgs/python/[email protected]/imageio/plugins/lytro.py:520
                    meta_data = json.load(open(filename_base + ext))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c3e4a28d56cc9c5 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/opencv.py:228
            return Path(self.file_handle).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3d402e886781eb6c Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/imageio/plugins/pillow_info.py:52
    lines = urlopen(url).read().decode().splitlines()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dac3ef980f23b1f3 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/pillow_info.py:85
    code = open(__file__, "rb").read().decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3eb7945b24a10e71 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/pillow_info.py:103
    with open(__file__, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b833895edebb4ad5 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/pillow_legacy.py:470
                return open(self.request.get_local_filename(), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d86b3b2a06d17a73 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/pillow_legacy.py:550
                return open(self.request.get_local_filename(), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00a64e3e18193b9b Filesystem access.
pkgs/python/[email protected]/imageio/plugins/swf.py:267
                with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d68d5ae72d834d4 Filesystem access.
pkgs/python/[email protected]/imageio/plugins/tifffile.py:430
                self._f = f = open(self.request.get_local_filename(), "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

imgcat

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #90444770474b238c Filesystem access.
pkgs/python/[email protected]/imgcat/imgcat.py:174
    with open('/dev/tty') as tty:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0df31d1aacc8add0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/imgcat/imgcat.py:262
                with contextlib.closing(urlopen(fname)) as fp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f2bc822e80d7e1d7 Filesystem access.
pkgs/python/[email protected]/imgcat/imgcat.py:265
                with io.open(fname, 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6441ee0e7f6cd003 Filesystem access.
pkgs/python/[email protected]/imgcat/ipython_magic.py:36
            with open(line, mode='rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f254a35774116d07 Environment-variable access.
pkgs/python/[email protected]/imgcat/iterm2.py:19
    is_tmux = 'TMUX' in os.environ and 'tmux' in os.environ['TMUX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c99f8c9c65c7d5 Environment-variable access.
pkgs/python/[email protected]/imgcat/test_imgcat.py:13
if (not os.environ.get('DISPLAY', '') or \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4815413af55bcdb Environment-variable access.
pkgs/python/[email protected]/imgcat/test_imgcat.py:90
        is_tmux = os.getenv('TMUX')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46fd34a2ce29f9e3 Filesystem access.
pkgs/python/[email protected]/setup.py:13
    with open('README.md') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #818a6bf48b0422f1 Filesystem access.
pkgs/python/[email protected]/setup.py:18
    with open(os.path.join(__PATH__, 'imgcat/__init__.py')) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-openai

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #2c79a458acd9bd9b Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:54
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ac96343bdf2402a Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:65
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f43a36f8cd5b1728 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/azure.py:615
            or os.getenv("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #def0158320d26cb8 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/azure.py:616
            or os.getenv("OPENAI_ORGANIZATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a21a4999162704e Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:891
            or os.getenv("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49520d53c0a3f53d Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:892
            or os.getenv("OPENAI_ORGANIZATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23289fb1bf5f93f9 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:894
        self.openai_api_base = self.openai_api_base or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86b78f46345c528c Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:913
            and "OPENAI_BASE_URL" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #eeb2bfce907eb40f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:3488
        response = httpx.get(image_source)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

numpy

python dependency
expand_more 1092 low-confidence finding(s)
low env_fs dependency Excluded from app score #158d2d92f119c10e Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:122
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98a38a4b305bde6a Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:327
    PATH = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da744ecc59283403 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:332
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b05782243dec3db Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:497
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #439274d32e71b989 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:515
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b82a2f5359c72016 Environment-variable access.
pkgs/python/[email protected]/.spin/cmds.py:538
    env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1febc490b988144c Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:617
        with open(local, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a73873353335afb8 Filesystem access.
pkgs/python/[email protected]/.spin/cmds.py:620
        with open(pkg_config_fname, "wt", encoding="utf8") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4054327e9fa2963b Environment-variable access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:12
    if 'SHELL' in os.environ and sys.platform != 'win32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b866015d5e9bd1e7 Filesystem access.
pkgs/python/[email protected]/benchmarks/benchmarks/__init__.py:35
        with open(lock_path, 'a+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #64ecfa74c03f6b68 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:34
        with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e55836a9a44c4504 Filesystem access.
pkgs/python/[email protected]/doc/neps/tools/build_index.py:125
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c39449f1140dd76 Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:18
        with open(fn, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46602be4cac8145d Filesystem access.
pkgs/python/[email protected]/doc/postprocess.py:24
        with open(fn, 'w', encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77a889227467218d Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:18
    with open(gen_path, 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef902c5b61e62c81 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:35
    with open(os.path.join(dsrc_path, "doxyfile")) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27b6e08bf4646202 Filesystem access.
pkgs/python/[email protected]/doc/preprocess.py:44
            with open(conf_path) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a75eec3ca3578a5a Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:260
if os.environ.get('CIRCLE_JOB') and os.environ['CIRCLE_BRANCH'] != 'main':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce6a241c958e4898 Environment-variable access.
pkgs/python/[email protected]/doc/source/conf.py:262
    switcher_version = os.environ['CIRCLE_BRANCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b44ef815b5739b8b Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:897
        use_hugepage = os.environ.get("NUMPY_MADVISE_HUGEPAGE", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f9d129211e1a798 Environment-variable access.
pkgs/python/[email protected]/numpy/__init__.py:929
    if (os.environ.get("NPY_PROMOTION_STATE", "weak") != "weak"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c6652ae8eb88667 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:8
    with open(init) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #155e32264d9d7fad Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:89
                os.environ.get('MESON_DIST_ROOT', ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb8f2e7c6ac25768 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/gitversion.py:98
        with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2808fc1d01f07b9 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/process_src_template.py:32
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a81033f6104468b Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita.py:25
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b10e674341ba60e Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:164
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f0281bf40bfebfa Environment-variable access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1098
        vars.update(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c462a4e9a4c13c Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1112
        with open(template_name, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c513c998dc0470f0 Filesystem access.
pkgs/python/[email protected]/numpy/_build_utils/tempita/_tempita.py:1117
        with open(options.output, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a7b020320de631 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/__init__.py:17
    if envkey not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8328cdacc210da67 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/__init__.py:18
        os.environ[envkey] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56857381b6154dcc Environment-variable access.
pkgs/python/[email protected]/numpy/_core/__init__.py:86
        del os.environ[envkey]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d571b7d03d525b8 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:60
            machine = os.environ.get('PROCESSOR_ARCHITEW6432', '') \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d908025746ceae0 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/_add_newdocs_scalars.py:61
                    or os.environ.get('PROCESSOR_ARCHITECTURE', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84710d3353e68d90 Filesystem access.
pkgs/python/[email protected]/numpy/_core/_methods.py:242
        ctx = open(os.fspath(file), "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1721c72ab1251f64 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:249
        fo = open(filename, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffde83740bef45de Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:321
        with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b77db9e97f84ec9 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:325
    with open(filename, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89caf769b69a0839 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/genapi.py:545
    with open(file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a8976c9263920da Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath.py:1638
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04c9b1dc52a614f2 Filesystem access.
pkgs/python/[email protected]/numpy/_core/code_generators/generate_umath_doc.py:23
    with open(target, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #389aa7383d6e3678 Filesystem access.
pkgs/python/[email protected]/numpy/_core/memmap.py:236
            f_ctx = open(
                os.fspath(filename),
                ('r' if mode == 'c' else mode) + 'b'
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cc2ec1f9a5517f9 Filesystem access.
pkgs/python/[email protected]/numpy/_core/records.py:900
        ctx = open(os.fspath(fd), 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #903edc91735a3ee6 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:608
        with open(filename, encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #216707d4b268a85e Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/common/pythoncapi-compat/upgrade_pythoncapi.py:627
        with open(filename, "w", encoding=encoding, errors=errors, newline="") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #50c7099d902c42c8 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:85
if 'REPO_NAME' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #ec0f0b001f1cb3f9 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:86
   REPO_NAME = os.environ['REPO_NAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #fbea57a2cc3eff95 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:91
if 'current_language' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #bc4c6fdbbfc451c8 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:93
   current_language = os.environ['current_language']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #88a5281ae7dd98c7 Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:106
if 'current_version' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #4eca5159f4b5c06e Environment-variable access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/conf.py:108
   current_version = os.environ['current_version']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f6ad51f228cd5ce8 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:59
    data = open(file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #f58f7c4fec35737c Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:73
        with open(ext_file, 'w') as handler:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #08cbeef13b4de874 Filesystem access.
pkgs/python/[email protected]/numpy/_core/src/highway/docs/mm-converter.py:83
            data = open(ext_file, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11f23b0f334df629 Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:60
os.environ["NUMPY_EXPERIMENTAL_DTYPE_API"] = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #293fdd6c3f8b1539 Environment-variable access.
pkgs/python/[email protected]/numpy/conftest.py:102
        os.environ['NPY_AVAILABLE_MEM'] = available_mem

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5f45dc000c70fee Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:62
    with open(dep_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa57d736a95a3817 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:137
    env = env if env is not None else dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4df2a99ec79d8127 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler.py:548
            with open(fn, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b7d7575610dd8b4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:673
            extra_args  = os.environ.get("CFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bee98e903906d13 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:674
            extra_args += os.environ.get("CPPFLAGS", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb06edcd6497e9e Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:738
        old_path = os.getenv("path")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bbecdafba0c8193 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:740
            os.environ["path"] = self._ccompiler._paths

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3218dca44457e150 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:743
            os.environ["path"] = old_path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34bd68e1c8579330 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:875
        with open(self._cache_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #854c72b83f91d092 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1100
        with open(test_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c54d1d0e13ee997 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:1864
        with open(source) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f481a85daf3ab5e0 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2381
        with open(header_path, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad8301053a62d44 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2569
        with open(wrap_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb361613d84c619d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2593
            with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef707cbfe86ad098 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/ccompiler_opt.py:2626
        with open(config_path, "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df5e35b31f9d94b4 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:442
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b9228817b431d70 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:447
            with open(listfn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #06dd9909d5d93173 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_clib.py:453
            with open(lib_fname, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40718d7ed4b30766 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:656
                    with open(fake_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b4af6c0b70f7925 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_ext.py:661
                    with open(c_lib) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #688abad1462ffa22 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:29
    with open(source, 'r') as fs:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d209c9ab0f921d89 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:30
        with open(target, 'w') as ft:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15960bb5d490c1f9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:431
                    with open(target_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #056bf8ccadc7c60f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:728
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa5b1585cf47174b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:738
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ba902a3314b088a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/build_src.py:763
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7123b6411db53c7a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/command/install.py:65
            with open(self.record) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44fccf82415e8bfa Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:265
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08b19e0e31712b3d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:315
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #483619b84750b2b9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/conv_template.py:318
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe826d8936aa9a1f Filesystem access.
pkgs/python/[email protected]/numpy/distutils/cpuinfo.py:111
            fo = open('/proc/cpuinfo')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec73f12e5b71faac Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:130
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca7cf7a310edde5e Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:169
    env = {name: os.environ.get(name) for name in names}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b019f4ff698a1b2 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:175
        os.environ[name] = value or ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6f39c609cf32e4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/exec_command.py:264
        sh = os.environ.get('SHELL', '/bin/sh')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcd11321265b5b5a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:989
    with open(file, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28323e281ec46920 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1008
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a48aa06d8784a74 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/__init__.py:1020
    with open(src, encoding='latin1') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b1d2d569ddfb752 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/absoft.py:79
        d = os.environ.get('ABSOFT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75d1c892b068508f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:22
            v = os.environ.get(envvar, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b16864cc374229f Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:58
            envvar_contents = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a726d1d176f7cf6 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/environment.py:62
                    if os.environ.get('NPY_DISTUTILS_APPEND_FLAGS', '1') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79123914dcc6ae56 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:112
            target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d3926b5197a682c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:130
                os.environ['MACOSX_DEPLOYMENT_TARGET'] = str(target)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47e73ee4d135ea76 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/gnu.py:404
            with open(fn, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #009ea0bec50c52dd Filesystem access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/ibm.py:79
            with open(xlf_cfg) as fi:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbd7bd62621fec30 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/fcompiler/lahey.py:32
        d = os.environ.get('LAHEY')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c50cad2f46dd6119 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:213
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4d00795871e9890 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:250
        fid = open(file, 'r')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec3f8c51365db805 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/from_template.py:253
        outfile = open(newname, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #079c6e23b31c8eb9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/lib2def.py:112
        deffile = open(deffile, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a01a9ff4b7de30d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:15
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #916328ada817dd82 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:24
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bbb8e10373970c8 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:49
    with open(file, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #223a6f5fd8902db8 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/line_endings.py:58
        with open(file, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f42a27faa3e430d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:206
    if 'SYSTEMROOT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f8771e4e0650b65 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:207
        lib_dirs.append(os.path.join(os.environ['SYSTEMROOT'], 'System32'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e54eca8c7fbb92b4 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:253
    with open(dfile, 'w') as d:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71dc72961bc1e25b Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:270
        winsxs_path = os.path.join(os.environ.get('WINDIR', r'C:\WINDOWS'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7e930e0eeb09502 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:282
        for path in [sys.prefix] + os.environ['PATH'].split(';'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b130813f419e15b Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:473
    with open(def_file, 'w') as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c5b4e667db1a34d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/mingw32ccompiler.py:618
            with open(manifest_name(config), "w") as man:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8581b7ba705025c1 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:97
    envjobs = int(os.environ.get("NPY_NUM_BUILD_JOBS", cpu_count))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #193e9334ea82e28a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:222
    with open(config_file) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f0e2461a06de516 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:324
    if sys.platform=='cygwin' and 'USE_COLOR' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67bd5c1753a1ef9c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:427
        if os.environ.get('OSTYPE', '')=='msys':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c95d9e9c6106f5e Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:429
        if os.environ.get('MSYSTEM', '')=='MINGW32':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf8e2fd5e69ea71e Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:478
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb7933c68dbad4a9 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1808
        old_path = os.environ.get('PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69ee49071de99065 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1811
            os.environ['PATH'] = path

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a446f5ee68a597d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1887
        if sys.platform=='win32' and os.environ.get('SVN_ASP_DOT_NET_HACK', None):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38d757678a77ce1c Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1892
            with open(entries) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aecc7f67179ae681 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1922
            with open(branch_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5553133f703ac369 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:1926
            with open(branch_cache_fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df395b7e288a5999 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2043
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3687f69e2e23a25 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2083
                    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86190db61c4d1cad Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2155
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef2aacb6b02af5d9 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/misc_util.py:2329
    with open(target, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c3fe0f3aee65a81 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:46
        environ_lib = os.getenv('lib')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af2e9c2e1e3edf4d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:47
        environ_include = os.getenv('include')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb6680b26d7f305d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #275486fc81ae6e18 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvc9compiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbe1207a504a32e2 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:46
        environ_lib = os.getenv('lib', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4405fee64210ef61 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:47
        environ_include = os.getenv('include', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f1f939df1bb3602 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:51
        os.environ['lib'] = _merge(environ_lib, os.environ['lib'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4beac39b912a90a0 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/msvccompiler.py:52
        os.environ['include'] = _merge(environ_include, os.environ['include'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c97e943056f9c3c Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/npy_pkg_config.py:409
    d = os.environ.get('NPY_PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a25bd32a692c057a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:352
    with open(os.devnull, 'w') as tmp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3448920619b8be25 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:443
    order_str = os.environ.get(env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b716c9db27d6e9d2 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:886
                    if e in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53b110b8feb593a7 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:892
        if env_var and env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69c4a4bc99f2eda8 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:893
            d = os.environ[env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc8113cdc93e6ced Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1264
        mklroot = os.environ.get('MKLROOT', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b86e25529ba79a11 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1267
        paths = os.environ.get('LD_LIBRARY_PATH', '').split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1356d6353b2b64a Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1270
            with open(ld_so_conf) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71c937c3056859de Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1344
        tcsdsroot = os.environ.get('TCSDS_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48b1f71dbe7fdebe Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1820
            atlas_version = os.environ.get('ATLAS_VERSION', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e039003c2656846d Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1968
        info['extra_link_args'] = os.environ['NPY_LAPACK_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #314ce7040e07b8fa Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:1982
        if 'NPY_LAPACK_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a79512ddacc740d4 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2135
        info['extra_link_args'] = os.environ['NPY_BLAS_LIBS'].split()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40a1b75825e567bd Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2136
        if 'NPY_CBLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32b8c1aff0ae8ad6 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2139
                                        os.environ['NPY_CBLAS_LIBS'].split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e17e06a7e5d62089 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2151
        if 'NPY_BLAS_LIBS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a63b20a66cd0fd66 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2274
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d99ba8245b3ebde1 Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2393
        with open(fake_lib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c1a3b445aa8d89d Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2395
        with open(fake_clib_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb80c7efd82f0a8e Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2429
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #918679eef518a1ae Filesystem access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2540
            with open(src, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b4b67d9ea4786ef Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2596
        libraries = os.environ.get('ACCELERATE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a19b99c7659df9f3 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2604
                not os.getenv('_PYTHON_HOST_PLATFORM', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c91e9342a45acaf Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2637
                if(os.getenv('NPY_USE_BLAS_ILP64', None)):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9032cd8bd551dfc0 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2827
        if os.getenv("NUMERIX"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e38c44696ed89ca Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2828
            which = os.getenv("NUMERIX"), "environment var"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #057ec056622bfd87 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2855
        os.environ['NUMERIX'] = which[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b53ee3cf4c6f9595 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2963
        if self.config_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fda8d84b3bbf1b0a Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/system_info.py:2964
            return os.environ[self.config_env_var]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34db93934af20eaa Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:31
    if 'OPT' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58e42dfdda1db190 Environment-variable access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:34
        opt = shlex.join(shlex.split(os.environ['OPT']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #854cb5dd9c8c4eca Filesystem access.
pkgs/python/[email protected]/numpy/distutils/unixccompiler.py:67
        with open(obj + '.d', 'a') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b598dd49752fff47 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:71
        return self.build_template_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3778d53b1a2ab25 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_backends/_meson.py:181
        meson_build_file.write_text(src)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c3a40dddbcfda11 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/_src_pyf.py:215
    with open(source) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8edc5ea638d809be Filesystem access.
pkgs/python/[email protected]/numpy/f2py/auxfuncs.py:920
    with open(source) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01e624f1d1e6fef9 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/capi_maps.py:158
        with open(f2cmap_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4b06b526950570d Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:316
        with open(filename, 'rb') as fhandle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b9b61445f19bbfb Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:327
    return open(filename, mode, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a2b80b5eba6c1c8 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3703
                open(l).close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #178cf0ed1e1e6dd4 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/crackfortran.py:3722
        with open(pyffilename, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a92fe549ef144b9 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:295
                with open(l):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bb780439d8083fb Filesystem access.
pkgs/python/[email protected]/numpy/f2py/f2py2e.py:362
            with open(options['signsfile'], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75bf824e4d5e78b9 Environment-variable access.
pkgs/python/[email protected]/numpy/f2py/rules.py:160
generationtime = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8ed077c7476491f Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1424
    with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eebe503c94eb19b6 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1431
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf0910c122c71cf Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1440
        with open(fn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b577803614489d4 Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1454
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15853e716112363f Filesystem access.
pkgs/python/[email protected]/numpy/f2py/rules.py:1479
        with open(wn, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #9c0bed9f7c3ea485 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/numpy/lib/_datasource.py:333
            with urlopen(path) as openedurl:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b3755b23f0006dd6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/numpy/lib/_datasource.py:475
                netfile = urlopen(path)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9a4fab3af31eef3a Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:966
        with open(os.fspath(filename), mode + 'b') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fc8df4b4eb5fb9a Filesystem access.
pkgs/python/[email protected]/numpy/lib/_format_impl.py:971
        with open(os.fspath(filename), 'rb') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #094e849a8b0679d5 Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:454
            fid = stack.enter_context(open(os.fspath(file), "rb"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67501c8c27849cfa Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:568
        file_ctx = open(file, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7fcb3676851e63d Filesystem access.
pkgs/python/[email protected]/numpy/lib/_npyio_impl.py:1552
        open(fname, 'wt').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da6da8bc577eb46e Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:308
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6539051e5e164d0 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/clapack_scrub.py:318
    with open(outfilename, 'w') as writefo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dfe4cfafae899cb Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/fortran.py:116
    with open(filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93c753eb3f1182a7 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:230
    with open(wrapped_routines_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51feeec742cbf6ba Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:250
        with open(filename, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #137365ab7faa7501 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:256
    with open(output_file, 'w') as output_fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0fdd0b3c3cbb469 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:258
            with open(r.filename) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1f30b3740cf97af Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:275
    with open(c_file) as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7acabfb9358822c Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:278
    with open(c_file, 'w') as fo:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a0ffc2857a39c3b Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:301
        with open(fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ae7981b7ad68955 Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:309
    with open('f2c.h') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ff616f159851afb Filesystem access.
pkgs/python/[email protected]/numpy/linalg/lapack_lite/make_lite.py:315
    with open(os.path.join(output_dir, 'lapack_lite_names.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #689f355eab500586 Filesystem access.
pkgs/python/[email protected]/numpy/ma/mrecords.py:649
        f = open(fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91b7bc968ebbbe9e Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:12
    with open(os.path.join(inc_dir, 'random', 'bitgen.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88a15bf59c852e3f Filesystem access.
pkgs/python/[email protected]/numpy/random/_examples/cffi/parse.py:21
    with open(os.path.join(inc_dir, 'random', 'distributions.h')) as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34580247054c06b9 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:210
    with open(cfile.parent / "meson.build", "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5682b395252abb01 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/extbuild.py:224
    with open(native_file_name, "wt") as fid:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42646f5df3466856 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:73
                np_dist.read_text('direct_url.json') or '{}',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54db6e9e5d96d846 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:174
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46b491f7953a2ae7 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:203
            with open(_proc_pid_stat) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddc62de5482d5966 Environment-variable access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2700
    env_value = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f243e33131f86288 Filesystem access.
pkgs/python/[email protected]/numpy/testing/_private/utils.py:2752
        with open('/proc/meminfo') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f056ce4c029994c0 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:57
        with open(self.path, "r") as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f9b387e5727f7422 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:66
        with open(self.path, 'r') as source:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #728b2f4c6b2ba377 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:96
            with open(os.path.join(root, self.clean_path(path)), "w") as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #450b5a66cc2db799 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:97
                source.write_text(fd)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a44762a404bc8078 Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:101
            with open(
                os.path.join(root, self.clean_path(path) + ".html"), "w"
            ) as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a870092aeb3d3efc Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:106
        with open(os.path.join(root, 'index.html'), 'w') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2edbbaa9b127ccbe Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:165
        with open(log_file, 'r') as log_fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9313c2f38cab51df Filesystem access.
pkgs/python/[email protected]/tools/c_coverage/c_coverage_report.py:176
        files.write_text(args.directory)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e753cbf2695f7fcd Filesystem access.
pkgs/python/[email protected]/tools/check_installed_files.py:113
    with open(os.path.join('build', 'meson-info',
                           'intro-install_plan.json'), 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4a2230badfd47c9b Filesystem access.
pkgs/python/[email protected]/tools/check_openblas_version.py:48
        with open(reqfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9267a6fb8f1fb448 Filesystem access.
pkgs/python/[email protected]/tools/check_python_h_first.py:77
    with open(name_to_check) as in_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #31a9974168556587 Filesystem access.
pkgs/python/[email protected]/tools/download-wheels.py:95
        with open(wheel_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #db49a0713ebeb771 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tools/download-wheels.py:96
            with http.request("GET", wheel_url, preload_content=False,) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #75885d5d8f59fdfe Filesystem access.
pkgs/python/[email protected]/tools/functions_missing_types.py:103
        with open(module_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #966781535fda9403 Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:12
    with open(gitmodule_file) as gitmodules:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bdc73479bb4403ac Filesystem access.
pkgs/python/[email protected]/tools/get_submodule_paths.py:19
    with open(
            os.path.join(root_directory, ".gitattributes"), "r"
    ) as attr_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #487a129c4c8114ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:21
        data = json.loads(path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b5cb6c1458e5da Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:83
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ef17e7cf8a4c4a6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:100
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #369e979100430926 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/ci/ciimage/build.py:140
        out_file.write_text(out_data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2f1cfff688e237cb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/extensions/refman_links.py:128
        raw = Path(self._data_file).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #22e4601f32106ae7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/genrelnotes.py:71
            snippet = snippetfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c48b81ba99469a5e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/jsonvalidator.py:146
    root_tmp = json.loads(args.doc_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2e66dde37bd3c3a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorjson.py:115
        self.out.write_text(json.dumps(data), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3769cb5afaeac622 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorman.py:65
        self.path.write_text(self.text, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7df7e46a6e3da289 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:115
        out_file.write_text(data, encoding='ascii')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8d25b3491c36b4cc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:128
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #992753479e9d4a56 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:357
        raw = self.sitemap_in.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8c06fd4d5c17c208 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:368
        self.sitemap_out.write_text(out, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1ce78b6daad20101 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatormd.py:390
        self.link_def_out.write_text(json.dumps(data, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7d77f774ee529112 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:30
            template=template_file.read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #806c0d2f8689f349 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/generatorvim.py:37
        out_file.write_text(result, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d7a6521f8c41f08b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderbase.py:194
        return f.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #75c1e3c56c0a8a4e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/loaderpickle.py:16
        res = pickle.loads(self.in_file.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c3bc4fb2af3b6f5d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/refman/main.py:76
        args.depfile.write_text(out_text, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #1262267826bfaf01 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/docs/validatelinks.py:16
        async with session.get(url, timeout=timeout) as r:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #041c088d4a4b51f7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/docs/validatelinks.py:24
    with open(filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #44dbd5c6a541f029 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:14
    response = urllib.request.urlopen(sdl_url, timeout=600.0)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #11ca992a4e49e8fb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/manual tests/4 standalone binaries/build_windows_package.py:16
    open(sdl_filename, 'wb').write(data)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58e2bcef1a6cac6f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:441
            return open(outfileabs_tmp, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #385cf2f511ec8eaf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:606
            with open(rsp_file, 'w', encoding='utf-8', newline='\n') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a253efccfeaa279 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:710
        with open(exe_data, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c159106abf43978a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:717
        with open(test_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0753c5ce033e8687 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:720
        with open(benchmark_data, 'wb') as datafile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bc07cbb77eaff1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:882
        with open(pch_file_tmp, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #036e2ef5b8d4ec9c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1287
        with open(ifilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d23036e5ee2504b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1318
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9673f9b817fd2db4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/backends.py:1636
        with open(install_data_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf7ee3b00596a2c5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:533
                return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43f4d091feea78ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:538
            return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4065f3be7675217 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:542
        with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28336ceed2c135ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:575
                    with open(tempfilename, 'ab') as binfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efc27a6bd41fd876 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:577
                    return open(tempfilename, 'a', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c62b508133bb7e40 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:619
        with open(tempfilename, 'w', encoding='utf-8') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7e11d2ea3b0cf9a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:701
        with open(os.path.join(self.environment.get_build_dir(), 'rust-project.json'),
                  'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1eb3ecc2dcfe4a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:733
            with open(os.path.join(builddir, 'compile_commands.json'), 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0dc741fc52b817a2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1149
            with open(pickle_abs, 'rb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbb10fb68cbdc5e7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1154
            with open(pickle_abs, 'wb') as p:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #770fe249c3353368 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:1479
        with open(manifest_fullpath, 'w', encoding='utf-8') as manifest:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53c30b571987950e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:2848
            with open(filename, encoding='ascii', errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96ed9b8aedab4542 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/ninjabackend.py:3807
        with open(d_file, 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bbeec7efa256c50 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:36
    vs_version = os.getenv('VisualStudioVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da98879df8217160 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:37
    vs_install_dir = os.getenv('VSINSTALLDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e35ae74ac6a901e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:296
        with open(Vs2010Backend.get_regen_stampfile(build_dir), 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beb929273c3644ea Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:300
        has_arch_values = 'VSCMD_ARG_TGT_ARCH' in os.environ and 'VSCMD_ARG_HOST_ARCH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #345c1afda0b0ff61 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:303
        if 'VCINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c094e5c5dc0cca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:304
            vs_version = os.environ['VisualStudioVersion'] \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4347d280afb5055a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:305
                if 'VisualStudioVersion' in os.environ else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07d0d26a0a6928ee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:307
            script_path = os.environ['VCINSTALLDIR'] + relative_path + 'vcvarsall.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f47f80de752d890 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:310
                    target_arch = os.environ['VSCMD_ARG_TGT_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c518d4545f713bfe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:311
                    host_arch = os.environ['VSCMD_ARG_HOST_ARCH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ea4ee37cd285622 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:313
                    target_arch = os.environ.get('Platform', 'x86')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d096d1df35c55f7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:319
        if 'VS150COMNTOOLS' in os.environ and has_arch_values:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c38de86a3e37ee0d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:320
            script_path = os.environ['VS150COMNTOOLS'] + 'VsDevCmd.bat'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98614f88cb167a58 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:323
                    (script_path, os.environ['VSCMD_ARG_TGT_ARCH'], os.environ['VSCMD_ARG_HOST_ARCH'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19f17072282e7dce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:425
        with open(sln_filename_tmp, 'w', encoding='utf-8-sig') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2e80bcbf501dec5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:1001
        with open(ofname_tmp, 'w', encoding='utf-8') as of:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05eeeaeaea7f39ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2010backend.py:2092
            with open(rulefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f426064e58317bb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2017backend.py:45
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58d1a4a0c04ddd9b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2019backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf7a5e941beeb3a9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/vs2022backend.py:40
        sdk_version = os.environ.get('WindowsSDKVersion', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a500471399bee22b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/backend/xcodebackend.py:274
        with open(tmpname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9143375e557de52f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/build.py:3360
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8b557e5febd2530 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cargo/toml.py:36
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85116efde0b6d0e3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/executor.py:214
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6b5c4751c034ba6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:51
        query_file.write_text(json.dumps(query, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f923c9cdb44c4636 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:75
        debug_json.write_text(json.dumps(index, indent=2), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e0b48adccc69f9a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/fileapi.py:320
        data = json.loads(real_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51d817db438c9740 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/interpreter.py:865
            os_env = environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1865953e057f7610 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:61
        self.toolchain_file.write_text(self.generate(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2479283c8a25722f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:62
        self.cmcache_file.write_text(self.generate_cache(), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecef1882dd2913f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:228
        cmake_file.write_text(cmake_content, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b89b1c3e4aa8171 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/toolchain.py:232
        temp_toolchain_file.write_text(CMakeToolchain._print_vars(self.variables), encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbfc15f439185780 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/cmake/traceparser.py:170
            trace = self.trace_file_path.read_text(errors='ignore', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f69434820a1860ee Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:830
                with open(srcname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38c5d5c11f9edffc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/compilers.py:861
            os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #241267c1ed3d193e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cs.py:90
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72369e372cf1b2d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/cuda.py:535
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7e9f68f92884dbc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/d.py:444
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5d54a1025be675d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:295
            if 'WATCOM' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2e346cc9fe6450a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:299
                watcom_cls = [sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b61983169c2ac56 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:300
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT', 'cl.exe')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e132e05871d39572 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:301
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08ec5d0ccd1d60d8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:302
                              sanitize(os.path.join(os.environ['WATCOM'], 'BINNT64', 'cl.exe'))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52b6fdb674452fdf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/detect.py:1321
            default_path = os.path.join(os.environ['ProgramFiles'], 'NASM')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec8721c76e0b12ad Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/java.py:79
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24b75dab63b2b496 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:219
                    with open(file_to_check, 'rb') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8a6ab0523402c0b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:295
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a73361085855e735 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:914
            with open(p.output_name, 'rb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3b1179b27f63186 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/clike.py:1197
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65b2a00cb4c90763 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:43
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c5c8d250e06d2d0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:54
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d46f90b7e66c4b91 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/elbrus.py:66
        os_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7d9e40533fdf2c8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/gnu.py:323
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87d3a96b8193ee04 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:354
        if 'INCLUDE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90eea305376c340b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/mixins/visualstudio.py:356
        return os.environ['INCLUDE'].split(os.pathsep)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #104e179e4210bb9f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/rust.py:115
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8438ae96e3a43d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/compilers/swift.py:190
        with open(source_name, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a897589a6ef110d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:316
                    with open(f, encoding='utf-8') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19a85e755756c941 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:317
                        with open(fcopy, 'w', encoding='utf-8') as wf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #426265ec7129ab6b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:327
                    os.environ.get('XDG_DATA_HOME', os.path.expanduser('~/.local/share')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #031bf9de8cb6bc42 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:328
                ] + os.environ.get('XDG_DATA_DIRS', '/usr/local/share:/usr/share').split(':')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ae3def02f160fbd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:650
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #804f0fcde175e15f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:664
    with open(filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3771734cd8a8c71 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/coredata.py:695
    with open(tempfilename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c17b02c47b07f94 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:750
        deploy_target = os.environ.get('MACOSX_DEPLOYMENT_TARGET', macos_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6444f983a5c1d05 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:761
        deploy_target = os.environ.get('IPHONEOS_DEPLOYMENT_TARGET', ios_version)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #daf2ad898f477223 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/blas_lapack.py:899
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf49ac554b600a68 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/boost.py:764
        raw = hfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98e1eca822b8dce6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:302
        for i in os.environ.get('PATH', '').split(os.pathsep):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212b5bf42b528671 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:333
        env_path = os.environ.get(f'{name}_DIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #648f37e3d3897e62 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:584
        cmake_txt = importlib.resources.read_text('mesonbuild.dependencies.data', cmake_file, encoding = 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c49b3098df470792 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cmake.py:604
        cm_file.write_text(cmake_txt, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #001b7f6f93601079 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:169
        env_vars = [var for var in env_vars if var in os.environ]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0b9bf46cbbfd692 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:170
        user_defaults = {os.environ[var] for var in env_vars}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5cc138cc2fc451bc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:176
        return ([(os.environ[self.env_var], True)] if self.env_var else []) \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07afa7099b99945e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:180
        env_vars = os.environ.keys()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d01eaa83c68e5e1f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:181
        return [(os.environ[var], False) for var in env_vars if var.startswith('CUDA_PATH_')]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47782f3a6ab8a749 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:217
            raw = i.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46cf82ad243d5f79 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/cuda.py:235
            with open(version_file_path, encoding='utf-8') as version_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a7f211118e5a871 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/dev.py:782
        vsdir = os.environ.get('VSInstallDir')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56641543d1b473e6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:112
            os.environ[f'HDF5_{cenv}'] = join_args(compiler.get_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76ca6c81d9031653 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:113
            os.environ[f'HDF5_{lenv}LINKER'] = join_args(compiler.get_linker_exelist())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cbdf0975e6f66e0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:116
            del os.environ[f'HDF5_{cenv}']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c23a0da4f435a7a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/hdf5.py:117
            del os.environ[f'HDF5_{lenv}LINKER']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15e8e5f8b92a86a0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:56
        tool_names = [os.environ.get(env_name) for env_name in env_vars]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54aedaeafeff07df Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:228
        incdir = os.environ.get('MSMPI_INC')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6212788573344bf1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:232
            libdir = os.environ.get('MSMPI_LIB32')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21a6e0b274d36795 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/mpi.py:235
            libdir = os.environ.get('MSMPI_LIB64')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13ea91b1e5662d65 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:154
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44d8fac5caa73114 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:169
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58b6d8219e729143 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:290
        env = env or os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a414ae73deadb973 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/pkgconfig.py:543
        with open(la_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e99abb9444b2b56 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:129
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba1636a4fb18e2b1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:427
                old_pkg_libdir = os.environ.pop('PKG_CONFIG_LIBDIR', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa20122149b94d2c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:428
                old_pkg_path = os.environ.pop('PKG_CONFIG_PATH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2baf829e9646456a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:429
                os.environ['PKG_CONFIG_LIBDIR'] = pkg_libdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee12398110d1cc0a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:435
                            os.environ[name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #908e24c96e97dae0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:436
                        elif name in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d735bd0da6e5ac2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/python.py:437
                            del os.environ[name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa992c8e3584a838 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/scalapack.py:59
        _m = os.environ.get('MKLROOT')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a2a07cea1ea0c3a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:117
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96a6298042d976f8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/dependencies/ui.py:190
        self.vulkan_sdk = os.environ.get('VULKAN_SDK', os.environ.get('VK_SDK_PATH'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bb03f6077708ced Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:84
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36181ca1990f7017 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:183
    env_ninja = os.environ.get('NINJA', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5386a3b98e1c172 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:268
    if 'SCANBUILD' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd6c3fcffff69398 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:269
        exelist = split_args(os.environ['SCANBUILD'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc52f4dc6d9f5781 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/environment.py:541
    return os.environ.get('MSYSTEM_CARCH', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c6b19bf418b18c8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:395
        if 'MESON_UNIT_TEST' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29a414aa637ee0d0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:397
        if 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a10ae441a21a607d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:991
                with open(meson_filename, "w", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ebe001961bb2fa30 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:1249
                ver_data = Path(ifname).read_text(encoding='utf-8').split('\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef720300d3f6caab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2756
                with open(dst_tmp, 'w', encoding=file_encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57c2b80cdb7840e0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreter.py:2763
                with open(depfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f85684e86b6a30d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreter/interpreterobjects.py:243
        child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d85239612a116637 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:105
            with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c893826722602d02 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:154
                    with open(parent / 'meson.build', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f015f60954d78ef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/interpreterbase/interpreterbase.py:701
            with open(option_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a74d44bee612c2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/machinefile.py:40
                with open(fname, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e89c177dc689b73 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mcompile.py:253
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b70964c8101716fc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:94
                    with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd8cd6ee19e113f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mconf.py:109
                        with open(opfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f536e814a282925c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:71
    env = {} if dump_fmt else os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a37eb7e8d817d7eb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:140
            gdbinit_path.write_text(gdbinit_line, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2f042a07d38dede Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:178
            with open(options.dump, "w", encoding='utf-8') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61b101ed619212d1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:196
        shell_env = os.environ.get("SHELL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46061e68936eccc0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:209
                args = [os.environ.get("COMSPEC", r"C:\WINDOWS\system32\cmd.exe")]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a91634dab5cd7183 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:212
            args = [os.environ.get("SHELL", os.path.realpath("/bin/sh"))]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2348a43b8db0a826 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdevenv.py:217
            if not os.environ.get("MESON_DISABLE_PS1_OVERRIDE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3401817fc0cf0531 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:64
    m.update(open(fname, 'rb').read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d68d203848dcc94 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:65
    with open(hashname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47650da2ea75fea6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:92
            if 'GITLAB_CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fcf2906d6dcbe97 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:257
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #367e60f9c30be005 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:290
            with lzma.open(xzname, 'wb') as xf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0699ceb01978552f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:295
            with bz2.open(bz2name, 'wb') as bf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45b1b5db6805a9a5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:300
            with gzip.open(gzname, 'wb') as zf, open(tarname, 'rb') as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e96855240a6178af Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mdist.py:320
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #025e939ab17f0c2a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:20
            data = importlib.resources.read_text( # [ignore encoding] it's on the next lines, Mr. Lint
                    ('mesonbuild' / self.path.parent).as_posix().replace('/', '.'),
                    self.path.name,
                    encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca111ce853c4224f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesondata.py:24
            path.write_text(data, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f239e3e30fe151e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:33
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ce0edcdaa158749 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:43
        if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05e83d3663db6dae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:257
    if os.environ.get('MESON_SHOW_DEPRECATIONS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c999730a9590b5a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:264
    if sys.version_info >= (3, 10) and os.environ.get('MESON_RUNNING_IN_PROJECT_TESTS'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae0eb6ab5d0193d4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mesonmain.py:282
    if sys.platform == 'cygwin' and os.environ.get('MSYSTEM', '') not in ['MSYS', '']:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #503ca04993e8d359 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:37
            self.read_string(f'[{self.default_section}]\n' + filename.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d21b08324e54a83 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mformat.py:1081
                code = src_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c87b1f34d43818da Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:545
            destdir = os.environ.get('DESTDIR')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9f70ec3aad91226 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:551
            os.environ['DESTDIR'] = destdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4da845bdc50b90c2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:581
                os.environ.get('MESON_ROOT_CMD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da4423eb9a223463 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:587
            if rootcmd is None and pkexec is not None and 'PKEXEC_UID' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22873b796516a393 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:814
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #543f1630890a379c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:816
            if os.environ.get('SUDO_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ac350ba83b386d0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:825
            elif os.environ.get('DOAS_USER') is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2c20c7b30e89df Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/minstall.py:879
    with open(os.path.join(log_dir, 'install-log.txt'), 'w', encoding='utf-8') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d853f831481aacd5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:521
    with open(get_info_file(infodir, kind), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8230efeaaebdb560 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:590
        with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8963ef88cc2205ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mintro.py:660
    with open(tmp_file, 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cfe5cf42aceb825 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:50
    return bool(kernel.SetConsoleMode(stdout, mode.value | 0x4) or os.environ.get('ANSICON'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97d2d1302f23bee Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:52
_in_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f18cf5cd0c849c13 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:53
_ci_is_github = 'GITHUB_ACTIONS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #619bc9bf5faf4551 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:120
        if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4c8c7d227c35dd5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:121
            pager_cmd = shlex.split(os.environ['PAGER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #763dfb7266e7258e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:140
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbc4474ba88864a0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:150
            if 'PAGER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ddbc7d12499acde Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:166
        self.log_file = open(os.path.join(logdir, self._LOG_FNAME), 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78ea0512235d7902 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:394
                _colorize_console = os.isatty(output.fileno()) and os.environ.get('TERM', 'dumb') != 'dumb'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ab762d2ef49077 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:570
    elif 'MESON_FORCE_SHOW_LOGS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cad8e95c21541365 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mlog.py:577
    with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bde17fbee5974cdf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/_qt.py:804
        with open(fileout_abs, 'w', encoding='utf-8') as fd:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93e457b8ce4bcaf2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:341
            with open(infile, encoding='utf-8') as fin:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #286d7df77ff91d60 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/cmake.py:355
        with open(outfile_tmp, "w", encoding='utf-8') as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78c6dabf7daee81a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:58
            with open(config_path, encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1274287163d4f9f6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/dlang.py:87
        with open(config_path, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8e9e6f5d89cf85c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:142
        self.run_env: EnvironOrDict = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87b3737014933d73 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/external_project.py:207
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0028b1e5c54180af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/features/module.py:683
        with open(config_path, "w", encoding='utf-8') as cout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc58a4748841f218 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:169
        with open(file, mode='rb', buffering=0) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ff2078e3eae2f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/fs.py:268
            with open(path, encoding=encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf5e1e8c6c4b7419 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:953
        with open(gir_filelist_filename, 'w', encoding='utf-8') as gir_filelist:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d9af50e99aaf526 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/gnome.py:2209
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbace848cf243e7b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/hotdoc.py:321
        with open(hotdoc_config_path, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2f778dbed09992d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/i18n.py:235
        rsp_file.write_text(source_list, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42027ab7ac3fac17 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/keyval.py:31
            with open(path_to_config, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef75090cbdba10c2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/pkgconfig.py:527
        with open(fname, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #187ba3b22fa50d0a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:401
        with open(pycompile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfe80ea20bcbe754 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:403
                f.write(importlib.resources.files('mesonbuild.scripts').joinpath('pycompile.py').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05f9fd74b632f45a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/modules/python.py:415
                with open(os.path.join(self.interpreter.environment.get_scratch_dir(), manifest), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6019993710f4dfe7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mparser.py:111
        self.in_unit_test = 'MESON_RUNNING_IN_PROJECT_TESTS' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f87299f2eecc9853 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:150
        with open(os.path.join(build_dir, '.gitignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03b0d850cc04d505 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:152
        with open(os.path.join(build_dir, '.hgignore'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6a745479f0478f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/msetup.py:322
                with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #021175e9db2c1802 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:521
        self.file = open(filename, 'w', encoding='utf-8', errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b19b6d14defb035c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:755
        inherit_env = env_tuple_to_str(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a9ffb39ff1dee0b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:948
        with open(self.filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa0a80e366b873ae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1048
        test_only_env = set(self.env.items()) - set(os.environ.items())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc1d11f751cc107c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1110
            with open(filename, 'r', encoding='utf8', errors='replace') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3193f58f9ee987 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1783
        return current.env.get_env(os.environ.copy())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe5ce910167143ca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:1791
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4991b63918e60698 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2226
        with open(targets_file, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21848c3100596602 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/mtest.py:2308
            if os.environ.get('MESON_FORCE_BACKTRACE'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20222791f132182d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/optinterpreter.py:83
            with open(option_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1be0d95a98565772 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:149
        if 'USERPROFILE' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6a3d3458cfab261 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:160
        appstore_dir = Path(os.environ['USERPROFILE']) / 'AppData' / 'Local' / 'Microsoft' / 'WindowsApps'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fbbdd3eed9c02c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:192
            with open(script, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cd8dc8ce770e07f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:296
        search_dirs = OrderedSet(self._windows_sanitize_path(os.environ.get('PATH', '')).split(';'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b536617a2815a725 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/programs.py:318
        path = os.environ.get('PATH', os.defpath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0db24d87dc1da6d7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1024
                with open(fpath, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7ca8c93429315c8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1026
            with open(fpath, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2740d5b9bc76b74c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1077
            with open(val['path'], 'w', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca8db357ed04cb75 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/rewriter.py:1131
        with open(options.json, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #89fabfc7aaa0250a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/clangformat.py:26
            original = fname.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #de8160a486939a21 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/cleantrees.py:28
    with open(args[0], 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ca31e1e691c3b643 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:103
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_bat:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5c87cbab239709fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/coverage.py:107
                    with open(llvm_cov_shim_path, 'w', encoding='utf-8') as llvm_cov_sh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #51aec6d674a997cb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:105
    with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c41daff0d16bb974 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:119
    with open(jsonfile, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0e51c8cf4dc48bea Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depaccumulate.py:125
        with open(dep, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a176739eaf787b8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:133
            self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d2c9614921d8a7a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:138
                self.bf = open(bfile, 'r+b')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3f36d8176ccf4506 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depfixer.py:444
    with open('META-INF/MANIFEST.MF', 'r+', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #52d33fc0305db244 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:72
        with open(pickle_file, 'rb') as pf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #290c59e2ec4a95f2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:90
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #479ed3f338aa90ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:134
        for line in fpath.read_text(encoding='utf-8', errors='ignore').split('\n'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c2743e6738d1bee6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/depscan.py:199
        with open(self.outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f1b62ebd8977b5c4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:95
    cppflags = shlex.split(os.environ.get('CPPFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3a151307086da76d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:96
    cflags = shlex.split(os.environ.get('CFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3857a5dc38db7821 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:97
    cxxflags = shlex.split(os.environ.get('CXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9d1b06db994e4818 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:98
    objcflags = shlex.split(os.environ.get('OBJCFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f924f5cb15e4a175 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:99
    objcxxflags = shlex.split(os.environ.get('OBJCXXFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5a23f11cb1349d4b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:100
    ldflags = shlex.split(os.environ.get('LDFLAGS', ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d3cbbb2938139931 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:273
    with open(tmpfilename, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #76b35cd987a9c093 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:324
        compile_args = shlex.split(os.environ.get(compilers.CFLAGS_MAPPING[langname] + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f7005c6958e2acba Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:326
        cppflags = tuple(shlex.split(os.environ.get('CPPFLAGS' + envvar_suffix, '')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2a9f7462285256fa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:332
        lang_link_args += shlex.split(os.environ.get('LDFLAGS' + envvar_suffix, ''))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ca60f2d6f5f96c80 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:339
        compilerstr = os.environ.get(envvarname + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f1b8257e495f50de Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:357
        binstr = os.environ.get(envvar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #fa0ad622fe79cd38 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:362
    var = os.environ.get('PKG_CONFIG_LIBDIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c6a8158d34976e8a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/env2mfile.py:365
    var = os.environ.get('PKG_CONFIG_SYSROOT_DIR' + envvar_suffix)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4e292736e76cc08c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:27
        with open(self.depfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #279a7216a2131f1d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:38
        with open(self.stampfile, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e6d44ea4d05d7ed5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:73
            output = open(log_filename, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7bb8198453a98e21 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/externalproject.py:78
        run_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #696da72301934ea5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:30
        with open(linguas, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a7ace9fc0e0dc4b6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gettext.py:48
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2d197e0630e13857 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:52
    env = dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e11d3e07dbd3b0d3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:270
    if 'MESON_INSTALL_PREFIX' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8a314f9c7605fde9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:271
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #24e7e6a5fb53d52f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/gtkdochelper.py:272
        install_prefix = destdir_join(destdir, os.environ['MESON_INSTALL_PREFIX'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7b4ed42db6aa3da6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:23
    subenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #71311ec99dc43855 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/hotdochelper.py:35
        destdir = os.environ.get('DESTDIR', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c5934fcd2a79c3a3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/itstool.py:64
    build_dir = os.environ.get('MESON_BUILD_ROOT', os.getcwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d017bdf47d4f5037 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:31
    child_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #adeb0e29d5a523a8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:49
        stdin = open(exe.feed, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4d588e386ced2ab8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:84
            with open(exe.capture, 'rb') as cur:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #907bf68b0fcc61e9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:89
            with open(exe.capture, 'wb') as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d55069b65108e2e6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/meson_exe.py:106
        with open(options.unpickle, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3d6821ad1f614c7f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/msgfmthelper.py:25
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dfa83cf211ab06ab Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:12
quiet = int(os.environ.get('MESON_INSTALL_QUIET', 0))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #cf06cfdc1ebafdb4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:22
        fullpath = absf = os.environ['MESON_INSTALL_DESTDIR_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e611272a70646bb2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:23
        f = os.environ['MESON_INSTALL_'+key] + f

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #74d4d70c75a4bae9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/pycompile.py:41
    with open(data_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #adb677ea4a172111 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:41
    with open(dumpfile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #076be5b5510368ce Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/regen_checker.py:44
    with open(coredata_file, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9ea630b2243072e8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/reprotest.py:61
        os.environ['CCACHE_DISABLE'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f1b5f86ba9bca64b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:136
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a5cc0d3b34beedf2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/run_tool.py:156
    with open('meson-info/intro-targets.json', encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #33a84e108e0b5c6f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:31
    with open(outfilename, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0652ca731c924777 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:36
        with open(outfilename, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0104e4197aeb9729 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:42
    with open(outfilename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #096f9f66345e1eb7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:53
    with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #95905e55f8b107dd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:58
    if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7bd44d57068466da Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:60
        return shlex.split(os.environ[evar])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a1daebc82b5f4043 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:118
    origpath = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ba47207ef371c286 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:120
        os.environ['PATH'] = '/usr/gnu/bin:' + origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e2c394f815a19e9c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:123
        os.environ['PATH'] = origpath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #88162a91dff30c62 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:228
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f50535ca3da6a058 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/symbolextractor.py:307
            with open(TOOL_WARNING_FILE, 'w', encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #494b90b138843b18 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/uninstall.py:14
    for line in open(log, encoding='utf-8'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #60eaa4a32a4e14a4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:16
    with open(infile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a686b17785126e0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:19
        with open(outfile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #81c45e813e6b0ec2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/vcstagger.py:24
        with open(outfile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ee543be45df215c9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/scripts/yasm.py:21
    with open(options.depfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de5b175310931385 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:87
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95d397fbb8618075 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:91
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23abe4b2616e6228 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:120
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #237d614db4226879 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:123
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b79b18aa26c7e5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:126
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ebcd39a40061887 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:141
            with open(source_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bee6eb6577e1d463 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:144
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92064a88a4cfecc4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:182
            with open(lib_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88f63cac194b91d7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:185
            with open(test_name, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #40e870f35f8fe2cb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:188
            with open('meson.build', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e1dba2ebe77ae37 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/templates/sampleimpl.py:213
            with open(kwargs['header_file'], 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #395b0fefbbb1fe1f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/posix.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #437a11cb624ecc49 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:241
    if 'MESON_COMMAND_TESTS' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0868f1fd3ea43262 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:743
    arch = os.environ.get('PROCESSOR_ARCHITEW6432', '').lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64217afa51dfc3fc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:747
            arch = os.environ['PROCESSOR_ARCHITECTURE'].lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b970e68408d71875 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:827
    vsver = os.environ.get('VSCMD_VER', '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62a18a9d9545c9a3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1115
        if varname in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #645b09f790806aac Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1117
                num_workers = int(os.environ[varname])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bafacecc827c0818 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1529
        with open(src, encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c614c4a1a0a36875 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1537
        with open(dst_tmp, 'w', encoding=encoding, newline='') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ef916933f30b91b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1598
    with open(ofilename_tmp, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bfda8acceb2fa67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1613
        with open(dst, 'rb') as f1, open(dst_tmp, 'rb') as f2:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f87ef8c8e7dc1d2c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:1701
            with open(args_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d53bae17a0470d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2414
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20b72982d3ac1275 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/universal.py:2475
    return int(os.environ.get('MESON_RSP_THRESHOLD', limit))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aebe67ba6053c0c1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:35
    if os.environ.get('OSTYPE') == 'cygwin':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4edbc6853f91d5c7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:37
    if 'MESON_FORCE_VSENV_FOR_UNITTEST' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3f1ec92c07fb9f64 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:40
        if 'VSINSTALLDIR' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98b7070c9f56b4fb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:55
    root = os.environ.get("ProgramFiles(x86)") or os.environ.get("ProgramFiles")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eb5139dce205960 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/vsenv.py:117
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5682f5669d76c12 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/utils/win32.py:21
            self.lockfile = open(self.lockpath, 'w+', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #020135c825421366 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:119
        return T.cast('http.client.HTTPResponse', urllib.request.urlopen(req, timeout=REQ_TIMEOUT, context=ssl_truststore()))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7b6ada33ed98632b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:170
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #416f1d9069764aa5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:282
        with open(filename, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a9a47af9709065a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:341
            with open(self.get_hashfile(subproject_directory), 'w', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cab0ca29fef3c707 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:372
        self.cachedir = os.environ.get('MESON_PACKAGE_CACHE_DIR') or os.path.join(self.subdir_root, 'packagecache')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59940a5cea8f3abf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:535
                with open(main_fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96dc2cb5f48a0f52 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:726
            with open(hashfile, 'r', encoding='utf-8') as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5199804c88b9a9d2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:818
                resp = urllib.request.urlopen(req, timeout=REQ_TIMEOUT, context=ssl_truststore())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a388454e6485f5f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wrap.py:857
        with open(path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36966b6a45f34c8f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/mesonbuild/wrap/wraptool.py:103
    with open(wrapfile, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #636c023c71dd8fa9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:233
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #464c191f54149ec5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:236
        with open(self.main_xml) as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc3ffd65b9068f8e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createmsi.py:239
        with open(self.main_xml, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a63704c1fdc3df2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/createpkg.py:94
        with open(self.distribution_file, 'w') as open_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9816d5f539e4fc7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:39
version_lines = pathlib.Path(relfile).read_text().split('\n')[:-1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4ba59f4cd9556af Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:56
    myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f766d52a0a81f29 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/packaging/mpackage.py:59
    pathlib.Path(relfile).write_text('\n'.join(version_lines) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #226fe985dc5cc1f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:40
        data = json.loads(cf_path.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ad443274e7285e19 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_cross_test.py:43
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a40ccd7389df200 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_format_tests.py:19
    lines = file.read_bytes().split(b'\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd7e495c5f6f5378 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:62
        self.orig_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d5ea4be80939ca7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:64
        os.environ['MESON_COMMAND_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3154ff05350cd7d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:75
        os.environ.clear()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f33574d8b7225206 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:76
        os.environ.update(self.orig_env)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a65eaa12dd792d4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:133
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d862a9b3af67d72 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:151
        os.environ['PYTHONPATH'] = os.path.join(str(pylibdir), '')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #341716f209cfde74 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:152
        os.environ['PATH'] = str(bindir) + os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ff4af576f2a3c19 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:163
            os.environ['PYTHONPATH'] = os.pathsep.join(PYTHONPATHS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d3ecd8e142e6c7b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:196
        wrapper.write_text('#!/bin/sh\n\nmeson.real "$@"', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d8c8bf0d468121f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:219
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6dbd7905b5e5fcef Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_meson_command_tests.py:221
        with open(script_file, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7b3b8c10278d08a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:275
        self.env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80df29dc701d2aba Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:307
print_debug = 'MESON_PRINT_TEST_OUTPUT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b47dee68d264aa2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:308
under_ci = 'CI' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcc75f7b09f256da Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:309
raw_ci_jobname = os.environ.get('MESON_CI_JOBNAME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dd9befdfded9a1f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:817
            if skip_env_var in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3091cbe429e7dcc1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:828
        test_def = json.loads(test_def_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66b9e080dd253312 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1057
    sanity_file.write_text('fn main() {\n}\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #042f5ecf20ead702 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1103
    skip_cmake = ((os.environ.get('compiler') == 'msvc2015' and under_ci) or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37f04d11e89ac71d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1130
        TestCategory('vala', 'vala', backend is not Backend.ninja or not shutil.which(os.environ.get('VALAC', 'valac'))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e07f7c507f17b5f8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1168
    with open(txtname, 'w', encoding='utf-8', errors='ignore') as lf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #036ade1127a7457e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1683
    if 'VSCMD_VER' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f41e08c798440f92 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_project_tests.py:1684
        print('VSCMD version', os.environ['VSCMD_VER'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d93081f2225148cc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:50
    NINJA_1_12_OR_NEWER = bool(int(os.environ['NINJA_1_12_OR_NEWER']))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e58d972f3bafe830 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:51
    NINJA_CMD = [os.environ['NINJA']]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55d2844479fbd3ed Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:61
    os.environ['NINJA_1_12_OR_NEWER'] = str(int(NINJA_1_12_OR_NEWER))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a02dab015fbf6c96 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:62
    os.environ['NINJA'] = NINJA_CMD[0]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cc0131b3c76c828 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:70
os.environ['PYTHONWARNDEFAULTENCODING'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7baff2566c6cd91d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:72
os.environ['MESON_RUNNING_IN_PROJECT_TESTS'] = '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3da080585127992 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:116
    if not os.environ.get('MKLROOT', '').strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #888e5dbce53fdc32 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:118
    if (os.environ.get('CC') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdaed8d62bcc9906 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:119
            os.environ.get('CXX') == 'icl' or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df0b404ca15c5b7a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:120
            os.environ.get('FC') == 'ifort'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0702577daf12b326 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:129
                 'Please try using the Intel shell.'.format(os.environ.get('MKLROOT')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7a74fd16cebf66e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:171
if 'MESON_EXE' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8fb33b213491018 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:172
    meson_exe = mesonlib.split_args(os.environ['MESON_EXE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cb82d3981c815af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:231
            with open(f, encoding='utf-8') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52561656a96acfbd Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:299
    with mock.patch.dict(os.environ, env or {}), mock.patch.object(sys, 'stdout', stdout), mock.patch.object(sys, 'stderr', stderr):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c906c65569e4fb9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:350
    if not mesonlib.is_windows() and not mesonlib.is_haiku() and 'CI' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcec21edbbf1cce5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:364
    if 'APPVEYOR' in os.environ and os.environ['arch'] == 'x86':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a12126017adf9a7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:365
        os.environ.pop('platform')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af24b2016c680b49 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_tests.py:368
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20a0361ab187f183 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:69
    os.environ['MESON_UNIT_TEST_BACKEND'] = be

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad8d5519e8e19b29 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/run_unittests.py:113
        if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d24580940974f9db Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:13
    if is_pr_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f02e7960d11e4c0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:16
    elif os.environ[is_pr_env] == 'false':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #508f91dfcf0a6410 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:22
    if base_env not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3a53f7bfcf48d0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/skip_ci.py:25
    return os.environ[base_env]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3880ed8cf224e67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cmake/11 cmake_module_path/subprojects/cmMod/gen.py:1
with open('main.c', 'w') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61307d115220b966 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:12
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc58632c219a52a7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:13
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e679466cc35c2cdd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:15
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #382fcca5bb76a736 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/100 postconf with args/postconf.py:17
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c493a5a94368c85 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:8
with open(output, 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4a0ce91fce1fac0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/catter.py:11
        with open(i) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91b271eb74d5a0c6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen-resx.py:8
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b12fc23faad59de5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f1c486dc3936904 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/105 generatorcustom/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b97bfa9b8ccf078f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/109 custom target capture/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c80a682ec92d173 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/110 allgenerate/converter.py:8
open(ofile, 'w').write(open(ifile).read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50ff2acd26745763 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/123 custom target directory install/docgen.py:14
    with open(os.path.join(out, name + '.html'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30aea7d3323fbf74 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:8
with open(ifile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e6cdaba3baff83a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/125 configure file in generator/src/gen.py:12
with open(ofile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34f18044c32da1dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/128 build by default targets in tests/write_file.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1674b3f19a9e9891 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:5
ifile = open(sys.argv[1])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #991fc505f2911433 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/129 build by default/mygen.py:6
ofile = open(sys.argv[2], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e92a25d2f550331e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_custom.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0c62ffd112d1ce9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:4
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6010dd7f2849c3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/13 pch/generated/gen_generator.py:6
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08eb2b70ffd18fdf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:12
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7808c7cd7497251 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_env.py:15
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #841f063bd11cf7d5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:8
if 'MESONINTROSPECT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ddc8196ba30a6e6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:10
if 'MESON_BUILD_ROOT' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #936334e8144c3ad5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:13
mesonintrospect = os.environ['MESONINTROSPECT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee4b73ea6cb77fb8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/139 mesonintrospect from scripts/check_introspection.py:16
buildroot = os.environ['MESON_BUILD_ROOT']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d50c4c7f5446a20 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/file_contains.py:14
    with open(args.file[0], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43713998b5ef5969 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a558b38557b1b56e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-deps.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f76b6d8fd4341894 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c2e7c352862f094 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator-without-input-file.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fc358e9d77da6fa Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:9
build_dir = Path(os.environ['MESON_BUILD_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb5d6c4019276d50 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/14 configure file/generator.py:10
subdir = Path(os.environ['MESON_SUBDIR'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08f46263e7c75855 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #388ee2c9d0dbf22e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/140 custom target multiple outputs/generator.py:13
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1737b9717ee36ccf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/141 special characters/check_quoting.py:27
    with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7677dd425c6ae76f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/144 link depends custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #283af267e6578afb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:30
    with open(args.header, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac73deac72b97689 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/152 index customtarget/gen_sources.py:33
    with open(args.code, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e76459bb6eb135d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e633041c3ba2c21f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f3e27e5fb16d7fe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/168 preserve gendir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73cc165f3c6e771d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:15
funname = open(ifile).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9393c4d5f7cb5cd1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/169 source in dep/generated/genheader.py:17
open(ofile, 'w').write(templ % funname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #564ae27c0e824813 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:14
    with open(hname, 'w') as hfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa0c61a898ae6e68 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/170 generator link whole/generator.py:20
    with open(cname, 'w') as cfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #973197f3a86037d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/178 bothlibraries/dummy.py:7
    Path(sys.argv[1]).write_text('Hello World\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aad70f0549736be Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:6
with open(sys.argv[1]) as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee8a0d63a8d80e22 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/179 escape and unicode/file.py:9
with open(os.path.join(sys.argv[3]), 'w', errors='replace') as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #516af820006e80f5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:13
d = pathlib.Path(ifilename).read_text().split('\n')[0].strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d2ed6894afc19ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/182 find override/subdir/converter.py:15
pathlib.Path(ofilename).write_text(ftempl % d)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37b2f15a5413cfbf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/186 test depends/gen.py:7
    with open(sys.argv[1], 'w') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5fd1d1604c586d7d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:41
    proto_name = open(ifile_name).readline().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #318d9def5d670239 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:45
    open(h_out, 'w').write(h_templ % (proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e145f4cf57c748af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/195 generator in subdir/com/mesonbuild/tooldir/genprog.py:46
    open(c_out, 'w').write(c_templ % (proto_name, proto_name))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d944a2e03f0b6a98 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/202 custom target build by default/docgen.py:11
    with open(os.path.join(out, name + '.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19ec003d46f5b360 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/208 link custom/custom_stlib.py:73
    c_file.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfc53106ae279078 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/209 link custom_i single from multiple/generate_conflicting_stlibs.py:70
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6783053f52f29144 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/210 link custom_i multiple from multiple/generate_stlibs.py:72
        c_file.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27c2c90ac814bf46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/check_object.py:16
    with open(sys.argv[2], 'wb') as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4075956223b8dd1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/216 custom target input extracted objects/libdir/gen.py:3
with open(sys.argv[1], 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24e0c0450bb61233 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/22 object extraction/check-obj.py:12
    with open('compile_commands.json') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8f388faf4fea2a4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/check_arch.py:12
with open(dummy_output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9078c4d4b6ff3022 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #957e9a1d0d95fb1c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/226 link depends indexed custom target/make_file.py:7
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0bebbf603ba9530 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/227 very long command line/codegen.py:6
Path(sys.argv[2]).write_text(
    'int func{n}(void) {{ return {n}; }}'.format(n=sys.argv[1]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #775a824bda0167f7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:2
with open('x.c', 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d2e75569b5934f8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/228 custom_target source/x.py:4
with open('y', 'w'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae646af0334ada02 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/242 custom target feed/my_compiler.py:13
    with open(sys.argv[1], 'w+') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15818fc3c1b6a59a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:5
assert(Path(sys.argv[1]).read_text() == 'stage1\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd0e0ce417a0d01d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage1.py:6
Path(sys.argv[2]).write_text('stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8163e8604863441e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:5
assert(Path(sys.argv[1]).read_text() == 'stage2\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98f43bec32ac395e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/262 generator chain/stage2.py:6
Path(sys.argv[2]).write_text('int main(void){}\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #845ee7d4b7875c20 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/269 configure file output format/compare.py:3
with open(sys.argv[1], 'r', encoding='utf-8') as f, open(sys.argv[2], 'r', encoding='utf-8') as g:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9303a114b71ad07b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:5
ENV_VAR_VALUE = os.environ.get('ENV_VAR_VALUE')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34e06d2864abbab1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:8
with open(sys.argv[1], 'r') as infile, \

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4d4d7cfed84f4e3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/271 env in generator.process/generate_main.py:9
     open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #673a84b17d6829f0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/274 customtarget exe for test/generate.py:12
    with open(a, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6347e91e8e308b26 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:9
if os.environ.get(key) == expected:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dae8f1a13fe626f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/275 environment/testenv.py:12
sys.exit(f'Expected {expected!r}, was {os.environ.get(key)!r}')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #942775beaf76759e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/33 run program/check-env.py:5
assert os.environ['MY_PATH'] == os.pathsep.join(['0', '1', '2'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b317b539362b4e84 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:6
assert os.environ['MESONTESTING'] == 'picklerror'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99315774abc06c43 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:7
assert os.environ['TEST_LIST_FLATTENING'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8a6bb5ef155cf11 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/41 test args/tester.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bbc5bbcffa1dab6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:12
with open(output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb459f94013c5d7f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/depfile/dep.py:14
with open(depfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0c79a22d02461d9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:11
    assert os.environ['MY_COMPILER_ENV'] == 'value'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f9834123fc61145 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:16
    with open(args[1].split('=')[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5394bdbc8cd88f6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/49 custom target/my_compiler.py:21
    with open(args[2].split('=')[1], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be982253f225bbfb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f07bb1bdc2a879dd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04d3db5eeb17da16 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:9
    with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e82adf6adca41bd0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/my_compiler2.py:14
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5fa5532b2dc0112 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:5
with open(sys.argv[1], 'rb') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2a994023b4597b4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/50 custom target chain/usetarget/subcomp.py:6
    with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #451c5924827d39b0 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:6
assert 'MESON_SOURCE_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aa066243a2ca73a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:7
assert 'MESON_BUILD_ROOT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d11ad36ac21f79bb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:8
assert 'MESON_SUBDIR' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f72c68e5a5267ca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:9
assert 'MESONINTROSPECT' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4897a29d643d137 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:10
assert 'MY_ENV' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7473112c73a6aa2d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:15
env_source_root = Path(os.environ['MESON_SOURCE_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3259cfd1605fc98f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:16
env_build_root = Path(os.environ['MESON_BUILD_ROOT']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58eed1de9ec57c15 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/check-env.py:17
env_current_source_dir = Path(env_source_root, os.environ['MESON_SUBDIR']).resolve()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78927597c176798f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/converter.py:5
with open(sys.argv[1], 'rb') as ifile, open(sys.argv[2], 'wb') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa1a9cb3614159f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/51 run target/fakeburner.py:9
    with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8946075a85fe5db Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:12
    with open(os.path.join(args.dirname, '1.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38229df358008b79 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/customtarget.py:14
    with open(os.path.join(args.dirname, '2.txt'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cda145a0d1b81bf Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:7
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12cc835238eecc63 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:8
dry_run = bool(os.environ.get('MESON_INSTALL_DRY_RUN'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38cf7c8ce32c1578 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/myinstall.py:30
                with open(os.path.join(dirname, name), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f096a7ba0f66f108 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c23084a6749b5324 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/53 install script/src/myinstall.py:13
with open(os.path.join(dirname, sys.argv[2] + '.in'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d95b7dfbd6f0c30 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:10
with open(os.path.join(odir, 'mylib.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #963488f6be5bd866 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/54 custom target source output/generator.py:12
with open(os.path.join(odir, 'mylib.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a345b38d52a7fb72 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a24373c58fcb5554 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/57 custom header generator/makeheader.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ced42e013b9196b9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85e5c6c437df5f63 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:16
with open(outhdr, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92005ed004a28093 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/58 multiple generators/mygen.py:18
with open(outsrc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff2cef74f6562cfa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:13
    with open(infile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #225dc10851f68c6c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:16
        with open(outfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1036ce75d3754ff7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/65 build always/version_gen.py:22
    with open(outfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68b054370b347977 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:5
with open(sys.argv[1]) as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f7007be030d0e45 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/69 configure file in custom target/src/mycompiler.py:8
with open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48775965dd5646ee Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:9
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #997f369edfa0e8de Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen1.py:11
with open(sys.argv[2], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95a99f0a5e1fc244 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/71 ctarget dependency/gen2.py:9
with open(files[0]) as ifile, open(sys.argv[2], 'w') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfcdcbe668cc2b12 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/8 install/gendir.py:8
open(fname, 'w').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bab07ac7908f6c4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:29
with open(cfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d3ac829a33dfab0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/86 private include/stlib/compiler.py:31
with open(hfile, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c62ea041f1b0bf8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/88 dep fallback/subprojects/boblib/genbob.py:5
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10100c9615a5a696 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:21
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d008ebf436b65c7a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen.py:26
with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03a18c0f3aa68bbf Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:17
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26be7c68c09ec540 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:22
with open(output_c, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #086f35a6df131bf7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen2.py:31
with open(output_h, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #201331e99567cef6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/90 gen extra/srcgen3.py:12
with open(options.input) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #637315fa71a0276e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/92 test workdir/subdir/checker.py:5
data = open(sys.argv[1], 'rb').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #665782d1661aea06 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:10
with open(sys.argv[1]) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f882dbff7f6442e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:43
with open(outc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd2bf872063340ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:50
with open(outh, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1770fe19ab5f2689 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:57
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bd22ff63e1ff911 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/95 manygen/subdir/manygen.py:68
with open(tmpc, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27b0d33cb05c399d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:10
input_file = os.path.join(os.environ['MESON_SOURCE_ROOT'], 'raw.dat')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aeb3210bd4b6da76 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:11
output_file = os.path.join(os.environ['MESON_BUILD_ROOT'], 'generated.h')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20add9bee21a9103 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:13
with open(input_file, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fb6d31e95a9af15 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/common/99 postconf/postconf.py:15
with open(output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad5ca4bbed6e950 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #890c5dd83a47be6a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/generator.py:11
with open(args.input) as i, open(args.output, 'w') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f23990fd45b07c1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/cython/2 generated sources/libdir/gen.py:10
with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1c04be68a0a3963 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:6
with open(out, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc194a088d82973d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/40 custom target plainname many inputs/catfiles.py:8
        with open(infile, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb25c337c5129127 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:11
with open(os.path.join(odir, name + '.h'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1a539757db9d3ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:13
with open(os.path.join(odir, name + '.c'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c12b320f7341b0a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/41 custom target outputs not matching install_dirs/generator.py:15
with open(os.path.join(odir, name + '.sh'), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b991f6a1e7cc39b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:11
with open(outf, 'wb') as o:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2154390253d1f32b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/failing/89 custom target install data/preproc.py:12
    with open(inf, 'rb') as i:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e9b9bd0b2876b5f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:16
    with open(args.actual, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #469083bcc1a6cc92 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/format/5 transform/file_compare.py:18
    with open(args.expected, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fefbffcfa31f8a20 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:36
    with open(args.input, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a96cf90f7649fd3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/fortran/7 generated/gen.py:41
    with open(args.output, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acb8749e1953d51e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/10 gtk-doc/include/generate-enums-docbook.py:52
        with open(sys.argv[1], 'w') as doc_out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07f39d15a86532d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/4 qt/subfolder/generator.py:5
    with open(sys.argv[1], "w") as output:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1487276de006210 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/frameworks/6 gettext/data3/verify.py:12
with open(fname, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #60256ac86454c1a8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/osx/2 library versions/require_pkgconfig.py:6
if 'CI' in os.environ or shutil.which('pkg-config'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5eff67e246e7e6a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python/4 custom target depends extmodule/blaster.py:25
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff1aa8e3faed3264 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/python3/4 custom target depends extmodule/blaster.py:26
    with open(options.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dc0255b407d9fe5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/11 generated main/gen.py:12
    with open(args.out, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cd53bc10d6f70bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/rust/19 structured sources/gen.py:12
    with open(args.output, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e92378b94ad59a1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/2 testsetups/envcheck.py:5
assert 'PATH' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db6770b40956d2ae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:6
prefix = os.environ['MESON_INSTALL_DESTDIR_PREFIX']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bba7efa6ec4f56d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/26 install umask/myinstall.py:16
with open(os.path.join(dirname, sys.argv[2]), 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0645d407c64729e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:10
source_root = pathlib.Path(os.environ['MESON_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9884a698980f16a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:14
contents = modfile.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7f590d5b54147de Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/replacer.py:16
modfile.write_text(contents)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e32594de365870d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:11
source_root = pathlib.Path(os.environ['MESON_PROJECT_DIST_ROOT'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcdebbd365d237a3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/35 dist script/subprojects/sub/dist-script.py:12
mesonrewrite = shlex.split(os.environ['MESONREWRITE'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fdec50f7ad44000 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/45 native dep pkgconfig var/cross_pkgconfig.py:7
environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed0e5b035ba83f3c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:5
assert 'ENV_A' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a1133e8166ab0f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:6
assert 'ENV_B' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b2a3306e700aae7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:7
assert 'ENV_C' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8fa89411e3e339e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:9
print('ENV_A is', os.environ['ENV_A'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #beef1982dfec1e60 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:10
print('ENV_B is', os.environ['ENV_B'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20fed036ffba91f5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/48 testsetup default/envcheck.py:11
print('ENV_C is', os.environ['ENV_C'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4ff768487c9e470 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/67 test env value/test.py:6
assert os.environ['TEST_VAR'] == sys.argv[1]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f80d21afa4577ac Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:15
    defined = 'MESON_EXE_WRAPPER' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68752708312cd4ea Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/70 cross test passed/exewrapper.py:18
        print(os.environ, file=sys.stderr)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3986d1356c2e035b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:5
assert os.environ['MESON_DEVENV'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a8d3be068c39a49 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:6
assert os.environ['MESON_PROJECT_NAME'] == 'devenv'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7cfbd12a70a5682 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:7
assert os.environ['TEST_A'] == '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa35f9775d5a8615 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:8
assert os.environ['TEST_B'] == '0+1+2+3+4'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab993dd42a764b7a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/90 devenv/test-devenv.py:9
assert os.environ['TEST_C'] == os.pathsep.join(['/prefix', '/suffix'])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b6a4a9fa655cb40 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/94 custominc/easytogrepfor/genh.py:5
f = open(sys.argv[1], 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bff0b9398986b1bd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d254e2a5384aa0b6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/unit/98 install all targets/subdir/script.py:6
  with open(f, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ff3167fb1690bf6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/10 mixed sources/c/writec.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a090227ecf48f7b7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/vala/8 generated sources/src/write_wrapper.py:11
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f71c11c904a814d1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/10 vs module defs generated custom target/subdir/make_def.py:4
with open(sys.argv[1], 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d973ba93429056e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/12 resources with custom targets/res/gen-res.py:5
with open(sys.argv[1]) as infile, open(sys.argv[2], 'w') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #447aabc8df1cd2ba Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/14 resources with custom target depend_files/ico/gen-ico.py:5
with open(sys.argv[1], 'rb') as infile, open(sys.argv[2], 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6bdfe10c832cdca Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/test cases/windows/16 gui app/gui_app_tester.py:8
    if 'CI' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #962b46cf3bb823f2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/ac_converter.py:362
with open(sys.argv[1], encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #eab42fe76d33e42d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:69
    raw = jamroot.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d0bf02b6b18a749e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:82
    raw = jamfile.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #20d6464e055e2c2b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/boost_names.py:176
    data = json.loads(meta_file.read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0c1ab607a321f19c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/build_website.py:30
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d10a6ea743abe8ca Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:46
    with open(sourcefile, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9f5babecc0972e67 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/dircondenser.py:50
    with open(sourcefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #27a81ac3852486fe Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:23
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d78b06869b0a6cf9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:121
            with open(output_dir / (cmd+'_'+typ+'.inc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #7914e90daf596588 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:125
    url = urlopen('https://wrapdb.mesonbuild.com/v2/releases.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #966d2c1a433113f9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:127
    with open(output_dir / 'wrapdb-table.md', 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5a21bc25b8a7aa96 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/tools/regenerate_docs.py:160
        with open(output_dir/dummy_output_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19267c6217ccade4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:12
        if v in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6fa89a823f13dddc Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:13
            del os.environ[v]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46d56817ac22f1d2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/__init__.py:16
    os.environ.setdefault('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #480d6b04ff9dd782 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:134
                with open(fin, 'wb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d9e8d3965b0c84a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:138
                    with open(fout, 'rb') as fobj:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1af6d606f3ac89af Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:256
                with open(os.path.join(self.builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bbf0b9af498d6b2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:260
                with open(os.path.join(cmake_builddir, header), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e68f054aabfbdda Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:540
        text_log = Path(self.logdir, 'testlog.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b170035ba19a38de Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:542
        json_log = json.loads(Path(self.logdir, 'testlog.json').read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #794529d3107f5ffa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:740
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cd71e29e81b3734 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:759
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c9425ca1a418461 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:801
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e828f9da90cfde2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:806
        with open(os.path.join(self.logdir, 'testlog-valgrind.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e3a03aa09247629 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:826
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e51a4a12d3b4e225 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:831
        with open(os.path.join(self.logdir, 'testlog-good.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35eb0cd5be6ae9d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:867
        with open(os.path.join(self.logdir, 'testlog.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1972c8a40025eb0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:872
        with open(os.path.join(self.logdir, 'testlog-mydefault.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b082fc2d3d0e300c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:877
        with open(os.path.join(self.logdir, 'testlog-other.txt'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e0102223645c0ad Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1056
        if mesonbuild.environment.detect_msys2_arch() and ('MESON_RSP_THRESHOLD' in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #663b8c7e5934835c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1121
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dabcc8f8dc5cf96c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1142
            if evar in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c77bf7fb0112fd7d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1155
                        evalue = os.environ.pop(evar)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb07b10e8463d5a3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1236
                    if 'arch' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6d145a2685b8c9f Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1237
                        if os.environ['arch'] == 'x64':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6293498ce56826f7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1248
                os.environ[evar] = ' '.join(quote_arg(w) for w in wrappercc)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66a54f93f8efdeec Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1252
                os.environ['AR'] = ' '.join(quote_arg(w) for w in wrapperlinker)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b763248fb7d66ab9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1267
                del os.environ['AR']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54e2b96b7b7eba75 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1343
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa82a4b2183e61bc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1574
            with open(os.path.join(project_dir, '.hg', 'hgrc'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50aa3b1123355e64 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1615
        with open(os.path.join(path, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d91a8051c01000d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1623
            with open(os.path.join(project_dir, 'meson.build'), 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba80e32b12cfb53b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1633
            with open(distexe_c, 'w', encoding='utf-8') as ofile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81a9475f210ba043 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:1971
                with open(os.path.join(d, 'alexandria.pc'), 'w',
                          encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bbdd32f856460d2d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2013
                with open(os.path.join(d, 'alexandriaConfig.cmake'), 'w',
                        encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d642b9fa2661e06 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2142
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad23f0fef09d2be3 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2150
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #330644c133100560 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2174
            with open(os.path.join(self.privatedir, name), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76d099ab7d8b0148 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2542
                            with open(os.path.join(tmpdir, 'foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f38af248896475fd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2549
                            with open(os.path.join(tmpdir, 'bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f59fa58136143a3f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2560
                            with open(os.path.join(tmpdir, 'Foo.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b445cc7f5eb752a5 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2567
                            with open(os.path.join(tmpdir, 'Bar.' + lang), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0157cde968a04fbc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2984
        with open(os.path.join(self.builddir, 'nosubst-nocopy1.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82e267c3b7921283 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2986
        with open(os.path.join(self.builddir, 'nosubst-nocopy2.txt'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #375b4a5d280ae933 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:2993
                of = open(mfile, 'w', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b59e34136ec8359f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3089
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c3249e17c8d4399 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3092
        with open(filename, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfd9f30e4478af6b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3117
        open(filename, 'w', encoding='utf-8').close()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb4968eed13699ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3272
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be8ac7ba8dd4e0fe Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3273
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19f5b1731941e151 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3274
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f242d09f811df109 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3275
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c227620e0912ded2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3279
            self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e2fe2bf3577f34f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3280
                                Path(goodfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1df37e97e8e30683 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3281
            self.assertNotEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4dbd151dbd116d9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3282
                                Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86aaeace57fd6476 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3285
            with open(includefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4e3979df8c3cba8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3288
            self.assertEqual(Path(testheader).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f2152c843bbefc8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3289
                             Path(goodheader).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfef2cee777e7446 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3335
        self.assertNotEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c177f2f9b4a27a41 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3336
                            Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78f3a5e79c86217c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3341
        self.assertEqual(Path(testfile).read_text(encoding='utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7b46468680ffc52 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3342
                         Path(fixedfile).read_text(encoding='utf-8'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6346303645d9b7f6 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3393
        with open(os.path.join(infodir, 'intro-targets.json'), encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9771dece8f2bbec3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3527
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #935f7ff298199038 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3665
            with open(curr, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f3fd69011ef0f64 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3675
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f81e091d7a6a7e2c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3690
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12d31b612db7201f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3708
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1fec10d938f43c30 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:3719
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ce619b303396f63 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4125
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e70865be6d20a90c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4142
        with open(doc_path, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14d34902147dba43 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4345
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #790fed1158642873 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4362
            with open(os.path.join(srcdir, 'subprojects', 'wrap_git.wrap'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9932c414d8baffc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4399
        with open(machinefile, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ac916c528c25633 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4428
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c8791975d9802a3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4437
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #740259766bbd39d8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4446
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1b1613980b02755 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4455
        with open(redirect_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d6a66cf8f82e2c7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4460
        with open(real_wrap, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf916b0aa06aaeb0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4587
        o = Path(fname).read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #490aba887fc47d29 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4650
        with mock.patch.dict(os.environ, {'CFLAGS': '-DCFLAG', 'LDFLAGS': '-flto'}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9d7d89d5d763b49 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:4848
        with open(introfile, encoding='utf-8') as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69061f155baa38f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5181
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a322d67117e26061 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5189
        with open(gen_file, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab097b5fa339a278 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5266
        olddata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e92a409132a23e8d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5271
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #865b9d0b4d31dc26 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5280
            newdata = filename.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0e29bd109667fdd Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5428
        with open(os.path.join(testdir, 'mod1.f90'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #016eb56323e66265 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/allplatformstests.py:5438
        with open(os.path.join(testdir, 'test.f90'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb0121c9bc76f750 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:56
        cls.backend_name = os.environ.get('MESON_UNIT_TEST_BACKEND', 'ninja')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #801b7399b392ed91 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:91
        cls.env_patch = mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2c6b60e83a29972 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:94
        os.environ['COLUMNS'] = '80'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d5496df5bddfdc9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:95
        os.environ['PYTHONIOENCODING'] = 'utf8'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a403eb4805c2d03c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:131
        return open(log, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #920a29f53660f6e7 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:157
            env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b45a876e84fdf50 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:261
            with mock.patch.dict(os.environ, override_envvars):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d30928fd720669d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:311
            with open(os.path.join(self.builddir, 'compile_commands.json'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61185b98bb2e3417 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/baseplatformtests.py:325
                with open(rsp, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf9e99bec3f5aab3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:184
            with open(os.path.join(tmpdir, 'Cargo.lock'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a912328412a090ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:296
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b20efb3740bd4b34 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:310
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8bfc9686c6be1c8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:347
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdb12b1e555ebaa9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:364
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfc36c8f151859ab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:404
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15f3e3562f41ef3a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:440
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #301bbc480b6e5ac3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/cargotests.py:460
            with open(fname, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a174c7184e4b06a Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:59
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcafe94842599730 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/darwintests.py:70
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a64753ff8b2aad46 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:71
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bcee448c0bb1928 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:105
        with open('docs/markdown/Builtin-options.md', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #685d4e2bf35aeb69 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:176
        with open("docs/markdown/Reference-tables.md", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7160300e6e5c63d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:192
        with open("docs/sitemap.txt", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0327ee0913ed2401 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:206
        with open("docs/theme/extra/templates/navbar_links.html", encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1cf1f3eb0c641a64 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:218
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f06126fa5e14d90d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:228
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #582ee212b276848d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:231
        with open('data/syntax-highlighting/vim/syntax/meson.vim', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce61579393b8a2ae Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:236
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #badd955857a55192 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/datatests.py:246
        del os.environ['MESON_RUNNING_IN_PROJECT_TESTS']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9860143fb72938 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:93
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d31c9d34b179682b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:102
            with open(self.moptions, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4071d58328f44fa8 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/failuretests.py:119
        with open(self.mbuild, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88f54abef5a46f75 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:33
    return os.environ.get('MESON_CI_JOBNAME', 'thirdparty') != 'thirdparty'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43476df72303e1ef Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:123
            if key in os.environ and not is_ci():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d83e7783e906a53 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:125
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ca410bda769a532 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:126
                os.environ.pop(key, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85e828cda8314c99 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/helpers.py:227
    if os.environ.get('MESON_CI_JOBNAME') == name:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c0ea7ba6ae5391b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:554
                libpath.write_text('', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e845e04ded3e248b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:676
            script_path.write_text('import sys\nprint(sys.argv[1])\n', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49df8fff32946a40 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:835
        if 'VCToolsVersion' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #147b1ef129ef633a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:836
            vctools_ver = os.environ['VCToolsVersion']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #434a437617b9853d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:838
            self.assertIn('VCINSTALLDIR', os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32fdf60d0d747cf1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77350686596b3570 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:840
            vctools_ver = (Path(os.environ['VCINSTALLDIR']) / 'Auxiliary' / 'Build' / 'Microsoft.VCToolsVersion.default.txt').read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef13bed651b2c37d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1053
        with open('data/test.schema.json', 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #649bdd377e0826f1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/internaltests.py:1064
                schema_validator(json.loads(p.read_text(encoding='utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8226ffb1a7ceb284 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:42
PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4d55551968f0dc9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:58
    pkgconf = os.environ.get('PKG_CONFIG_PATH')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5e55f454214274a Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:141
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9343a3888475979d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:153
        os.environ['PKG_CONFIG_LIBDIR'] = self.privatedir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca605f3e5793a8c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:209
        with open(os.path.join(privatedir2, 'dependency-test.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4a1582214cb9355 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:240
        with open(os.path.join(privatedir1, 'simple2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a5fd758aa1f171f Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:245
        with open(os.path.join(privatedir1, 'simple3.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #248abd5788066ab3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:249
        with open(os.path.join(privatedir1, 'simple5.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e20d4b89e46dfae9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:253
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5a3c06cc198ed82 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:259
        os.environ['PKG_CONFIG_LIBDIR'] = os.path.join(self.builddir, 'meson-uninstalled')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4286deef05e89265 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:261
            os.environ['PATH'] += os.pathsep + self.builddir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #205719f4737eb9f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:272
        with open(os.path.join(self.privatedir, 'somename.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #896a0e5fd3089486 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:809
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc589082cfea4abc Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:834
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as ifile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a90c3663ddbebef6 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1119
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #210d6f6e679e9337 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1130
            myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41055e2f9af55562 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1260
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f93596a454568621 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1275
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5428c5a2c21d8921 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1288
        myenv = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79ec3299ec581922 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1300
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #325158e54e032ba4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1319
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #266453a6f759c7f4 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1332
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c6bd0a03b507ba9 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1418
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as bfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4e3fc75e10caec9 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1483
                os.pathsep + os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65c05e684ca52471 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1533
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1715e682d4b13311 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1542
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6129328bae2ac98b Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1641
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bfa71941cd506422 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1692
        with open(filename, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41fc3a8180fd6a75 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1716
        with open(wrap_filename, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7a7606b589d39d3 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1744
            with open(os.path.join(d, 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b5e4f5ff973da20 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1755
        with open(os.path.join(self.privatedir, 'bar1.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fe6a7ec24c6e39c Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1758
        with open(os.path.join(self.privatedir, 'bar2.pc'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #816d965f38e77ee5 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1766
        if 'clang' in os.environ.get('CC', 'dummy') and not is_osx():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b77ee394afee266d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/linuxliketests.py:1879
        with open(os.path.join(self.builddir, 'build.ninja'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71cfff29f94baef0 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:80
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d17d6c29afce0088 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:102
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc8855552ba88e69 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:140
        with open(batfile, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4a63f1ddd536897 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:174
                with open(fifo, 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cbae35d9eb766de Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:762
    @skipIf('MESON_EXE' in os.environ, 'MESON_EXE is defined, cannot use mocking.')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e573462fbb5d44d8 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:776
            with mock.patch.dict(os.environ, {'XDG_DATA_HOME': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29895282addf5d78 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:780
            with mock.patch.dict(os.environ, {'XDG_DATA_DIRS': d}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e176fb1ab87c4a30 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:781
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8428355d6aa5b92 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:795
            with mock.patch.dict(os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61098825f6c5d91c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:796
                os.environ.pop('XDG_DATA_HOME', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89140775e33eb929 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:809
        with open(filename, 'wt', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d01e2689aed145b2 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/machinefiletests.py:909
                    del os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0df477064268d851 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:104
                with open(os.path.join(self.builddir, 'meson-info', 'intro-targets.json'), 'r', encoding='utf-8') as tgt_intro:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #7a1914c096ede763 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:141
            with urllib.request.urlopen('https://wrapdb.mesonbuild.com') as p:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #521186463aa790ac Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:174
        with open(os.path.join(testdir, 'test.json'), 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecb05175a74f7354 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:295
        with open(os.path.join(self.builddir, 'meson-logs', 'profile-startup-modules.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33620dbb0bbe9797 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:298
        with open(os.path.join(testdir, 'expected_mods.json'), encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf914a4929eb1968 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:387
        with open(editorconfig, 'w', encoding='utf-8') as handle:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70b1ae1ebab5e592 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:453
        with open(os.path.join(testdir, 'meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8be4383dbdf52132 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:462
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ee42fa6203b5e2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:464
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e00f79a6191f8387 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:497
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f148327889ec3d1 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:499
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0435d13d41dc141b Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:512
        with open(os.path.join(testdir, 'meson_options.txt'), 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ac261cbaacf3dd7 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:514
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6df14fc45b485827 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:537
        with open(os.path.join(testdir, 'meson.options'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00c03b2e004fb0ae Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:546
        with open(os.path.join(testdir, 'meson_options.txt'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9054f095bac66c8d Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/platformagnostictests.py:555
        with open(os.path.join(testdir, 'subprojects/subproject/meson_options.txt'), 'a', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b069b00488ab42e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/pythontests.py:44
            mesonfile.write_text('''project('test', 'c', version: '1')
pymod = import('python')
python = pymod.find_installation('python3', required: true)
''', encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6358bd8735761e0e Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:465
        original_contents = meson_build_file.read_text(encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16b4dac3b63233ec Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/rewritetests.py:511
        expected = Path(test_path / "expected_dag.txt").read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a6e62e535e19de2 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:35
        with open(str(path / 'meson.build'), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #538ad027c00cb1fa Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:97
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a3c37d96d1c5485 Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:112
        with open(str((self.subprojects_dir / name).with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75f1b1c94cf946ab Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/subprojectscommandtests.py:260
        with open(str((self.subprojects_dir / 'redirect').with_suffix('.wrap')), 'w', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3825a4fd0ae9f5d Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:49
    @mock.patch.dict(os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33f60f448ad8d388 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:78
        os.environ['PATH'] += os.pathsep + testdir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #615b8fda29f98255 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:80
        if '.PY' in [ext.upper() for ext in os.environ['PATHEXT'].split(';')]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72cbe57de874fb3c Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:104
        path = os.environ['PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a20c5cc00a37df1 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:106
            username = os.environ['USERNAME']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58a11a4aa05288ea Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:240
            current_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111255fb3ca80030 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:296
            with mock.patch.dict(os.environ, {envvar: name}):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6962584c18d27eb Filesystem access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:386
        with open(build_ninja, encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85648e6952565cc4 Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:438
        if 'VSCMD_VER' not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #845e28685b1c32cb Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:440
        if version_compare(os.environ['VSCMD_VER'], '<16.10.0'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1d427edfe8e349e Environment-variable access.
pkgs/python/[email protected]/vendored-meson/meson/unittests/windowstests.py:466
        env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

oci

python dependency
expand_more 143 low-confidence finding(s)
low env_fs dependency Excluded from app score #a211771df79e5f84 Filesystem access.
pkgs/python/[email protected]/setup.py:19
    return io.open(filename, mode="r", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61b34c6157d06d1f Environment-variable access.
pkgs/python/[email protected]/src/oci/__init__.py:17
if os.getenv("OCI_PYTHON_SDK_NO_SERVICE_IMPORTS", "").lower() in ["true", "1"]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3023a658ecff07d Environment-variable access.
pkgs/python/[email protected]/src/oci/__init__.py:24
    if sys.version_info >= (3, 7) and os.getenv("OCI_PYTHON_SDK_LAZY_IMPORTS_DISABLED", "False").lower() != "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ee8958a06716689b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/_vendor/jwt/jwks_client.py:25
        with urllib.request.urlopen(self.uri) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9c9c42b202849ed6 Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/sessions.py:715
                verify = (os.environ.get('REQUESTS_CA_BUNDLE') or

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4957509705b96262 Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/sessions.py:716
                          os.environ.get('CURL_CA_BUNDLE'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #005d71e898fb6a8e Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/utils.py:187
    netrc_file = os.environ.get('NETRC')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6115451fd956907c Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/utils.py:731
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #398392e4f025af26 Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/utils.py:732
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7dfc21fff04aecac Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/utils.py:738
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #332424c88c0cf80d Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/utils.py:740
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5457750e01803e7 Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/requests/utils.py:751
    get_proxy = lambda k: os.environ.get(k) or os.environ.get(k.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #58e70ab2dc2bdf03 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/connection.py:249
        super(HTTPConnection, self).request(method, url, body=body, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4831b3776fcf4769 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/connectionpool.py:220
            self.pool.put(None)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d0790a85b9b18ab6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/connectionpool.py:321
            self.pool.put(conn, block=False)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e775545284733e60 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/connectionpool.py:421
                conn.request(method, url, **httplib_request_kw)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #dea1ffa33afa4fbe Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/_appengine_environ.py:24
    return is_appengine() and os.environ["APPENGINE_RUNTIME"] == "python27"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe5fb6294008f05a Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/_appengine_environ.py:28
    return "APPENGINE_RUNTIME" in os.environ and os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4734f0e402ff0419 Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/_appengine_environ.py:28
    return "APPENGINE_RUNTIME" in os.environ and os.environ.get(
        "SERVER_SOFTWARE", ""
    ).startswith("Development/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba45a0a02452518c Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/_appengine_environ.py:34
    return "APPENGINE_RUNTIME" in os.environ and os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d2e40c9adfde93cd Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/_appengine_environ.py:34
    return "APPENGINE_RUNTIME" in os.environ and os.environ.get(
        "SERVER_SOFTWARE", ""
    ).startswith("Google App Engine/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8296c2ed74f7f6c Filesystem access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/_securetransport/low_level.py:263
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #97943e90c3b7f796 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/ntlmpool.py:75
        conn.request("GET", self.authurl, None, headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1d6c51ef8f25562d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/ntlmpool.py:106
        conn.request("GET", self.authurl, None, headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f8a83b91b8a5dfec Filesystem access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/securetransport.py:441
            with open(trust_bundle, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f9f0aa52a9ff634 Filesystem access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/contrib/securetransport.py:872
            with open(cafile):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b2963faefd28160 Environment-variable access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/util/ssl_.py:362
        sslkeylogfile = os.environ.get("SSLKEYLOGFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bb57061b45d915f Filesystem access.
pkgs/python/[email protected]/src/oci/_vendor/urllib3/util/ssl_.py:486
    with open(key_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f24e209f8e5c72f2 Filesystem access.
pkgs/python/[email protected]/src/oci/addons/adk/auth/oci/session.py:85
            with open(security_token_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb75bb8ca572112b Environment-variable access.
pkgs/python/[email protected]/src/oci/addons/adk/logger.py:137
    level=os.environ.get("ADK_LOG_LEVEL", "INFO"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72ecd34470ddddb9 Environment-variable access.
pkgs/python/[email protected]/src/oci/addons/adk/logger.py:138
    file_path=os.environ.get("ADK_LOG_FILE", None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #549ece07546c6744 Environment-variable access.
pkgs/python/[email protected]/src/oci/addons/adk/logger.py:162
        file_path=file_path or os.environ.get("ADK_LOG_FILE", None),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #407c6d728e9e69ad Filesystem access.
pkgs/python/[email protected]/src/oci/addons/adk/tool/toolkit.py:41
                with open(openai_tools_file, "r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77f475d1730b5c70 Environment-variable access.
pkgs/python/[email protected]/src/oci/alloy.py:100
    if os.getenv(OCI_ALLOY_FILE_PATH_ENV_VAR_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff1a6ec4fcd67667 Environment-variable access.
pkgs/python/[email protected]/src/oci/alloy.py:101
        config_file_location = os.getenv(OCI_ALLOY_FILE_PATH_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4931b8315544ba39 Filesystem access.
pkgs/python/[email protected]/src/oci/alloy.py:110
            with open(expanded_file_location, 'r') as alloy_config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #aadf2c80acbe0e30 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/auth_utils.py:68
    response = requests.get(GET_REGION_URL, timeout=(10, 60), headers=METADATA_AUTH_HEADERS)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #af718b230d460927 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/certificate_retriever.py:216
        response = self.requests_session.get(self.cert_url, stream=True, timeout=(10, 60))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8c3c48b2195a7f8b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/certificate_retriever.py:239
            response = self.requests_session.get(self.private_key_url, stream=True, timeout=(10, 60))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3f4e1b3a13d7e8b2 Filesystem access.
pkgs/python/[email protected]/src/oci/auth/certificate_retriever.py:409
        with open(filename, mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3b190a255268d60 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/federation_client.py:27
APPEND_USER_AGENT = os.environ.get(APPEND_USER_AGENT_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d0f59a4fcf4a3e3c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/federation_client.py:230
        response = self.requests_session.post(self.federation_endpoint, json=request_payload, auth=signer, verify=self.cert_bundle_verify, timeout=(10, 60), headers={constants.HEADER_USER_AGENT: self.user_agent})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #98a4b250b70a78bb Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/rpt_path_providers.py:90
            return os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_PATH_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b56300484b1d4487 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/rpt_path_providers.py:91
        return os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbc647bc90ab8ffb Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/rpt_path_providers.py:95
            rpt_id = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_ID_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16cacace745898de Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/rpt_path_providers.py:97
            rpt_id = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa702361fd441998 Filesystem access.
pkgs/python/[email protected]/src/oci/auth/rpt_path_providers.py:154
        with open(token_path, mode="r", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a84cf06e2f23732b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/rpt_path_providers.py:179
    response = requests.get(endpoint, timeout=timeout, headers=METADATA_AUTH_HEADERS)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fee6bdf94a484b72 Filesystem access.
pkgs/python/[email protected]/src/oci/auth/signers/ephemeral_resource_principals_signer.py:121
            with open(self._rpst) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c954589783f426ec Filesystem access.
pkgs/python/[email protected]/src/oci/auth/signers/ephemeral_resource_principals_signer.py:192
            with open(self.passphrase_file, "b") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #572f3d550f78ead6 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/instance_principals_security_token_signer.py:66
    METADATA_URL_BASE = os.environ.get(METADATA_URL_BASE_ENV_VAR, DEFAULT_METADATA_URL_BASE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2733a37e099e6a37 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/signers/instance_principals_security_token_signer.py:147
        response = requests.get(self.GET_REGION_URL, timeout=(10, 60), headers=self.METADATA_AUTH_HEADERS)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a853a0945350cf6c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/signers/oauth_exhange_token_signer.py:253
        response = requests.Session().post(self.oauth_token_endpoint,
                                           json=payload,  # JSON payload with scope, public_key, target_compartment
                                           headers=headers,  # Content-Type: application/json
                                           auth=self.token_signer,  # Original signer (e.g., instance principal)
                                           verify=self.cert_bundle_verify,  # SSL verification
                                           timeout=(10, 60))  # Connection and read timeouts

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #15e22893b1a1a730 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/signers/oke_workload_identity_resource_principal_signer.py:131
        response = self.requests_session.post(self.proxymux_endpoint, json=request_payload, headers=headers, verify=self.sa_cert_path, timeout=(10, 60))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #26d246483c54c6f0 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:66
    rp_version = os.environ.get(OCI_RESOURCE_PRINCIPAL_VERSION, "UNDEFINED")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e45bde837d727f16 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:96
        resource_principal_version_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_VERSION_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36c2571707942b65 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:98
            resource_session_token_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #406465fdf838f712 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:99
            private_key_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b31210a12f9b8950 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:100
            private_key_passphrase_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_PASSPHRASE_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b373647c61d5de47 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:101
            region_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_REGION_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6b1e44dac0ec2a2 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:108
            resource_principal_token_endpoint_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_ENDPOINT_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54a43a00e871424b Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:109
            resource_principal_session_token_endpoint_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d8ca46e0445e162 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:110
            resource_id_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_RESOURCE_ID_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ab8e475dde8cf7d Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:111
            tenancy_id_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_TENANCY_ID_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #461f5f49c96d2deb Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:112
            private_key_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d94e5c9c4d9119df Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:113
            private_key_passphrase_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_PASSPHRASE_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5418494b3879747 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:114
            region_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_REGION_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #932023e9bf75b55c Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:115
            security_context = os.environ.get(OCI_RESOURCE_PRINCIPAL_SECURITY_CONTEXT_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee02079b587a2013 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:116
            resource_principal_token_path = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_PATH_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67659603a02432c4 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:129
            resource_principal_token_endpoint_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_ENDPOINT_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c063b1400002d28 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:130
            resource_principal_session_token_endpoint_for_leaf_resource = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT_FOR_LEAF_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b69a24fa80370a0 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:139
        resource_principal_rpt_url = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_URL_FOR_PARENT_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb1817ef8b76887b Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:140
        resource_principal_session_token_endpoint = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT_FOR_PARENT_RESOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #876b7ef7b04516e9 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:181
        session_token = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a6a96eec067dea4 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:182
        private_key = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #572dac7bfd61ffc6 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:183
        private_key_passphrase = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_PASSPHRASE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7429286f532ea1e9 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:184
        region = os.environ.get(OCI_RESOURCE_PRINCIPAL_REGION)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e61937425164381 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:202
        resource_principal_token_endpoint = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #697e5840de523e6d Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:203
        resource_principal_session_token_endpoint = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d72403c1252a97ea Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:204
        resource_id = os.environ.get(OCI_RESOURCE_PRINCIPAL_RESOURCE_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4eb5e846ad6bc489 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:205
        tenancy_id = os.environ.get(OCI_RESOURCE_PRINCIPAL_TENANCY_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3e4b06a087377dfe Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:206
        private_key = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0344fb44fb4b7b49 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:207
        private_key_passphrase = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_PASSPHRASE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0d7e115b9ca09af5 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:208
        region = os.environ.get(OCI_RESOURCE_PRINCIPAL_REGION)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad2934b5eb0eef85 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:209
        security_context = os.environ.get(OCI_RESOURCE_PRINCIPAL_SECURITY_CONTEXT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #712c4cc186ce9a0e Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:210
        resource_principal_token_path = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b6496700b91e001 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:231
        resource_principal_token_endpoint = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #355a12729623e348 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:232
        resource_principal_session_token_endpoint = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #119242976462bace Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:252
    rp_version = os.environ.get(OCI_RESOURCE_PRINCIPAL_VERSION, "UNDEFINED")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e447fe89522af00e Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:274
        session_token = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91ccabe75589215a Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:275
        private_key = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ac744045a7ba05c Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:276
        private_key_passphrase = os.environ.get(OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_PASSPHRASE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e29d87dbccac9104 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:277
        region = os.environ.get(OCI_RESOURCE_PRINCIPAL_REGION)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5256334df2c48e4 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:285
        resource_principal_token_endpoint = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPT_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #518a010f14145cfb Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:286
        resource_principal_session_token_endpoint = os.environ.get(OCI_RESOURCE_PRINCIPAL_RPST_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df588849b4fa9cc7 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:300
    sa_cert_path = os.environ.get(OCI_KUBERNETES_SERVICE_ACCOUNT_CERT_PATH, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b7448e60da8a8ff Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:310
    service_host = os.environ.get(KUBERNETES_SERVICE_HOST)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36fffd1945fca589 Environment-variable access.
pkgs/python/[email protected]/src/oci/auth/signers/resource_principals_signer.py:311
    region = os.environ.get(OCI_RESOURCE_PRINCIPAL_REGION)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e73521d2a1ac0e4b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/auth/signers/token_exchange_signer.py:153
            response = self.requests_session.post(full_token_url, headers=headers, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #646ea47156f93cfa Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:45
APPEND_USER_AGENT = os.environ.get(APPEND_USER_AGENT_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2a062179f3a0972 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:58
expect_header_env_var = os.environ.get('OCI_PYSDK_USING_EXPECT_HEADER', True)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a874e31f4c027f8 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:61
oke_workload_refresh_enabled = os.environ.get('OCI_OKE_WORKLOAD_REFRESH_ENABLED', "True").lower() == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dd39838b5f4f871 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:291
        self.PROPAGATION_ENABLED = os.environ.get(PROPAGATION_ENABLED_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b80eae9508e7850 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:392
        dual_stack_endpoints_enabled_from_env_var = os.environ.get(OCI_DUAL_STACK_ENDPOINT_ENABLED_ENV_VAR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edc2b55360356eab Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:565
        opc_host_serial = os.environ.get('OCI_DB_OPC_HOST_SERIAL')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2dbdc1b501f6ee5 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:632
        if os.environ.get(PROPAGATION_ENABLED_ENV_VAR_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b221856fd1b10811 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:633
            os.environ.pop(PROPAGATION_ENABLED_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0c1be8ed180bbd6 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:634
        if os.environ.get(OPC_INCOMING_REQUEST_ID_ENV_VAR_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e55d23d6e2c001d3 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:635
            os.environ.pop(OPC_INCOMING_REQUEST_ID_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c69ee9cdf73c2673 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:638
        request_id = os.environ.get(OPC_INCOMING_REQUEST_ID_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94c643370ec8a3e9 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:827
        max_header_error_retries = int(os.environ.get(OCI_HEADER_PARSING_ERROR_MAX_RETRIES, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #80075627b150213a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/oci/base_client.py:835
                response = self.session.request(
                    request.method,
                    request.url,
                    auth=signer,
                    params=request.query_params,
                    headers=request.header_params,
                    data=request.body,
                    stream=stream,
                    timeout=self.timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #bea834b33edab15a Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:851
                    os.environ[OPC_INCOMING_REQUEST_ID_ENV_VAR_NAME] = response.headers[constants.HEADER_REQUEST_ID]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a75bed0cca74d17 Environment-variable access.
pkgs/python/[email protected]/src/oci/base_client.py:1358
        env_configuration = os.environ.get(OCI_REALM_SPECIFIC_SERVICE_ENDPOINT_TEMPLATE_ENABLED)  # comes back as a string.

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9222d9b8841c8514 Environment-variable access.
pkgs/python/[email protected]/src/oci/circuit_breaker/__init__.py:26
if os.environ.get('OCI_SDK_AUTH_CLIENT_CIRCUIT_BREAKER_ENABLED', 'true').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb558ab77cdb2a52 Environment-variable access.
pkgs/python/[email protected]/src/oci/circuit_breaker/__init__.py:60
if 'OCI_SDK_DEFAULT_CIRCUITBREAKER_ENABLED' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcd84f1fd9357fd6 Environment-variable access.
pkgs/python/[email protected]/src/oci/circuit_breaker/__init__.py:61
    if os.environ.get('OCI_SDK_DEFAULT_CIRCUITBREAKER_ENABLED').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae9c6d99dcb158b2 Environment-variable access.
pkgs/python/[email protected]/src/oci/config.py:147
                region_from_env_var = os.environ.get(REGION_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b9116bb875b4ec6 Environment-variable access.
pkgs/python/[email protected]/src/oci/config.py:200
    elif os.environ.get(CONFIG_FILE_PATH_ENV_VAR_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #deee4ff1cb61d3e6 Environment-variable access.
pkgs/python/[email protected]/src/oci/config.py:204
        expanded_file_location = os.path.expanduser(os.environ.get(CONFIG_FILE_PATH_ENV_VAR_NAME))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fa100b98ef175be Filesystem access.
pkgs/python/[email protected]/src/oci/config.py:228
    with open(filename, 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f880efc3f8d9f13 Environment-variable access.
pkgs/python/[email protected]/src/oci/fips.py:110
        if 'FIPS_LIBCRYPTO_PATH' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c59c6cc20917bb8 Environment-variable access.
pkgs/python/[email protected]/src/oci/fips.py:111
            fips_libcrypto_path = os.environ['FIPS_LIBCRYPTO_PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #734b28d251d54634 Environment-variable access.
pkgs/python/[email protected]/src/oci/fips.py:112
        elif 'OCI_PYTHON_SDK_FIPS_LIBCRYPTO_PATH' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c79913d70c28fcf Environment-variable access.
pkgs/python/[email protected]/src/oci/fips.py:113
            fips_libcrypto_path = os.environ['OCI_PYTHON_SDK_FIPS_LIBCRYPTO_PATH']

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5960043f356744d6 Filesystem access.
pkgs/python/[email protected]/src/oci/object_storage/transfer/internal/download/DownloadManager.py:496
        with io.open(destination_path, 'wb') as out_stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b9d61a40a44b049 Filesystem access.
pkgs/python/[email protected]/src/oci/object_storage/transfer/internal/download/DownloadManager.py:811
        with io.open(destination_path, "r+b") as out_stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e353b085f742b4a Filesystem access.
pkgs/python/[email protected]/src/oci/object_storage/transfer/internal/multipart_object_assembler.py:217
        with io.open(file_path, mode='rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a3f97e1aa91a1af Filesystem access.
pkgs/python/[email protected]/src/oci/object_storage/transfer/internal/multipart_object_assembler.py:258
        with io.open(kwargs["part_file_path"], mode='rb') as file_object:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ad95d18b9cc224e Filesystem access.
pkgs/python/[email protected]/src/oci/object_storage/transfer/internal/multipart_object_assembler.py:276
        with io.open(file_path, mode='rb') as file_object:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #570795e94ae9786e Filesystem access.
pkgs/python/[email protected]/src/oci/object_storage/transfer/upload_manager.py:251
        with open(file_path, 'rb') as file_object:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e19639da4f5ee61d Filesystem access.
pkgs/python/[email protected]/src/oci/object_storage/transfer/upload_manager.py:360
        with open(file_path, 'rb') as file_object:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fd7d697a733bd7a Environment-variable access.
pkgs/python/[email protected]/src/oci/regions.py:242
    _IS_ALLOY_REGION_COEXIST = os.getenv(OCI_ALLOY_REGION_COEXIST_ENV_VAR_NAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #463248160882b525 Environment-variable access.
pkgs/python/[email protected]/src/oci/regions.py:265
        second_level_domain_fallback = os.environ.get(DEFAULT_REALM_ENV_VARNAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6064bd1be06b6629 Filesystem access.
pkgs/python/[email protected]/src/oci/regions.py:308
            with open(expanded_file_location, 'r') as regions_config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32655a8c94990bc2 Environment-variable access.
pkgs/python/[email protected]/src/oci/regions.py:344
    if os.environ.get(OCI_REGION_METADATA_ENV_VAR_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c7e15b25778f29f Environment-variable access.
pkgs/python/[email protected]/src/oci/regions.py:351
            region_metadata = json.loads(os.environ.get(OCI_REGION_METADATA_ENV_VAR_NAME))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ec53d5796d14893 Environment-variable access.
pkgs/python/[email protected]/src/oci/regions.py:477
        second_level_domain_fallback = os.environ.get(DEFAULT_REALM_ENV_VARNAME)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5980413ae4b446d Environment-variable access.
pkgs/python/[email protected]/src/oci/retry/__init__.py:62
if 'OCI_SDK_DEFAULT_RETRY_ENABLED' in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29c61f7aa202ad55 Environment-variable access.
pkgs/python/[email protected]/src/oci/retry/__init__.py:63
    if os.environ.get('OCI_SDK_DEFAULT_RETRY_ENABLED').lower() == 'true':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #822afbb84af3aed1 Filesystem access.
pkgs/python/[email protected]/src/oci/signer.py:31
    with io.open(filename, mode="rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3fbef69fe423957 Filesystem access.
pkgs/python/[email protected]/src/oci/util.py:118
    with open(full_path, 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6554ef62e569bec1 Filesystem access.
pkgs/python/[email protected]/src/oci/util.py:181
    with open(expanded_delegation_token_file_path, mode="r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ollama

python dependency
expand_more 11 low-confidence finding(s)
low egress tooling Excluded from app score unreachable #5831d835627d3671 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/multimodal-generate.py:8
latest = httpx.get('https://xkcd.com/info.0.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #fcd7c95a9ee6d9ad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/multimodal-generate.py:13
comic = httpx.get(f'https://xkcd.com/{num}/info.0.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #9436b28507006f3c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/multimodal-generate.py:20
raw = httpx.get(comic.json().get('img'))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e9de01ea53ad2c9d Environment-variable access.
pkgs/python/[email protected]/ollama/_client.py:107
    api_key = os.getenv('OLLAMA_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4627090a687cd47e Environment-variable access.
pkgs/python/[email protected]/ollama/_client.py:112
      base_url=_parse_host(host or os.getenv('OLLAMA_HOST')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e3f3d73e9b0ad6e8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/ollama/_client.py:129
      r = self._client.request(*args, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #65294b2208bdd73d Filesystem access.
pkgs/python/[email protected]/ollama/_client.py:589
    with open(path, 'rb') as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7faf42c680660e49 Filesystem access.
pkgs/python/[email protected]/ollama/_client.py:598
    with open(path, 'rb') as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #89dab6b653ddc6a6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/ollama/_client.py:707
      r = await self._client.request(*args, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5a54f1ef2cc70825 Filesystem access.
pkgs/python/[email protected]/ollama/_types.py:167
      return b64encode(self.value.read_bytes() if isinstance(self.value, Path) else self.value).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff6fd6c4f25b9051 Filesystem access.
pkgs/python/[email protected]/ollama/_types.py:172
          return b64encode(Path(self.value).read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
expand_more 60 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #b11d465182b8343e Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #502126adba15f018 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #20eb8a9bf24cc54e Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a9e8c86c6a732a1 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6e0c3b609b27a6f1 Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a9110efcd714c60 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:144
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5baabc97b612fdb4 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:146
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16ce395726acfea5 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:148
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #102b358eb36b2f62 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:150
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e222f8b20d5650a6 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:283
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8def4bc31fc639ed Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:287
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eea8a1e910b963ea Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:292
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693abce43bd5b7bd Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:308
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bae419c2f46b1a27 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:311
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ea691d475e73d26 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:314
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a4905c656477baa Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:324
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7be76aab5ca38b0f Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:324
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5bea872d8f091de3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/_base_client.py:307
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3b3067afc08beeac Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:135
            api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2cfe4d4c1c87f8c5 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:148
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f196728241d2c027 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:152
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23212bf6f3820694 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:156
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e8b7309179a2147 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:162
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ec31fff8906e817 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:486
            api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f129a9659824c12 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:499
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5be476e258697fc Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:503
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #315871bd5c8fd51a Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:507
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdc0b766e0a6a2a3 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:513
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be5d9bc431a9179a Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:67
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3243cea9f36d7559 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:79
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7589d7d7aab52f13 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:109
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #147e38d01c407dfb Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:121
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef3ae140968c860e Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:438
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f725ddcba509d088 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:451
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6106daf70804172 Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:119
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34cbe831608d3f29 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:510
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f764f41174a57d6f Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:552
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eea8727785bf74c Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81b819a6e5ea007d Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84ec9501c2eb14d1 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41bc9cbb5d4f5839 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:371
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #992d1bdf3728ae35 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:67
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c8b02e30be033d5 Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/audio.py:90
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fcb79c744059c9d Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/files.py:55
        with open(args.file, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #446e7b37b1ad6e2d Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:103
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d3d0dc1499bd44f Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:119
        with open(args.image, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c54d0c864b1831cb Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_api/image.py:125
            with open(args.mask, "rb") as file_reader:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31ca277da3b5ffce Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:68
    xdg = os.environ.get("XDG_CACHE_HOME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa2bba6b63a0dedb Environment-variable access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:76
    if not os.environ.get("DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2afb6ba34ceaf9be Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:118
        download_response = client.get(download_url, follow_redirects=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5adfe967b7d0f8ca Filesystem access.
pkgs/python/[email protected]/src/openai/cli/_tools/migrate.py:121
        with open(temp_file, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f640d9535b3a011 Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1b1a9fbe05b706d Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:193
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7fa79a9d6e9e7b0 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:196
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #af3723b87b7da240 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:204
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f253ffce14b6589f Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:218
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f70e34afd3c1664 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:474
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4af36036345fffea Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:477
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #17e3d3ab7008bbf1 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:485
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8b586b8fc3b5dae Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:499
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

psutil

python dependency
expand_more 28 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #213a11a818ac97a8 Filesystem access.
pkgs/python/[email protected]/docs/conf.py:39
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #416cdc8291e0d72f Environment-variable access.
pkgs/python/[email protected]/psutil/_common.py:34
PSUTIL_DEBUG = bool(os.getenv('PSUTIL_DEBUG'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f37d5651e46ad7ef Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:682
    return open(fname, "rb", buffering=FILE_READ_BUFFER_SIZE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #34081206fb20fc27 Filesystem access.
pkgs/python/[email protected]/psutil/_common.py:692
    fobj = open(  # noqa: SIM115
        fname,
        buffering=FILE_READ_BUFFER_SIZE,
        encoding=ENCODING,
        errors=ENCODING_ERRS,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff5670f3736701fa Environment-variable access.
pkgs/python/[email protected]/psutil/_psaix.py:375
        for path in os.environ["PATH"].split(":"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d9199699bad0003 Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:142
        with open('/proc/meminfo', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de33fa163c8ea6bc Filesystem access.
pkgs/python/[email protected]/psutil/_psbsd.py:276
        with open('/proc/stat', 'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a6bcaa58873a733 Environment-variable access.
pkgs/python/[email protected]/psutil/_pssunos.py:119
            f"PATH=/usr/sbin:/sbin:{os.environ['PATH']}",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b084fdc2fec6d5f6 Filesystem access.
pkgs/python/[email protected]/scripts/internal/convert_readme.py:33
    with open(args.file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #59625721ced6269a Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:64
    with open(OUTFILE, 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #34f496b70b24391b Filesystem access.
pkgs/python/[email protected]/scripts/internal/download_wheels.py:87
        with open(os.path.expanduser(args.tokenfile)) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4625adfe718d20c9 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:98
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9759519a286d46e6 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:113
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e5f53008755816d0 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:134
    with open(fname) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #292adf7c68431502 Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:164
    with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #44e444c359e498ed Filesystem access.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:178
        with open(fname, errors='ignore') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #65f9f1521ad9730b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/internal/find_broken_links.py:194
            res = requests.get(url, timeout=REQUEST_TIMEOUT)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #fb83ff337ae1341e Filesystem access.
pkgs/python/[email protected]/scripts/internal/git_pre_commit.py:156
    with open("MANIFEST.in", encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #0e104a298d24b6c0 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/scripts/internal/install_pip.py:34
        req = urlopen(URL, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #533525e5bdedb751 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_announce.py:81
    with open(HISTORY) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #208054b7a9c21784 Environment-variable access.
pkgs/python/[email protected]/scripts/internal/print_downloads.py:42
    env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c13c9e6ec7279078 Filesystem access.
pkgs/python/[email protected]/scripts/internal/print_hashes.py:18
    with open(file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0e765324be9bac77 Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:56
                with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #858625879ed0b46c Filesystem access.
pkgs/python/[email protected]/scripts/internal/purge_installation.py:64
                    with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46415d05a7837209 Environment-variable access.
pkgs/python/[email protected]/setup.py:46
        if "CIBUILDWHEEL" in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da17360900bd8ea7 Filesystem access.
pkgs/python/[email protected]/setup.py:142
    with open(INIT) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdca714cc2bfffb0 Environment-variable access.
pkgs/python/[email protected]/setup.py:258
        if os.getenv('CC'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10570f3c93ebbe6e Environment-variable access.
pkgs/python/[email protected]/setup.py:259
            compiler.set_executable('compiler_so', os.getenv('CC'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #1394c8610fcd52e8 Filesystem access.
pkgs/python/[email protected]/pydantic/deprecated/parse.py:71
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8411eb0cb5823cb4 Environment-variable access.
pkgs/python/[email protected]/pydantic/json_schema.py:337
                if os.getenv('PYDANTIC_PRIVATE_ALLOW_UNHANDLED_SCHEMA_TYPES'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6097bb2545724faa Filesystem access.
pkgs/python/[email protected]/pydantic/mypy.py:1373
    with open(config_file, 'rb') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #532403e2c2943a18 Environment-variable access.
pkgs/python/[email protected]/pydantic/plugin/_loader.py:27
    disabled_plugins = os.getenv('PYDANTIC_DISABLE_PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc6d4794e3adee7f Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:173
            env_vars: Mapping[str, Optional[str]] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5859f0dfb6a06ae Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:175
            env_vars = {k.lower(): v for k, v in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d733f83015c19d7 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:307
                    secret_value = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07dcb47e5778930c Filesystem access.
pkgs/python/[email protected]/pydantic/v1/mypy.py:948
    with open(config_file, read_mode) as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e87428fc94df07c Filesystem access.
pkgs/python/[email protected]/pydantic/v1/parse.py:57
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyobjc

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #52481769f385cb06 Filesystem access.
pkgs/python/[email protected]/setup.py:349
    with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #987b96bfad2d2513 Filesystem access.
pkgs/python/[email protected]/setup.py:372
                with open(os.path.join(topdir, fn)) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd2e282e526154d6 Filesystem access.
pkgs/python/[email protected]/setup.py:419
            with open(os.path.join("../pyobjc-core/Modules/objc", fn), "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7862136fb712301 Filesystem access.
pkgs/python/[email protected]/setup.py:433
                    with open(os.path.join(subdir, fn), "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d17fc1cb80b64a4 Filesystem access.
pkgs/python/[email protected]/setup.py:441
        with open("../pyobjc-core/Tools/pyobjc_setup.py", "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1e6e97f662dc9e4 Filesystem access.
pkgs/python/[email protected]/setup.py:469
                with open(os.path.join(subdir, "pyobjc_setup.py"), "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac50b0933d6ba2ed Filesystem access.
pkgs/python/[email protected]/setup.py:481
                with open(os.path.join(subdir, "setup.py")) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d069e12b97caed4 Filesystem access.
pkgs/python/[email protected]/setup.py:537
        with open("/dev/null", "a") as devnull:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f293d6e84b4e07a Filesystem access.
pkgs/python/[email protected]/setup.py:656
    with open(filename) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b01d388d6dc43341 Filesystem access.
pkgs/python/[email protected]/setup.py:688
        with open(path) as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2080667fd15a79ed Filesystem access.
pkgs/python/[email protected]/setup.py:693
        with open(path, "w") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pyotp

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #624fb99b6aa19f8a Filesystem access.
pkgs/python/[email protected]/setup.py:19
    long_description=open("README.rst").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pypdf

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #6749977b0c136fd5 Filesystem access.
pkgs/python/[email protected]/pypdf/_page.py:1899
            debug_path.joinpath("fonts.json").write_text(
                json.dumps(fonts, indent=2, default=asdict),
                "utf-8"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b62d7c3f6d4de8b Filesystem access.
pkgs/python/[email protected]/pypdf/_reader.py:168
            with open(stream, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bbbcd59b0a7dc02 Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:250
        debug_path.joinpath("bt_groups.json").write_text(
            json.dumps(ty_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d97e6af8a56c338e Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:316
        debug_path.joinpath("bts.json").write_text(
            json.dumps(bt_groups, indent=2, default=str), "utf-8"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59c4e4240936b2b6 Filesystem access.
pkgs/python/[email protected]/pypdf/_text_extraction/_layout_mode/_fixed_width_page.py:319
        debug_path.joinpath("tjs.json").write_text(
            json.dumps(
                tj_ops, indent=2, default=lambda x: getattr(x, "to_dict", str)(x)
            ),
            "utf-8",
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bc9abfcb056653d Filesystem access.
pkgs/python/[email protected]/pypdf/_utils.py:382
    with open("pypdf_pdfLocation.txt", "wb") as output_fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0912c17a58e1513d Filesystem access.
pkgs/python/[email protected]/pypdf/_writer.py:245
                with open(fileobj, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c29bd70e3cb682c4 Environment-variable access.
pkgs/python/[email protected]/pypdf/filters.py:741
            environment = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ec27d7826bf1c1ff Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/resources/afm_to_dataclass.py:24
        with urllib.request.urlopen(
            f"https://{FONT_LOC}"
        ) as connection, ZipFile(BytesIO(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

python-docx

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #1efa5a8b358ca18b Filesystem access.
pkgs/python/[email protected]/src/docx/image/image.py:41
            with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cb2eef2cd7e9628b Filesystem access.
pkgs/python/[email protected]/src/docx/opc/phys_pkg.py:47
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff6e203ce142b9fb Filesystem access.
pkgs/python/[email protected]/src/docx/parts/comments.py:49
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf242920da7f7e9c Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:31
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1550d2067f91c25d Filesystem access.
pkgs/python/[email protected]/src/docx/parts/hdrftr.py:51
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6afd5f1660f38b63 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/settings.py:48
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fcf891e3401bd0a0 Filesystem access.
pkgs/python/[email protected]/src/docx/parts/styles.py:40
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

python-dotenv

python dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #e6eeab81fbc6e207 Filesystem access.
pkgs/python/[email protected]/src/dotenv/cli.py:76
        with open(path) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f996ff89f3110880 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:194
        if v is not None and (override or k not in os.environ)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #012d1ca482343296 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/cli.py:225
    cmd_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bacc3813f4a77e2d Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:26
    if "PYTHON_DOTENV_DISABLED" not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9c6a16a08350247 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:28
    value = os.environ["PYTHON_DOTENV_DISABLED"].casefold()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae5e6cfdffe3726e Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:63
            with open(self.dotenv_path, encoding=self.encoding) as stream:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #245bf74a21428975 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:105
            if k in os.environ and not self.override:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b4d93fd419c826c9 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:108
                os.environ[k] = v

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8333c03acd41e74 Filesystem access.
pkgs/python/[email protected]/src/dotenv/main.py:148
        source: IO[str] = open(path, encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ee0c0055aed04eb Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:302
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67d876092e590cc0 Environment-variable access.
pkgs/python/[email protected]/src/dotenv/main.py:306
                env.update(os.environ)  # type: ignore

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

reportlab

python dependency
expand_more 73 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #7b1defc68d1e7132 Environment-variable access.
pkgs/python/[email protected]/demos/odyssey/dodyssey.py:9
_NEW_PARA=os.environ.get('NEW_PARA','0')[0] in ('y','Y','1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a9055052001fda8e Environment-variable access.
pkgs/python/[email protected]/demos/odyssey/dodyssey.py:10
_REDCAP=int(os.environ.get('REDCAP','0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #736f71a2e60e8ec5 Environment-variable access.
pkgs/python/[email protected]/demos/odyssey/dodyssey.py:11
_CALLBACK=os.environ.get('CALLBACK','0')[0] in ('y','Y','1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #36aeaf2374d3332c Filesystem access.
pkgs/python/[email protected]/demos/odyssey/dodyssey.py:151
    text = open(fn,'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #43ee0b926cbcb179 Filesystem access.
pkgs/python/[email protected]/demos/odyssey/dodyssey.py:223
    print('file digest: %s' % hashlib.md5(open('dodyssey.pdf','rb').read(),usedforsecurity=False).hexdigest())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8b4583ede2cbdf36 Filesystem access.
pkgs/python/[email protected]/demos/odyssey/fodyssey.py:85
    text = open(fn,'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #057b0cf94bb58ea2 Filesystem access.
pkgs/python/[email protected]/demos/odyssey/odyssey.py:101
    data = open(fn,'r').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a1a914fdea70e7e2 Filesystem access.
pkgs/python/[email protected]/demos/odyssey/odyssey.py:138
    print('file digest: %s' % hashlib.md5(open('odyssey.pdf','rb').read(),usedforsecurity=False).hexdigest())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f21a27fc2f23f631 Filesystem access.
pkgs/python/[email protected]/setup.py:81
        for l in open(pjoin(FN+'.py'),'r').readlines():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7a49be4f9ccb940 Filesystem access.
pkgs/python/[email protected]/setup.py:94
            f = open(fn,desc[1])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #eaeefac407e7c756 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/setup.py:188
    remotehandle = ureq.urlopen(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #29d98f89d5ab9f52 Filesystem access.
pkgs/python/[email protected]/setup.py:211
                    with open(pjoin(dst, name), 'wb') as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99063712cbbe56ea Filesystem access.
pkgs/python/[email protected]/setup.py:246
            with open(fn,'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6bfdcbaaedabdf8 Environment-variable access.
pkgs/python/[email protected]/setup.py:275
        if PYTHONPATH: os.environ['PYTHONPATH']=os.pathsep.join(PYTHONPATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec54c27d486fb00e Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/barcode/test.py:271
        f = open(name,'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a32ba424847a97f Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/charts/utils.py:295
        f=open(fnroot+'.default-collector.out','w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feec507ff0831e68 Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/renderPM.py:300
        with open(os.path.splitext(fn)[0]+'.'+fmt.lower(),'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48e391b77f41d2a2 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/graphics/renderPM.py:828
        if os.environ.get('RL_NOEPSPREVIEW','0')=='1': drawing.__dict__['preview'] = 0

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6598051d9d768138 Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/renderPM.py:841
    with open(htmlFileName, 'w') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bcdc62ebc83b209 Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/renderPS.py:142
            _f = open(f,'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afc51cef2a857b54 Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/renderSVG.py:267
            f = open(fn, 'w',encoding=self.encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9766f78a639bcba9 Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/shapes.py:773
            with open(filename,'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a45e1be4688c717a Filesystem access.
pkgs/python/[email protected]/src/reportlab/graphics/widgets/eventcal.py:295
        open('eventcal.%s' % format, 'wb').write(out)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5893f2c407b62c44 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/PyFontify.py:156
    f = open(path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6962c7aa5d844a03 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/lib/__init__.py:7
RL_DEBUG = 'RL_DEBUG' in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd2c04c7365a2ae4 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/fontfinder.py:225
        f = open(fileName, 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccfa20ca76447ab6 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/fontfinder.py:230
        f = open(fileName, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #afe89f2d0028764e Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/logger.py:21
            fp = open(fn,'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61ada422dedb6d60 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/pdfencrypt.py:587
    inputPDF = open(inputFileName, 'rb').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c7c2a9d356b37b3 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/pdfencrypt.py:592
    open(outputFileName, 'wb').write(outputPDF)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb642d01f6b43cb0 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/pygments2xpre.py:59
        src = open(filename, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4daffa78f389f62a Environment-variable access.
pkgs/python/[email protected]/src/reportlab/lib/rl_safe_eval.py:7
eval_debug = int(os.environ.get('EVAL_DEBUG','0'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a355ead82f9c1d6 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/rparsexml.py:123
    raw = open(filename, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfb9f42190707b44 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/rparsexml.py:443
            with open(f) as _f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64d34ffbf1ffad2f Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/testutils.py:45
        f = open(fn, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cd302738e185017 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/lib/testutils.py:66
        D = os.environ.get('RL_TEST_OUTDIR','')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dbddc13c79eaddf0 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/lib/testutils.py:105
        None if os.environ.get('OFFLINE_MOCK','1')!='1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aba1d335acad78e Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/testutils.py:110
        with open(os.path.join(testsFolder,os.path.basename(name)),'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d4e0411a645549cf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/reportlab/lib/testutils.py:114
        return urlopen(name).read()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d4917d87e2c5ef66 Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/testutils.py:156
        f = open(join(folder, 'CVS', 'Entries'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ba246db0b1882d66 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/lib/testutils.py:395
            if cond and os.environ.get('RL_indicateSkips','0')=='1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ff3f4cab5b0e1ed Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:463
        return open(name,mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #efc78650c24cf7c9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:476
    return urlopen(name).read()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1522f2bf309f511c Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:789
                self.stdout = open(stdout,'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cb48cb66d524284 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:810
        env = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #145b5865e356531f Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:857
                    store['__script'] = (fn,open(fn,'r').read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9b9427ba35770ea Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:895
        f = open(self.fn,'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ea5ffbf9b2e6d6f Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:910
        f = open(self.fn,'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be1acb637784449f Environment-variable access.
pkgs/python/[email protected]/src/reportlab/lib/utils.py:1256
        t = os.environ.get('SOURCE_DATE_EPOCH','').strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea398f4ab1b278ad Filesystem access.
pkgs/python/[email protected]/src/reportlab/lib/yaml.py:69
        data = open(filename, 'r').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffcaa943186c25a3 Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/_can_cmap_data.py:53
    open('canned_widths.py','w').write(src)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab1d1bf8b4529d8b Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/cidfonts.py:99
        rawdata = open(cmapfile, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f7b19c54fc25668 Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/cidfonts.py:195
        f = open(os.path.join(directory, self.name + '.fastmap'), 'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22200912c07ebf9f Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/cidfonts.py:204
        f = open(os.path.join(directory, self.name + '.fastmap'), 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b5855c3893785ef Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/pdfdoc.py:208
            f = open(filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0954397e3031a65d Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/pdfdoc.py:1014
                with open(self.__path,'rb') as _:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9e13be41117eed Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/pdfmetrics.py:786
    rawdata = open('../../rlextra/rml2pdf/doc/rml_user_guide.prep').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a6fe42047003aa Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfbase/pdfutils.py:102
        f = open(cachedname,'wb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c816339ad51f3138 Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfgen/pdfimages.py:45
        fp = open(self.image, 'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1db8619aea61cff6 Filesystem access.
pkgs/python/[email protected]/src/reportlab/pdfgen/pdfimages.py:81
        imagedata = open(cachedname,'rb').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76340d6fb21f7604 Filesystem access.
pkgs/python/[email protected]/src/reportlab/platypus/figures.py:375
                    f = open(self.filename,'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e24d3a6004b61c9d Filesystem access.
pkgs/python/[email protected]/src/reportlab/rl_config.py:38
                with open(fn,'rb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9183dc2bfa5d0c0e Environment-variable access.
pkgs/python/[email protected]/src/reportlab/rl_config.py:66
    if ename in environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae54173d0c34043 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/rl_config.py:67
        value = environ[ename]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f0b42218651cf29 Environment-variable access.
pkgs/python/[email protected]/src/reportlab/rl_config.py:102
        'XDG_DATA_HOME': os.environ.get('XDG_DATA_HOME','~/.local/share'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a2cd171067cd5c76 Filesystem access.
pkgs/python/[email protected]/tools/docco/codegrab.py:54
    lines = open(pathname, 'r').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8cc3ff28fbc9e2d4 Filesystem access.
pkgs/python/[email protected]/tools/docco/docpy.py:567
            file = open(self.outPath, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f88ab3ccd41c629b Filesystem access.
pkgs/python/[email protected]/tools/docco/docpy.py:668
            file = open(self.outPath, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #3edad56e6706c167 Filesystem access.
pkgs/python/[email protected]/tools/docco/graphdocpy.py:677
            f = open(self.outPath, 'w')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #6d6db78eb02c0576 Filesystem access.
pkgs/python/[email protected]/tools/docco/yaml.py:63
        data = open(filename, 'r').readlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #9f86baac370e1e48 Filesystem access.
pkgs/python/[email protected]/tools/pythonpoint/pythonpoint.py:434
            outf = open(filename, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e4e85bfff88ceac0 Filesystem access.
pkgs/python/[email protected]/tools/pythonpoint/pythonpoint.py:982
        datafile = open(datafile,'rb')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e1cca3dfc47d991e Filesystem access.
pkgs/python/[email protected]/tools/utils/add_bleed.py:10
    names, data = pageCatcher.storeFormsInMemory(open(infn,'rb').read(),prefix=prefix,all=1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #82645fa2ebc8ce48 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:771
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8409e7c8b985cf7 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:772
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c5724bf0229f29d Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:209
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cdd6c20be9e5159 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:743
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43ebdbf6826187aa Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:744
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cc51660f2f70913 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:750
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cc2245707604ad27 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:752
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a98884f1b65fe37 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:765
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typing-extensions

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #c415b2309a8b31e4 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1649
            Path(tempdir, "ann_module.py").write_text(ANN_MODULE_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e0a7b74da9ad5a2 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1650
            Path(tempdir, "ann_module2.py").write_text(ANN_MODULE_2_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb3f451938f246e7 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1651
            Path(tempdir, "ann_module3.py").write_text(ANN_MODULE_3_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d33e07cf48ff42b Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8436
            Path(tempdir, "inspect_stock_annotations.py").write_text(STOCK_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e944e90dbfec839f Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8437
            Path(tempdir, "inspect_stringized_annotations.py").write_text(STRINGIZED_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #377744bd97c9e565 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8438
            Path(tempdir, "inspect_stringized_annotations_2.py").write_text(STRINGIZED_ANNOTATIONS_2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae31fa8a0e158f85 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8887
            Path(tempdir, "inspect_stringized_annotations_pep_695.py").write_text(STRINGIZED_ANNOTATIONS_PEP_695)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

uuid7

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #34802f280a8af78b Filesystem access.
pkgs/python/[email protected]/setup.py:7
with open('README.rst') as readme_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a78524b282b2d2b0 Filesystem access.
pkgs/python/[email protected]/setup.py:10
with open('HISTORY.rst') as history_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • pillow prod — sdist exceeds byte cap
  • browser-use-core prod — no sdist (wheels only)