Close Open Privacy Scan

bolt Snapshot: commit b4ed8a2
science engine v1.4
schedule 2026-07-14T01:21:16.771590+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

smart_toy MCP server detected: @ai-sdk/anthropic, @ai-sdk/openai, @anthropic-ai/sdk, @modelcontextprotocol/sdk +2 more — detected in dependencies, not a safety judgment.
Incomplete scan — only 114/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 3095 finding(s)

Dependency score: 22 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

17 high 18 medium 3060 low
First-party packages: 21
Dependency packages: 44
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: 100.82.5.118169.254.169.254192.168.1.10agent.exampleagentskills.ioai-gateway.vercel.shai-sdk.devai.google.devaihubmix.comaiplatformaiplatform.googleapis.comaistudio.google.comapexsurveys.oracle.comapi.aiapi.ai.example.aws.ml.hana.ondemand.comapi.aihubmix.comapi.anthropic.comapi.asksage.aiapi.cerebras.aiapi.cline.botapi.deepseek.comapi.dify.aiapi.exa.aiapi.exampleapi.fireworks.aiapi.getdial.aiapi.github.comapi.groq.comapi.hicap.aiapi.inference.wandb.aiapi.kilo.aiapi.minimax.ioapi.mistral.aiapi.moonshot.aiapi.novu.coapi.openai.comapi.sambanova.aiapi.sap.comapi.studio.nebius.aiapi.telegram.orgapi.together.aiapi.together.xyzapi.v0.devapi.workos.comapi.x.aiapi.xiaomimimo.comapi.z.aiapp.baseten.coapp.cline.botapp.example.botark.cn-beijing.volces.comattacker.exampleauth.exampleauth.openai.comauth.tokenfactory.nebius.comautopush-generativelanguage.sandbox.googleapis.comavatars.githubusercontent.combailian.console.aliyun.combedrock-agent-runtimebedrock-agent-runtime.us-west-2.amazonaws.combedrock-mantlebedrock-mantle.us-east-1.api.awsbedrock-runtimebedrock-runtime.us-east-1.amazonaws.combedrock.us-east-1.amazonaws.combitcoin.orgchatgpt.comclassic.comclaude.aicline.botcline.github.iocloud.cerebras.aicloud.google.comcloud.langfuse.comcloud.tencent.comcode-internal.aiservice.us-chicago-1.oci.oraclecloud.comcode.aiservice.us-chicago-1.oci.oraclecloud.comcommunity.cline.botconfluence.oraclecorp.comconsole.aihubmix.comconsole.anthropic.comconsole.groq.comconsole.mistral.aiconsole.volcengine.comcore-api.staging.int.cline.botcurrent.examplecursor.comcustomcustom-bedrock.endpointcustom-servercustom.examplecustom.openai.apicustomersurveys.oracle.comdashboard.hicap.aidashscope.aliyuncs.comdata.cline.botdevelopers.openai.comdiscord.comdiscord.ggdocs.anthropic.comdocs.cline.botdocs.cloud.google.comdocs.expo.devdocs.litellm.aidocs.sambanova.aidummy.comejiidnob33g9ap1r.public.blob.vercel-storage.comexample-image-search.orgexample.authentication.sap.hana.ondemand.comexample.cline.botexample.ngrok-free.appexample.openai.azure.comexample1.comexample2.comexample3.comfake.localfireworks.aifirst-auth.examplefirst.ai.example.aws.ml.hana.ondemand.comfirst.comfonts.googleapis.comgemini-api-demos.uc.r.appspot.comgenerativelanguage.googleapis.comgithub.comgoo.glgoogle.aip.devhelp.openai.comhelp.sap.comhuggingface.coidcs-9dc693e80d9b469480d7afe00e743931.identity.oraclecloud.comidcs.fallbackidcs.retryignoredinfer-modelarts.cn-southwest-2.myhuaweicloud.cominference-api.nousresearch.cominference.baseten.coinference.poolside.aiinternal.examplejs-na2.hs-scripts.comjson-schema.orglangfuse.examplelinear.appllm.internal.examplelmstudio.ailogin-ext.identity.oraclecloud.commanagement.azure.commarketplace.visualstudio.commcp.context7.commcp.linear.appmetadata.google.internalmock.apimodel-api.baseten.comodelcontextprotocol.iomodels.devnew.examplenews.google.comnpm.imoauth2.googleapis.comold.exampleontheline.trincoll.eduopen.bigmodel.cnopenai-compatible.exampleopenrouter.aiplatform.claude.complatform.moonshot.aiplatform.moonshot.cnplatform.openai.compptr.devprovider-ollamaproxy.enterprise.compurl.oclc.orgpurl.orgraw.githubusercontent.comregistry.npmjs.orgrouter.huggingface.corouter.requesty.ais3s3.us-east-1.amazonaws.coms3.us-west-2.amazonaws.comschemas.microsoft.comschemas.openxmlformats.orgschemas.zwobble.orgscira.aisearch.windows.netsecond-auth.examplesecond.ai.example.aws.ml.hana.ondemand.comsecond.comskills.shstaging-app.cline.botstate-ollamastorage-account.blob.core.windows.netstorage.googleapis.comstuk.github.iosupport.huaweicloud.comt3.chattailscale-hosttailwindcss.comteam.slack.comtest.comtokenhub.tencentmaas.comus.i.posthog.comus.posthog.comuser-collectorv0.appvercel.comverifyvia.placeholder.comwandb.aiwww.allrecipes.comwww.anthropic.comwww.baseten.cowww.deepseek.comwww.foodnetwork.comwww.googleapis.comwww.linkedin.comwww.minimax.iowww.reddit.comwww.w3.orgx.aix.comyoutuz.ai

high first-party (npm): apps/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/cli/src/connectors/adapters/discord.ts:1362 repo/apps/cli/src/connectors/adapters/discord.ts:1363
high first-party (npm): apps/cli User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/cli/src/connectors/adapters/slack.ts:1000 repo/apps/cli/src/connectors/adapters/slack.ts:999
high first-party (npm): apps/vscode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/integrations/openai-codex/oauth.ts:344 repo/apps/vscode/src/integrations/openai-codex/oauth.ts:344
high first-party (npm): apps/vscode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/integrations/openai-codex/oauth.ts:395 repo/apps/vscode/src/integrations/openai-codex/oauth.ts:395
high first-party (npm): apps/vscode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/sdk/auth-service.ts:571 repo/apps/vscode/src/sdk/auth-service.ts:572
high first-party (npm): apps/vscode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/sdk/auth-service.ts:782 repo/apps/vscode/src/sdk/auth-service.ts:783
high first-party (npm): apps/vscode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:107 repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:113
high first-party (npm): apps/vscode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:188 repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:196
high first-party (npm): apps/vscode User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/utils/env.ts:97 repo/apps/vscode/src/utils/env.ts:102
high first-party (npm): sdk/packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/sdk/packages/core/src/auth/cline.ts:410 repo/sdk/packages/core/src/auth/cline.ts:409
high first-party (npm): sdk/packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/sdk/packages/core/src/auth/codex.ts:93 repo/sdk/packages/core/src/auth/codex.ts:93
high first-party (npm): sdk/packages/core User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/sdk/packages/core/src/auth/codex.ts:140 repo/sdk/packages/core/src/auth/codex.ts:140
hub Dependency data flows (6)
high ai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
high axios dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/adapters/http.js:833 pkgs/npm/[email protected]/lib/adapters/http.js:971
high @google/genai dependency User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:296 pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:305
high @modelcontextprotocol/sdk tooling User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215 pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:245
high @modelcontextprotocol/sdk tooling User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621 pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:643
medium axios dependency Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]/lib/adapters/http.js:839 pkgs/npm/[email protected]/lib/adapters/http.js:971

</> First-Party Code

first-party (npm): apps/vscode

npm first-party
high pii_flow production #3baafb19df5e3e0a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/integrations/openai-codex/oauth.ts:344 · flow /tmp/closeopen-epgogze_/repo/apps/vscode/src/integrations/openai-codex/oauth.ts:344 → /tmp/closeopen-epgogze_/repo/apps/vscode/src/integrations/openai-codex/oauth.ts:344
	const response = await fetch(OPENAI_CODEX_OAUTH_CONFIG.tokenEndpoint, {
		method: "POST",
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
		},
		body: body.toString(),
		signal: AbortSignal.timeout(30000),
	})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #486374f8b678cc92 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/integrations/openai-codex/oauth.ts:395 · flow /tmp/closeopen-epgogze_/repo/apps/vscode/src/integrations/openai-codex/oauth.ts:395 → /tmp/closeopen-epgogze_/repo/apps/vscode/src/integrations/openai-codex/oauth.ts:395
	const response = await fetch(OPENAI_CODEX_OAUTH_CONFIG.tokenEndpoint, {
		method: "POST",
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
		},
		body: body.toString(),
		signal: AbortSignal.timeout(30000),
	})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #957582c747e90862 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/sdk/auth-service.ts:572 · flow /tmp/closeopen-epgogze_/repo/apps/vscode/src/sdk/auth-service.ts:571 → /tmp/closeopen-epgogze_/repo/apps/vscode/src/sdk/auth-service.ts:572
		const response = await fetch(tokenUrl.toString(), {
			method: "POST",
			headers: {
				"Content-Type": "application/json",
				...(await buildBasicClineHeaders()),
			},
			body: JSON.stringify({
				code: "test-personal-token",
				grantType: "authorization_code",
			}),
		})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #3eb6f4a6127db049 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/sdk/auth-service.ts:783 · flow /tmp/closeopen-epgogze_/repo/apps/vscode/src/sdk/auth-service.ts:782 → /tmp/closeopen-epgogze_/repo/apps/vscode/src/sdk/auth-service.ts:783
			const response = await fetch(tokenUrl.toString(), {
				method: "POST",
				headers: {
					Accept: "application/json",
					"Content-Type": "application/json",
					...(await buildBasicClineHeaders()),
				},
				body: JSON.stringify({
					grant_type: "authorization_code",
					code: authorizationCode,
					client_type: "extension",
					redirect_uri: callbackUrl,
					provider: provider,
				}),
			})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #5bcd58ebbf0e6c4e User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:113 · flow /tmp/closeopen-epgogze_/repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:107 → /tmp/closeopen-epgogze_/repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:113
			const tokenResponse = await axios.post(tokenEndpoint, new URLSearchParams(params), {
				headers: { "Content-Type": "application/x-www-form-urlencoded" },
				...getAxiosSettings(),
			})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #3b2efccb85e69c28 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:196 · flow /tmp/closeopen-epgogze_/repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:188 → /tmp/closeopen-epgogze_/repo/apps/vscode/src/services/auth/oca/providers/OcaAuthProvider.ts:196
			const tokenResponse = await axios.post(tokenEndpoint, new URLSearchParams(params), {
				headers: { "Content-Type": "application/x-www-form-urlencoded" },
				...getAxiosSettings(),
			})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #dfcfdd0cdeeb64d0 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/vscode/src/utils/env.ts:102 · flow /tmp/closeopen-epgogze_/repo/apps/vscode/src/utils/env.ts:97 → /tmp/closeopen-epgogze_/repo/apps/vscode/src/utils/env.ts:102
			const req = http.request({
				hostname: "127.0.0.1",
				port: Number(harnessPort),
				path: "/captured-url",
				method: "POST",
				headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body) },
			})

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #bff826d5bca8d906 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/src/services/error/providers/PostHogErrorProvider.ts:1
import { PostHog } from "posthog-node"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0aecd919be853d00 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/src/services/feature-flags/providers/PostHogFeatureFlagsProvider.ts:1
import { PostHog } from "posthog-node"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1b6c829ac4f11916 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/src/services/telemetry/providers/posthog/PostHogClientProvider.ts:1
import { type EventMessage, PostHog } from "posthog-node"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5b510633943b947f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/src/services/telemetry/providers/posthog/PostHogTelemetryProvider.ts:1
import { PostHog } from "posthog-node"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 606 low-confidence finding(s)
low env_fs production #4497ef5ff3461fdd Environment-variable access.
repo/apps/vscode/.vscode-test.mjs:4
const vscodeTestVersion = process.env.VSCODE_TEST_VERSION ?? "stable"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aa3574ce2e99061 Environment-variable access.
repo/apps/vscode/esbuild.mjs:9
const production = process.argv.includes("--production") || process.env["IS_DEBUG_BUILD"] === "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c584e83949f12d32 Environment-variable access.
repo/apps/vscode/esbuild.mjs:99
if (process.env.CLINE_ENVIRONMENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d50c5b9a15d9ad7 Environment-variable access.
repo/apps/vscode/esbuild.mjs:100
	buildEnvVars["process.env.CLINE_ENVIRONMENT"] = JSON.stringify(process.env.CLINE_ENVIRONMENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abab1a19a276eb90 Environment-variable access.
repo/apps/vscode/esbuild.mjs:102
if (process.env.TELEMETRY_SERVICE_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9de34aeb19679d5 Environment-variable access.
repo/apps/vscode/esbuild.mjs:103
	buildEnvVars["process.env.TELEMETRY_SERVICE_API_KEY"] = JSON.stringify(process.env.TELEMETRY_SERVICE_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88cf08941825516e Environment-variable access.
repo/apps/vscode/esbuild.mjs:105
if (process.env.ERROR_SERVICE_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ddd6b530648743a Environment-variable access.
repo/apps/vscode/esbuild.mjs:106
	buildEnvVars["process.env.ERROR_SERVICE_API_KEY"] = JSON.stringify(process.env.ERROR_SERVICE_API_KEY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef432f66724780bf Environment-variable access.
repo/apps/vscode/esbuild.mjs:111
if (process.env.OTEL_TELEMETRY_ENABLED) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #475ebb5195c330e6 Environment-variable access.
repo/apps/vscode/esbuild.mjs:112
	buildEnvVars["process.env.OTEL_TELEMETRY_ENABLED"] = JSON.stringify(process.env.OTEL_TELEMETRY_ENABLED)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9fa647135d6a16c Environment-variable access.
repo/apps/vscode/esbuild.mjs:114
if (process.env.OTEL_LOGS_EXPORTER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46cc591b9349f6f9 Environment-variable access.
repo/apps/vscode/esbuild.mjs:115
	buildEnvVars["process.env.OTEL_LOGS_EXPORTER"] = JSON.stringify(process.env.OTEL_LOGS_EXPORTER)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d20f0c5316c0d450 Environment-variable access.
repo/apps/vscode/esbuild.mjs:117
if (process.env.OTEL_METRICS_EXPORTER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97bcf9b538ed181d Environment-variable access.
repo/apps/vscode/esbuild.mjs:118
	buildEnvVars["process.env.OTEL_METRICS_EXPORTER"] = JSON.stringify(process.env.OTEL_METRICS_EXPORTER)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a64448165387c17c Environment-variable access.
repo/apps/vscode/esbuild.mjs:120
if (process.env.OTEL_EXPORTER_OTLP_PROTOCOL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cca0f6ec649961ae Environment-variable access.
repo/apps/vscode/esbuild.mjs:121
	buildEnvVars["process.env.OTEL_EXPORTER_OTLP_PROTOCOL"] = JSON.stringify(process.env.OTEL_EXPORTER_OTLP_PROTOCOL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b770126f04ed9d4f Environment-variable access.
repo/apps/vscode/esbuild.mjs:123
if (process.env.OTEL_EXPORTER_OTLP_ENDPOINT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb4b82f47f10d4c0 Environment-variable access.
repo/apps/vscode/esbuild.mjs:124
	buildEnvVars["process.env.OTEL_EXPORTER_OTLP_ENDPOINT"] = JSON.stringify(process.env.OTEL_EXPORTER_OTLP_ENDPOINT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #815a48c4ca2f62c6 Environment-variable access.
repo/apps/vscode/esbuild.mjs:126
if (process.env.OTEL_EXPORTER_OTLP_HEADERS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cef0ab435acdf9e Environment-variable access.
repo/apps/vscode/esbuild.mjs:127
	buildEnvVars["process.env.OTEL_EXPORTER_OTLP_HEADERS"] = JSON.stringify(process.env.OTEL_EXPORTER_OTLP_HEADERS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13ce41d8b0ad5ebd Environment-variable access.
repo/apps/vscode/esbuild.mjs:129
if (process.env.OTEL_METRIC_EXPORT_INTERVAL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e2ed7ad227f60e1 Environment-variable access.
repo/apps/vscode/esbuild.mjs:130
	buildEnvVars["process.env.OTEL_METRIC_EXPORT_INTERVAL"] = JSON.stringify(process.env.OTEL_METRIC_EXPORT_INTERVAL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad8977a92d05d8de Filesystem access.
repo/apps/vscode/scripts/build-proto.mjs:5
import fsSync from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #526b9793de3cb5b4 Filesystem access.
repo/apps/vscode/scripts/build-proto.mjs:6
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1430170621ee429b Filesystem access.
repo/apps/vscode/scripts/build-proto.mjs:100
	fsSync.writeFileSync(wrapperPath, `@echo off\r\nnode "${pluginJs}" %*\r\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edd6b8acd0c3c07b Filesystem access.
repo/apps/vscode/scripts/build-python-proto.mjs:5
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d63b5777e87635dc Environment-variable access.
repo/apps/vscode/scripts/build-python-proto.mjs:31
	const envPy = process.env.PYTHON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61c5d8585348e77c Filesystem access.
repo/apps/vscode/scripts/build-python-proto.mjs:69
		await fs.writeFile(path.join(dir, "__init__.py"), "", { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36286384edb44614 Filesystem access.
repo/apps/vscode/scripts/build-python-proto.mjs:84
		const content = await fs.readFile(full, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a276a98f7e97f43 Filesystem access.
repo/apps/vscode/scripts/build-python-proto.mjs:147
	await fs.writeFile(path.join(outDir, "connection.py"), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3644cae5bcdb2544 Filesystem access.
repo/apps/vscode/scripts/build-python-proto.mjs:227
	await fs.writeFile(path.join(clientDir, "cline_client.py"), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28f4fd8eb502afc0 Filesystem access.
repo/apps/vscode/scripts/build-python-proto.mjs:301
		await fs.writeFile(path.join(outDir, fileName), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a8d08cb665b6e3f Filesystem access.
repo/apps/vscode/scripts/build-python-proto.mjs:324
	await fs.writeFile(path.join(outDir, "pyproject.toml"), content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e959563cffe000c Filesystem access.
repo/apps/vscode/scripts/build-tests.js:3
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2527790128b7fb66 Filesystem access.
repo/apps/vscode/scripts/build-tests.js:82
			if (nonMochaTestImport.test(fs.readFileSync(full, "utf-8"))) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #309a117f179c6b9f Filesystem access.
repo/apps/vscode/scripts/build-tests.js:92
const baseTestConfig = JSON5.parse(fs.readFileSync(path.join(projectRoot, "tsconfig.test.json"), "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61f9373f6f6a7335 Filesystem access.
repo/apps/vscode/scripts/build-tests.js:95
fs.writeFileSync(generatedConfigPath, JSON.stringify(baseTestConfig, null, "\t"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8971e38e695de4be Filesystem access.
repo/apps/vscode/scripts/download-ripgrep.mjs:10
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51ca1a05d8e557e0 Filesystem access.
repo/apps/vscode/scripts/file-utils.mjs:1
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79c1b0b7f9bad520 Filesystem access.
repo/apps/vscode/scripts/file-utils.mjs:8
	await fs.writeFile(filePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07c662c75063626f Filesystem access.
repo/apps/vscode/scripts/find-dead-src.mjs:99
	const text = fs.readFileSync(path.join(root, wf), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #807eb0a53f5d763d Filesystem access.
repo/apps/vscode/scripts/find-dead-src.mjs:128
fs.writeFileSync("/tmp/dead-src.json", JSON.stringify(dead, null, "\t"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d935c96ac4df3906 Filesystem access.
repo/apps/vscode/scripts/generate-state-proto.mjs:304
		const protoContent = await fs.readFile(STATE_PROTO_PATH, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf288fd93eb842d2 Filesystem access.
repo/apps/vscode/scripts/generate-state-proto.mjs:446
	let protoContent = await fs.readFile(STATE_PROTO_PATH, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a146789e6ce88ff5 Filesystem access.
repo/apps/vscode/scripts/generate-state-proto.mjs:453
	await fs.writeFile(STATE_PROTO_PATH, protoContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #310421a184a7e451 Filesystem access.
repo/apps/vscode/scripts/generate-stubs.js:1
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e76b16c7ac17437 Filesystem access.
repo/apps/vscode/scripts/generate-stubs.js:102
	fs.writeFileSync(outputPath, output.join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79977e221a0b5639 Filesystem access.
repo/apps/vscode/scripts/interactive-playwright.ts:31
import { mkdtempSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdff726915d3ca48 Filesystem access.
repo/apps/vscode/scripts/marketplace-readme.mjs:36
	return fs.readFileSync(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b67ccca54efbdecd Filesystem access.
repo/apps/vscode/scripts/package-standalone.mjs:5
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec9280369aca5404 Filesystem access.
repo/apps/vscode/scripts/package-standalone.mjs:6
import { cp } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98845215580fbe72 Environment-variable access.
repo/apps/vscode/scripts/package-standalone.mjs:16
const IS_DEBUG_BUILD = process.env.IS_DEBUG_BUILD === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c741df722fced4c Filesystem access.
repo/apps/vscode/scripts/package-standalone.mjs:202
	const rawIgnore = fs.readFileSync(".vscodeignore", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e911974c10a3e586 Filesystem access.
repo/apps/vscode/scripts/proto-shared-utils.mjs:1
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #772941ab380ad8e5 Filesystem access.
repo/apps/vscode/scripts/proto-shared-utils.mjs:14
		const content = await fs.readFile(path.join(protoDir, protoFilePath), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac76c02234242969 Filesystem access.
repo/apps/vscode/scripts/proto-utils.mjs:5
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b303dc09376e4720 Filesystem access.
repo/apps/vscode/scripts/proto-utils.mjs:27
	const descriptorBuffer = await fs.readFile(DESCRIPTOR_SET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #250a6ebfcae642bb Filesystem access.
repo/apps/vscode/scripts/publish-nightly.mjs:188
		this.originalPackageJson = fs.readFileSync(config.packageJsonPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ca36d4f146c664d Filesystem access.
repo/apps/vscode/scripts/publish-nightly.mjs:189
		fs.writeFileSync(config.packageBackupPath, this.originalPackageJson)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3da754e8b85ee6cf Filesystem access.
repo/apps/vscode/scripts/publish-nightly.mjs:199
			fs.writeFileSync(config.packageJsonPath, this.originalPackageJson)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa4cfbdd5f95aced Filesystem access.
repo/apps/vscode/scripts/publish-nightly.mjs:349
		const rawContent = fs.readFileSync(config.packageJsonPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44bb05bdb0b68ff3 Filesystem access.
repo/apps/vscode/scripts/publish-nightly.mjs:372
		fs.writeFileSync(config.packageJsonPath, JSON.stringify(pkg, null, "\t"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbb2e256abfaeb48 Environment-variable access.
repo/apps/vscode/scripts/publish-nightly.mjs:417
		const token = process.env.VSCE_PAT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82be02699d206414 Environment-variable access.
repo/apps/vscode/scripts/publish-nightly.mjs:451
		const token = process.env.OVSX_PAT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae51cc224b59c6c5 Environment-variable access.
repo/apps/vscode/scripts/test-hostbridge-server.ts:38
	const bindAddress = process.env.HOST_BRIDGE_ADDRESS || `127.0.0.1:26041`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82c10ec637e660ca Environment-variable access.
repo/apps/vscode/scripts/test-hostbridge-server.ts:65
						const workspaceDir = process.env.TEST_HOSTBRIDGE_WORKSPACE_DIR || "/test-workspace"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4cece01cc6eb8af Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:38
const PROTOBUS_PORT = process.env.PROTOBUS_PORT || "26040"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01523c089fc6fef4 Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:39
const HOSTBRIDGE_PORT = process.env.HOSTBRIDGE_PORT || "26041"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19092c48c62e6c96 Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:40
const WORKSPACE_DIR = process.env.WORKSPACE_DIR || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5231d5e837f666a5 Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:41
const E2E_TEST = process.env.E2E_TEST || "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5c0bcf4efac9af3 Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:42
const CLINE_ENVIRONMENT = process.env.CLINE_ENVIRONMENT || "local"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc22914b538280b5 Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:43
const USE_C8 = process.env.USE_C8 === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #104433f52dba20f3 Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:46
const projectRoot = process.env.PROJECT_ROOT || path.resolve(__dirname, "..")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e2a64888cf62c5a Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:47
const distDir = process.env.CLINE_DIST_DIR || path.join(projectRoot, "dist-standalone")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83939a3f8c48568d Environment-variable access.
repo/apps/vscode/scripts/test-standalone-core-api-server.ts:48
const clineCoreFile = process.env.CLINE_CORE_FILE || "cline-core.js"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f546103b72f41658 Filesystem access.
repo/apps/vscode/scripts/testing-platform-orchestrator.ts:23
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64ede90926bfea8a Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #79ee190c39ca718b Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:65
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(validConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #61d9345d8f43209c Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:95
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(validConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #192994dbae1073fd Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:112
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(validConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bcbf0d824db8d08a Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:123
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), "{ invalid json }", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7b41f67c2497626 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:135
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), '{"appBaseUrl": "https://test.com"', "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8a4f65572c8536b Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:147
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), "", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b4660547714f5d33 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:158
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), '"just a string"', "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70e7bff9f0799ad4 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:170
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), "[]", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a6ba43c38c8ba4a Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:183
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), "null", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9bc06f33c414b83b Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:202
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #12f64c1cc50ab4e1 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:219
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5adf12c905aacc5b Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:236
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a64f7e4ba978975 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:248
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), "{}", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #98606a9f05e63032 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:266
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb9a170b796242cf Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:284
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #987b8cc7f01175b2 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:302
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45e9a77ef32eb93e Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:320
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #adca71c8c426dd2c Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:340
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22d41faa24f82ca8 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:358
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f7153ad1717bb25 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:376
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #820cbfaf570bd98a Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:395
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #32ea0553897dc7c6 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:415
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0236003bcb2b189c Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:438
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4ae004a7ea94f187 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:481
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a630e97ad666d5b8 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:496
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(customConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #58d50bdb5384dd1c Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:541
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(config), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b47bbd8b6742dadf Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:585
			await fs.writeFile(path.join(bundledDir, "endpoints.json"), JSON.stringify(bundledConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f73a66217ccce72c Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:610
			await fs.writeFile(path.join(bundledDir, "endpoints.json"), JSON.stringify(bundledConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a680083e347f2730 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:611
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(userConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1fa9a98de102be9 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:630
			await fs.writeFile(path.join(tempDir, ".cline", "endpoints.json"), JSON.stringify(userConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7702f9637cf64d3e Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:661
			await fs.writeFile(path.join(bundledDir, "endpoints.json"), JSON.stringify(invalidConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #685e3250704e8af2 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:675
			await fs.writeFile(path.join(bundledDir, "endpoints.json"), "{ invalid json }", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0ece22418df4175 Filesystem access.
repo/apps/vscode/src/__tests__/config.test.ts:693
			await fs.writeFile(path.join(bundledDir, "endpoints.json"), JSON.stringify(incompleteConfig), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba10aa037145e19a Filesystem access.
repo/apps/vscode/src/config.ts:1
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b458c71acde90ed6 Filesystem access.
repo/apps/vscode/src/config.ts:154
			const fileContent = await fs.readFile(bundledPath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #865cd46eae256c89 Filesystem access.
repo/apps/vscode/src/config.ts:187
			const fileContent = await fs.readFile(userPath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fec1df015cf0f19a Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #50f523e060d2aa7e Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:14
			await fs.writeFile(path.join(rulesDir, "universal.md"), "Always on")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #643d6d3bfa6ea729 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:15
			await fs.writeFile(path.join(rulesDir, "scoped.md"), `---\npaths:\n  - "src/**"\n---\n\nOnly for src`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #df5de54f79a96862 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:47
			await fs.writeFile(
				path.join(rulesDir, "invalid.md"),
				`---\npaths: *\n---\n\nInvalid YAML, but should still be included`,
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #090380f5ed9d60da Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:76
			await fs.writeFile(path.join(rulesDir, "scoped-empty.md"), `---\npaths: []\n---\n\nShould never activate`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1d0806d23e980ffb Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:98
			await fs.writeFile(path.join(rulesDir, "a.md"), `---\npaths:\n  - "src/**"\n---\n\nA`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #24ce0d7bd33724ed Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:99
			await fs.writeFile(path.join(rulesDir, "b.md"), `---\npaths:\n  - "src/**"\n---\n\nB`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91bd64185edb92b5 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/rule-loading.test.ts:100
			await fs.writeFile(path.join(rulesDir, "c.md"), `---\npaths:\n  - "src/**"\n---\n\nC`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #73feeb3c4d54eaeb Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/__tests__/skills.test.ts:8
import * as actualFsPromises from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd64333f14189536 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/rule-helpers.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c27e303f0c656915 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/rule-helpers.ts:224
			const raw = (await fs.readFile(ruleFilePath, "utf8")).trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db5e063805ae6b6b Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/rule-helpers.ts:311
			const content = await fs.readFile(clinerulePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f8b99a7eb7e8017 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/rule-helpers.ts:316
				await fs.writeFile(path.join(clinerulePath, defaultRuleFilename), content, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d7a07ce79d7be4c Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/rule-helpers.ts:387
		await fs.writeFile(filePath, "", "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9702fac529bd5811 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/skills.ts:5
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef7e509b6f307dc4 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/skills.ts:72
		const content = await fs.readFile(skillMdPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed1fc716d691d352 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/skills.ts:75
			await fs.writeFile(skillMdPath, updated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6022d7e3995243cf Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/skills.ts:180
		const fileContent = await fs.readFile(skillMdPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa8a3e26bd41faa7 Filesystem access.
repo/apps/vscode/src/core/context/instructions/user-instructions/skills.ts:303
		const fileContent = await fs.readFile(skill.path, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1519867d698971b4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/account/hicapAuthClicked.ts:11
	const authUrl = new URL("https://dashboard.hicap.ai/setup")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c5498e6ba39b7250 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/account/openrouterAuthClicked.ts:11
	const authUrl = new URL("https://openrouter.ai/auth")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bc078211037a3194 Filesystem access.
repo/apps/vscode/src/core/controller/file/createHook.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a96440b1b84c27d1 Filesystem access.
repo/apps/vscode/src/core/controller/file/createHook.ts:48
	await fs.writeFile(hookPath, templateContent, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b24bbfa790d840c Filesystem access.
repo/apps/vscode/src/core/controller/file/createSkillFile.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #312775e7740b176f Filesystem access.
repo/apps/vscode/src/core/controller/file/createSkillFile.ts:96
	await fs.writeFile(skillMdPath, content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b54d544e37ca6262 Filesystem access.
repo/apps/vscode/src/core/controller/file/deleteHook.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90dc3cc38df00f54 Filesystem access.
repo/apps/vscode/src/core/controller/file/deleteSkillFile.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5c32a18b033f25c Filesystem access.
repo/apps/vscode/src/core/controller/file/ifFileExistsRelativePath.ts:4
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #670edfa90f0bd4b3 Filesystem access.
repo/apps/vscode/src/core/controller/file/openFile.ts:79
	await writeFile(tempPath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2545ded46813886 Filesystem access.
repo/apps/vscode/src/core/controller/file/refreshHooks.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acc5c36f9c94a86e Filesystem access.
repo/apps/vscode/src/core/controller/file/toggleHook.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2af65eebb6eeae55 Environment-variable access.
repo/apps/vscode/src/core/controller/grpc-recorder/grpc-recorder.builder.ts:49
				.enableIf(process.env.GRPC_RECORDER_ENABLED === "true" && process.env.CLINE_ENVIRONMENT === "local")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e24845707e16caf1 Environment-variable access.
repo/apps/vscode/src/core/controller/grpc-recorder/grpc-recorder.builder.ts:79
	if (process.env.GRPC_RECORDER_TESTS_FILTERS_ENABLED === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71f8111e297829cb Environment-variable access.
repo/apps/vscode/src/core/controller/grpc-recorder/grpc-recorder.builder.ts:109
	if (controller && process.env.GRPC_RECORDER_TESTS_FILTERS_ENABLED === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07759a6f75e651c2 Filesystem access.
repo/apps/vscode/src/core/controller/grpc-recorder/log-file-handler.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88ff433dc0d5b372 Environment-variable access.
repo/apps/vscode/src/core/controller/grpc-recorder/log-file-handler.ts:30
		const workspaceFolder = process.env.DEV_WORKSPACE_FOLDER ?? process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #913911a6ac8e1f21 Environment-variable access.
repo/apps/vscode/src/core/controller/grpc-recorder/log-file-handler.ts:40
		const envFileName = path.basename(process.env.GRPC_RECORDER_FILE_NAME || "").replace(/[^a-zA-Z0-9-_]/g, "_")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #401f560517927e59 Filesystem access.
repo/apps/vscode/src/core/controller/grpc-recorder/log-file-handler.ts:51
		await writeFile(this.logFilePath, JSON.stringify(initialData, null, 2), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afe83819e3bbb3c3 Filesystem access.
repo/apps/vscode/src/core/controller/grpc-recorder/log-file-handler.ts:55
		await writeFile(this.logFilePath, JSON.stringify(sessionLog, null, 2), "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1e32ccd8293714cc Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/marketplace/marketplace-helpers.ts:112
	const response = await fetch(MARKETPLACE_CATALOG_URL, {
		headers: { Accept: "application/json" },
	})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #02b69a0c79333ef9 Environment-variable access.
repo/apps/vscode/src/core/controller/marketplace/marketplace-helpers.ts:153
	return process.env.CLINE_DIR?.trim() || join(homedir(), ".cline")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fe82e2db0da3939 Filesystem access.
repo/apps/vscode/src/core/controller/marketplace/marketplace-helpers.ts:411
		const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8")) as { name?: unknown }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8da8cbdd3145654d Environment-variable access.
repo/apps/vscode/src/core/controller/models/__tests__/providerCatalogSmoke.test.ts:31
		originalClineDir = process.env.CLINE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f6ac3895bfeb79bd Environment-variable access.
repo/apps/vscode/src/core/controller/models/__tests__/providerCatalogSmoke.test.ts:32
		process.env.CLINE_DIR = clineDir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ba7805ac23a5a9b Environment-variable access.
repo/apps/vscode/src/core/controller/models/__tests__/providerCatalogSmoke.test.ts:45
			delete process.env.CLINE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6067d557b182c618 Environment-variable access.
repo/apps/vscode/src/core/controller/models/__tests__/providerCatalogSmoke.test.ts:47
			process.env.CLINE_DIR = originalClineDir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dd143da60d5cc6fb Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/models/getAihubmixModels.ts:16
		const response = await axios.get("https://aihubmix.com/call/mdl_info_platform?tag=coding", getAxiosSettings())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #18f84daa33b2e6cc Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/models/refreshBasetenModels.ts:91
			const response = await axios.get("https://inference.baseten.co/v1/models", {
				headers: {
					Authorization: `Bearer ${cleanApiKey}`,
					"Content-Type": "application/json",
					"User-Agent": "Cline-VSCode-Extension",
				},
				timeout: 10000, // 10 second timeout
				...getAxiosSettings(),
			})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0a2b82735cdc5230 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshBasetenModels.ts:137
			await fs.writeFile(basetenModelsFilePath, JSON.stringify(models))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #746a982e0518cb0a Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshBasetenModels.ts:230
			const fileContents = await fs.readFile(basetenModelsFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e977d14976268b0 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshGroqModels.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #75acc5639a8c9412 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/models/refreshGroqModels.ts:113
			const response = await axios.get("https://api.groq.com/openai/v1/models", {
				headers: {
					Authorization: `Bearer ${cleanApiKey}`,
					"Content-Type": "application/json",
					"User-Agent": "Cline-VSCode-Extension",
				},
				timeout: 10000, // 10 second timeout
				...getAxiosSettings(),
			})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #332182fb6266463b Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshGroqModels.ts:150
				await fs.writeFile(groqModelsFilePath, JSON.stringify(models))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18a24d9cf475250f Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshGroqModels.ts:240
			const fileContents = await fs.readFile(groqModelsFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6b43a049bbb08f5 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshHicapModels.ts:5
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #29d606e9d42a2bed Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/models/refreshHicapModels.ts:38
		const response = await axios.get("https://api.hicap.ai/v2/openai/models", {
			headers: {
				"api-key": hicapApiKey,
			},
			...getAxiosSettings(),
		})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #7129804bc94ecd35 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshHicapModels.ts:63
		await fs.writeFile(hicapModelsFilePath, JSON.stringify(models))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfd49a736436cfec Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshHuggingFaceModels.ts:7
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2e3c222e0101f88e Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/models/refreshHuggingFaceModels.ts:57
		const response = await axios.get("https://router.huggingface.co/v1/models", {
			timeout: 10000,
			...getAxiosSettings(),
		})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #13d792585e9d2398 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshHuggingFaceModels.ts:96
			await fs.writeFile(huggingFaceModelsFilePath, JSON.stringify(models, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ab72d3db8afeb7e Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshHuggingFaceModels.ts:104
				const cachedModels = await fs.readFile(huggingFaceModelsFilePath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4062ad73d34500e Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshOpenRouterModels.ts:5
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c55052743bd6c4ab Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/models/refreshOpenRouterModels.ts:117
		const response = await axios.get("https://openrouter.ai/api/v1/models", getAxiosSettings())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fa768dc64eb78c41 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshOpenRouterModels.ts:288
			await fs.writeFile(openRouterModelsFilePath, JSON.stringify(models))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e80d617c1246d482 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshVercelAiGatewayModels.ts:5
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5bb533a9aa0b9bed Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/core/controller/models/refreshVercelAiGatewayModels.ts:125
		const response = await axios.get("https://ai-gateway.vercel.sh/v1/models?include_mappings=true", getAxiosSettings())

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c3b7b896f21f76da Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshVercelAiGatewayModels.ts:158
			await fs.writeFile(vercelAiGatewayModelsFilePath, JSON.stringify(models))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed3db010d9124091 Filesystem access.
repo/apps/vscode/src/core/controller/models/refreshVercelAiGatewayModels.ts:187
			const fileContents = await fs.readFile(vercelAiGatewayModelsFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #427a59f0fdb78f68 Filesystem access.
repo/apps/vscode/src/core/controller/worktree/createWorktreeInclude.ts:3
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d4bee62c4b66952 Filesystem access.
repo/apps/vscode/src/core/controller/worktree/createWorktreeInclude.ts:27
		await fs.writeFile(filePath, request.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffab511da3aa94cb Filesystem access.
repo/apps/vscode/src/core/controller/worktree/getWorktreeIncludeStatus.ts:4
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a76298a394b2aba Filesystem access.
repo/apps/vscode/src/core/controller/worktree/getWorktreeIncludeStatus.ts:37
		gitignoreContent = await fs.readFile(path.join(cwd, ".gitignore"), "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3d6bed20e132e1c Environment-variable access.
repo/apps/vscode/src/core/hooks/HookDiscoveryCache.ts:70
	private debug = process.env.DEBUG_HOOKS === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #573421a28be409d8 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/posttooluse/error/PostToolUse:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a0918b9149b5c80 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/posttooluse/success/PostToolUse:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ee4a1caf33b0c9cb Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/pretooluse/blocking/PreToolUse:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c836b69e2462080c Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/pretooluse/context-injection/PreToolUse:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f41f0ac21baf93ac Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/pretooluse/error/PreToolUse:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6669e0a5f40bf52f Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/pretooluse/success/PreToolUse:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb3d698334cf1653 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskcomplete/context-injection/TaskComplete:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3553cd19a8f1ec4b Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskresume/context-deleted/TaskResume:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #76a3f0156a5421e7 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskresume/context-injection/TaskResume:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #87678730bddf7d88 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskresume/long-pause/TaskResume:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #51c441450f3e65f6 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskresume/message-count/TaskResume:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05d2cc0d5910d023 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskresume/recent-resume/TaskResume:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a2f8bb24530ae94c Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskresume/success/TaskResume:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23e469384132831d Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskstart/blocking/TaskStart:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1c744307081d57e9 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/taskstart/success/TaskStart:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8a4ac30b876e94c6 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/userpromptsubmit/blocking/UserPromptSubmit:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4700d23f9a2bdcf Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/userpromptsubmit/context-injection/UserPromptSubmit:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bf9953384dda1c03 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/userpromptsubmit/empty-prompt/UserPromptSubmit:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b1dac0bfcd7dc2d0 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/userpromptsubmit/large-prompt/UserPromptSubmit:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e513533e99969fe1 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/userpromptsubmit/multiline/UserPromptSubmit:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8781e7b570a7e748 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/userpromptsubmit/special-chars/UserPromptSubmit:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9163cce4c15b4f8d Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/hooks/userpromptsubmit/success/UserPromptSubmit:2
const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8325c440339e5279 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/fixtures/template/HookName:14
  const input = JSON.parse(require('fs').readFileSync(0, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b291234018e37247 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3c26871bf99ba10d Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:288
			const ps1Content = await fs.readFile(`${hookBasePath}.ps1`, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c03f6e3ec7bfe3f Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:296
			await fs.writeFile(ps1Path, "Write-Output '{\"cancel\":false}'")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4db96a35ea670206 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:313
			await fs.writeFile(extensionless, "Write-Output '{\"cancel\":false}'")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #060452e232c7e9a4 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:314
			await fs.writeFile(ps1Path, "Write-Output '{\"cancel\":false}'")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #924b006d878d0c96 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:330
			await fs.writeFile(ps1Path, "Write-Output '{\"cancel\":false}'")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cbedf8264279414 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:344
			await fs.writeFile(hookPath, hookScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #07155ddbcf8ac52f Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:368
			await fs.writeFile(hookPath, hookScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6aa6e4c1794708e8 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/setup.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3d875b0a251de432 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/taskcancel.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6606e0d2166d41a2 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/taskcomplete.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6923239b1d54c905 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/taskresume.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56099c3c8a2c12e7 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/taskstart.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c02548b082bda347 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/test-utils.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cb3feaf937d5efeb Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/test-utils.ts:216
		await fs.writeFile(jsPath, nodeScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b58317395d36997e Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/test-utils.ts:217
		await fs.writeFile(ps1Path, psBridge)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68a06ddad02c3d6c Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/test-utils.ts:221
	await fs.writeFile(hookPath, nodeScript)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4bfa159b8704c718 Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/test-utils.ts:590
			const sourceContent = await fs.readFile(sourceFile, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48e54446667dff5e Filesystem access.
repo/apps/vscode/src/core/hooks/__tests__/user-prompt-submit.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7f3cd8157a13e6a Filesystem access.
repo/apps/vscode/src/core/hooks/hook-factory.ts:1
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e03b7367e814368 Filesystem access.
repo/apps/vscode/src/core/hooks/utils.ts:1
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecff81a03827614a Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfeffb4d25bb2bac Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:18
		await fs.writeFile(
			path.join(tempDir, ".clineignore"),
			[".env", "*.secret", "private/", "# This is a comment", "", "temp.*", "file-with-space-at-end.* ", "**/.git/**"].join(
				"\n",
			),
		)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37b6fcc1e41fc0b2 Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:83
			await fs.writeFile(
				path.join(tempDir, ".clineignore"),
				["*.secret", "private/", "*.tmp", "data-*.json", "temp/*"].join("\n"),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #633a2fc7724d1064 Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:153
			await fs.writeFile(
				path.join(tempDir, ".clineignore"),
				["# Comment line", "*.secret", "private/", "temp.*"].join("\n"),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8d5d09ea1b0b39b Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:236
			await fs.writeFile(path.join(tempDir, ".clineignore"), "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33708d1209e07d7d Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:249
			await fs.writeFile(path.join(tempDir, ".gitignore"), ["*.log", "debug/"].join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6d31eab7131abf0 Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:252
			await fs.writeFile(path.join(tempDir, ".clineignore"), ["!include .gitignore", "secret.txt"].join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d0a01ae77bcf89c Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:270
			await fs.writeFile(path.join(tempDir, ".clineignore"), ["!include missing-file.txt"].join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2d32d55a12742af Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.test.ts:282
			await fs.writeFile(path.join(tempDir, ".clineignore"), ["!include non-existent.txt", "*.tmp"].join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0fd80b9f656dac0 Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74bec33617c8575c Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.ts:82
				const content = await fs.readFile(ignorePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d364c658fd65e8a0 Filesystem access.
repo/apps/vscode/src/core/ignore/ClineIgnoreController.ts:147
		return await fs.readFile(resolvedIncludePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c661d693beb4f97 Filesystem access.
repo/apps/vscode/src/core/locks/SqliteLockManager.ts:2
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caa37852e21ade05 Filesystem access.
repo/apps/vscode/src/core/locks/SqliteLockManager.ts:3
import { existsSync, mkdirSync, unlinkSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #068c969f55c90182 Filesystem access.
repo/apps/vscode/src/core/locks/SqliteLockManager.ts:48
				fs.writeFileSync(fd, Date.now().toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d442eaf9e969f66 Filesystem access.
repo/apps/vscode/src/core/locks/SqliteLockManager.ts:97
				const timestampStr = fs.readFileSync(lockFile, "utf8").trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d8b7b07e52f78a3 Filesystem access.
repo/apps/vscode/src/core/mentions/index.test.ts:7
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2765eb82717a5a3 Filesystem access.
repo/apps/vscode/src/core/mentions/index.ts:10
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dfd8260db27212c7 Filesystem access.
repo/apps/vscode/src/core/storage/__tests__/disk.test.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b14859fc989dbeba Filesystem access.
repo/apps/vscode/src/core/storage/__tests__/disk.test.ts:105
			await fs.writeFile(hooksPath, "not a directory")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cf932ddf11cf3f79 Filesystem access.
repo/apps/vscode/src/core/storage/__tests__/syncRemoteMcpServers.test.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6a8e9aaa84415f42 Filesystem access.
repo/apps/vscode/src/core/storage/__tests__/syncRemoteMcpServers.test.ts:21
		await fs.writeFile(settingsPath, JSON.stringify({ mcpServers: {} }, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9dcbfdd7eb47976b Filesystem access.
repo/apps/vscode/src/core/storage/__tests__/syncRemoteMcpServers.test.ts:34
		await fs.writeFile(settingsPath, JSON.stringify({ mcpServers }, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #772179db903176f6 Filesystem access.
repo/apps/vscode/src/core/storage/__tests__/syncRemoteMcpServers.test.ts:38
		const content = await fs.readFile(settingsPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fbb11228c3ea9b8f Filesystem access.
repo/apps/vscode/src/core/storage/__tests__/syncRemoteMcpServers.test.ts:234
			await fs.writeFile(settingsPath, JSON.stringify({}, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5d74b46280ac110 Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07541d46c97a8e03 Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:147
		await fs.writeFile(tempPath, JSON.stringify({ mcpServers: {} }, null, 2), { encoding: "utf8", flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88e44b6309cc6d8c Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:165
		return JSON.parse(await fs.readFile(filePath, "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20031771ceb55fff Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:174
			return JSON.parse(await fs.readFile(filePath, "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a37ec6f14e4f289 Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:186
		await fs.writeFile(filePath, JSON.stringify(metadata, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a825322654a0af16 Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:208
			const settingsContent = await fs.readFile(settingsFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bafda3cdea9b046 Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:227
			const existingSettingsContent = await fs.readFile(settingsFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d927789377ce557 Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:232
		await fs.writeFile(settingsFilePath, JSON.stringify(updatedSettings, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab1b2af5dea43ef7 Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:244
			const fileContents = await fs.readFile(remoteConfigFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0421b33d553a7d5d Filesystem access.
repo/apps/vscode/src/core/storage/disk.ts:257
		await fs.writeFile(remoteConfigFilePath, JSON.stringify(config))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56c4dea8b734c316 Environment-variable access.
repo/apps/vscode/src/core/storage/remote-config/sdk-refresh.ts:17
	const clineDir = process.env.CLINE_DIR || path.join(os.homedir(), ".cline")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3970a183e86bdb2b Filesystem access.
repo/apps/vscode/src/core/storage/state-migrations.ts:1
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a934a2884658e936 Filesystem access.
repo/apps/vscode/src/core/storage/state-migrations.ts:91
					existingContent = await fs.readFile(migrationFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61c65a020f60b831 Filesystem access.
repo/apps/vscode/src/core/storage/state-migrations.ts:101
				await fs.writeFile(migrationFilePath, contentToWrite)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae6f053854fe562c Filesystem access.
repo/apps/vscode/src/core/task/focus-chain/file-utils.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d12365242e7ce1e7 Filesystem access.
repo/apps/vscode/src/core/task/focus-chain/file-utils.ts:73
		await fs.writeFile(focusChainFilePath, fileContent, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #439ed05b596bc2b7 Filesystem access.
repo/apps/vscode/src/core/task/tools/subagent/AgentConfigLoader.ts:5
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1462e0f241827730 Filesystem access.
repo/apps/vscode/src/core/task/tools/subagent/AgentConfigLoader.ts:134
					const content = await fs.readFile(filePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0580bef6192299f6 Filesystem access.
repo/apps/vscode/src/core/webview/WebviewProvider.ts:4
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #860fcf5952812472 Filesystem access.
repo/apps/vscode/src/core/webview/WebviewProvider.ts:135
		return readFile(portFilePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e79a2787e6c4e006 Environment-variable access.
repo/apps/vscode/src/core/webview/WebviewProvider.ts:166
			if (process.env.IS_DEV) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fa02ab5d7222cc9 Environment-variable access.
repo/apps/vscode/src/core/workspace/WorkspaceResolver.ts:24
	private traceEnabled = process.env.MULTI_ROOT_TRACE === "true" || process.env.NODE_ENV === "development"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05d074377a0a444a Environment-variable access.
repo/apps/vscode/src/core/workspace/__tests__/WorkspaceResolver.test.ts:22
		originalEnv = process.env.MULTI_ROOT_TRACE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a140b3c7f8458f5b Environment-variable access.
repo/apps/vscode/src/core/workspace/__tests__/WorkspaceResolver.test.ts:27
		process.env.MULTI_ROOT_TRACE = originalEnv

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b95fb4a527627cc7 Environment-variable access.
repo/apps/vscode/src/core/workspace/__tests__/WorkspaceResolver.test.ts:73
			process.env.MULTI_ROOT_TRACE = "false"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cca055a64bee7e5a Environment-variable access.
repo/apps/vscode/src/core/workspace/__tests__/WorkspaceResolver.test.ts:74
			process.env.NODE_ENV = "production"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #017298b3e5ee52b0 Filesystem access.
repo/apps/vscode/src/dev/commands/tasks.ts:4
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c36f7db4a357f38 Filesystem access.
repo/apps/vscode/src/dev/commands/tasks.ts:23
				const content = JSON.parse(await fs.readFile(settingsPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b50a2cfa0d98decd Filesystem access.
repo/apps/vscode/src/dev/commands/tasks.ts:40
				await fs.writeFile(settingsPath, JSON.stringify(content, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6eecc9ec36a4b6e Filesystem access.
repo/apps/vscode/src/dev/commands/tasks.ts:95
						await fs.writeFile(
							path.join(taskDir, "api_conversation_history.json"),
							JSON.stringify(
								[
									{
										role: "user",
										content: [{ type: "text", text: `<task>\n${taskName}\n</task>` }],
									},
									{
										role: "assistant",
										content: [
											{
												type: "text",
												text: `I'll help you ${taskName.toLowerCase()}. Let me break this down into steps.`,
											},
										],
									},
								],
								null,
								2,
							),
						)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #390ab6ca0dbae7ac Filesystem access.
repo/apps/vscode/src/dev/commands/tasks.ts:119
						await fs.writeFile(path.join(taskDir, "ui_messages.json"), JSON.stringify(messages, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53331330c20b96e9 Filesystem access.
repo/apps/vscode/src/dev/debug-harness/server.ts:350
				this.extSourceMap = JSON.parse(fs.readFileSync(mapFile, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d6aed7593c76c94 Environment-variable access.
repo/apps/vscode/src/dev/debug-harness/server.ts:362
		const vscodeVersion = process.env.VSCODE_TEST_VERSION || "1.103.0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afd56ea510fe75ab Filesystem access.
repo/apps/vscode/src/dev/debug-harness/server.ts:1199
			const data = JSON.parse(fs.readFileSync(secretsFile, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d118a27e9524eba Filesystem access.
repo/apps/vscode/src/dev/debug-harness/server.ts:1313
			const content = fs.readFileSync(captureFile, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #703ad2c176de9b86 Environment-variable access.
repo/apps/vscode/src/dev/mcp-oauth-test-server/server.ts:91
		port: Number(process.env.MCP_OAUTH_TEST_PORT) || 7777,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3bc5d2f99b75954a Environment-variable access.
repo/apps/vscode/src/extension.ts:189
	if (process.env.CLINE_CAPTURE_BROWSER === "1" || process.env.CLINE_CAPTURE_BROWSER === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9f47d8000dfa561 Environment-variable access.
repo/apps/vscode/src/extension.ts:713
const IS_DEV = process.env.IS_DEV === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c95a06d2bf7ad6d Environment-variable access.
repo/apps/vscode/src/extension.ts:714
const DEV_WORKSPACE_FOLDER = process.env.DEV_WORKSPACE_FOLDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9439a4249117aed8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/hosts/external/ExternalWebviewProvider.ts:8
		const url = new URL(`https://${this.RESOURCE_HOSTNAME}/`)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f1d3583b9d21153f Environment-variable access.
repo/apps/vscode/src/hosts/external/host-bridge-client-manager.ts:27
		const address = process.env.HOST_BRIDGE_ADDRESS || `localhost:${HOSTBRIDGE_PORT}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ca0f884f9cda9a5 Filesystem access.
repo/apps/vscode/src/hosts/vscode/NotebookDiffView.ts:56
		await vscode.workspace.fs.writeFile(vscode.Uri.file(tempModifiedPath), new TextEncoder().encode(currentContent))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff11e4cd0e7d1a01 Filesystem access.
repo/apps/vscode/src/hosts/vscode/NotebookDiffView.ts:92
			const tempContent = await vscode.workspace.fs.readFile(this.tempModifiedUri)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82a13eff88e1cfad Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:5
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f76b3b580f4c266 Environment-variable access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:84
		originalMcpSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8b12cf0699a067e7 Environment-variable access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:87
		process.env.CLINE_MCP_SETTINGS_PATH = path.join(tempDir, "runtime-mcp-settings", "cline_mcp_settings.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbfc93e8c1bb4f6d Environment-variable access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:98
			delete process.env.CLINE_MCP_SETTINGS_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #de45ac092ee87258 Environment-variable access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:100
			process.env.CLINE_MCP_SETTINGS_PATH = originalMcpSettingsPath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264a7a794e0060d7 Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:133
			fs.writeFileSync(
				path.join(extensionStorage, "settings", "cline_mcp_settings.json"),
				JSON.stringify({ mcpServers: { fromV1: { command: "node" } } }),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3f40966376f18291 Environment-variable access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:299
			return process.env.CLINE_MCP_SETTINGS_PATH!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #218034a866281eef Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:303
			return JSON.parse(fs.readFileSync(sharedMcpSettingsPath(), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0eb265dae59487c0 Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:311
			fs.writeFileSync(
				path.join(extensionStorage, "settings", "cline_mcp_settings.json"),
				JSON.stringify({ mcpServers: { overrideTarget: { command: "node" } } }),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed04ea8fbca5580a Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:331
			fs.writeFileSync(sharedMcpSettingsPath(), JSON.stringify({ mcpServers: { alreadyShared: { command: "node" } } }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fb191e5186a6dbbf Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:347
			fs.writeFileSync(
				path.join(extensionStorage, "settings", "cline_mcp_settings.json"),
				JSON.stringify({ mcpServers: { lockedServer: { command: "node" } } }),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1254690485c75fb Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:355
			fs.writeFileSync(path.join(lockDir, "owner.test"), "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36ab3b91a788ca55 Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:376
			fs.writeFileSync(
				path.join(extensionStorage, "settings", "cline_mcp_settings.json"),
				JSON.stringify({
					mcpServers: {
						existing: { command: "legacy-existing", args: ["old"] },
						stdioLegacy: { command: "node", args: ["server.js"], env: { API_KEY: "abc" } },
					},
				}),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c33ff04c16b3ea1 Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:388
			fs.writeFileSync(
				sharedMcpSettingsPath(),
				JSON.stringify({
					mcpServers: {
						existing: {
							transport: { type: "stdio", command: "shared-existing" },
							disabled: true,
						},
					},
				}),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0d43f47f295b0eab Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:419
			fs.writeFileSync(
				path.join(extensionStorage, "settings", "cline_mcp_settings.json"),
				JSON.stringify({
					mcpServers: {
						managed: {
							url: "https://managed.example.com/mcp",
							type: "streamableHttp",
							remoteConfigured: true,
							disabled: true,
							autoApprove: ["tool-a"],
						},
					},
				}),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0a0900dfa8d26e9d Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:466
			fs.writeFileSync(
				path.join(extensionStorage, "settings", "cline_mcp_settings.json"),
				JSON.stringify({
					mcpServers: {
						linear: {
							transportType: "http",
							url: serverUrl,
							headers: { Authorization: "Bearer static" },
							disabled: false,
							timeout: 30,
						},
					},
				}),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c8ee42fb9ca2de91 Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:508
			fs.writeFileSync(
				path.join(extensionStorage, "settings", "cline_mcp_settings.json"),
				JSON.stringify({ mcpServers: { oneShot: { command: "node" } } }),
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca5c1f39be3e36d8 Filesystem access.
repo/apps/vscode/src/hosts/vscode/__tests__/vscode-to-file-migration.test.ts:515
			fs.writeFileSync(settingsPath, JSON.stringify({ mcpServers: {} }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4107c53d0611d5b9 Filesystem access.
repo/apps/vscode/src/hosts/vscode/commandUtils.ts:1
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a54e978c8cbec5b1 Filesystem access.
repo/apps/vscode/src/hosts/vscode/commandUtils.ts:20
		const notebookContent = await fs.readFile(filePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74cf8d7e2a2308d7 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/window/getOpenTabs.test.ts:3
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45aa67e6c111bf01 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/window/getOpenTabs.test.ts:138
		await fs.writeFile(testFilePath, "console.log('test file');")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24fea3a8413b4e21 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/window/getVisibleTabs.test.ts:3
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88388df13315dc57 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/window/getVisibleTabs.test.ts:154
		await fs.writeFile(testFilePath, "This file will be deleted")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #516205debb79cb6e Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:3
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1577f666f62b6faa Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:41
		await fs.writeFile(testFilePath, "Initial content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a6f050963f1c6bf Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:68
		const savedContent = await fs.readFile(testFilePath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05f37f99e6457442 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:74
		await fs.writeFile(testFilePath, "Clean content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0ab071f8aac1557 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:116
		await fs.writeFile(testFile1, "File 1 content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5538835bd17dd799 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:117
		await fs.writeFile(testFile2, "File 2 content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a56bbbec0f811763 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:118
		await fs.writeFile(testFile3, "File 3 content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b1b633255428765 Filesystem access.
repo/apps/vscode/src/hosts/vscode/hostbridge/workspace/saveOpenDocumentIfDirty.test.ts:162
			const savedContent = await fs.readFile(testFile2, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e3ad004ec154170 Filesystem access.
repo/apps/vscode/src/hosts/vscode/mcp-settings-legacy-migration.ts:46
		const parsed = JSON.parse(readFileSync(filePath, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29724d7e14a383e4 Environment-variable access.
repo/apps/vscode/src/hosts/vscode/mcp-settings-legacy-migration.ts:255
	const explicitPath = process.env.CLINE_MCP_SETTINGS_PATH?.trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31ebe437dba32742 Environment-variable access.
repo/apps/vscode/src/hosts/vscode/mcp-settings-legacy-migration.ts:259
	const explicitDataDir = process.env.CLINE_DATA_DIR?.trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57745b2fcfc7e5d2 Environment-variable access.
repo/apps/vscode/src/hosts/vscode/mcp-settings-legacy-migration.ts:263
	const clineDir = process.env.CLINE_DIR?.trim() || path.join(os.homedir(), ".cline")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b1fbd5e6f806b84 Filesystem access.
repo/apps/vscode/src/integrations/editor/DiffViewProvider.ts:6
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0f00711209c0145 Filesystem access.
repo/apps/vscode/src/integrations/editor/DiffViewProvider.ts:45
			const fileBuffer = await fs.readFile(this.absolutePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ad31ef0119acf29 Filesystem access.
repo/apps/vscode/src/integrations/editor/DiffViewProvider.ts:56
			await fs.writeFile(this.absolutePath, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ca0e6ee3b251e2 Filesystem access.
repo/apps/vscode/src/integrations/misc/extract-text.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f95502d6d6d5319 Filesystem access.
repo/apps/vscode/src/integrations/misc/extract-text.ts:70
			const fileBuffer = await fs.readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #320644e8ca892749 Filesystem access.
repo/apps/vscode/src/integrations/misc/extract-text.ts:80
	const dataBuffer = await fs.readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abb126b3b8ae19d1 Filesystem access.
repo/apps/vscode/src/integrations/misc/extract-text.ts:91
	const fileBuffer = await fs.readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe62cce6ef7017df Filesystem access.
repo/apps/vscode/src/integrations/misc/extract-text.ts:149
		await workbook.xlsx.readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44566fed7076293c Filesystem access.
repo/apps/vscode/src/integrations/misc/open-file.ts:20
		await writeFile(tempFilePath, new Uint8Array(imageBuffer))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4cee8b09630275d Filesystem access.
repo/apps/vscode/src/integrations/misc/process-files.ts:1
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f55656c00d3de71 Filesystem access.
repo/apps/vscode/src/integrations/misc/process-files.ts:39
				buffer = await fs.readFile(filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #227c91de05412c09 Filesystem access.
repo/apps/vscode/src/integrations/terminal/CommandOrchestrator.ts:22
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb54709bd55ab803 Filesystem access.
repo/apps/vscode/src/integrations/terminal/standalone/StandaloneTerminalManager.ts:16
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d2d20d4500cf83c Environment-variable access.
repo/apps/vscode/src/integrations/terminal/standalone/StandaloneTerminalProcess.ts:112
					EDITOR: process.env.EDITOR || "cat", // Set EDITOR if not already set

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc1a09aa7cf2f547 Environment-variable access.
repo/apps/vscode/src/integrations/terminal/standalone/StandaloneTerminalProcess.ts:333
			return process.env.COMSPEC || "cmd.exe"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #089dd932a49140d0 Environment-variable access.
repo/apps/vscode/src/integrations/terminal/standalone/StandaloneTerminalProcess.ts:335
		return process.env.SHELL || "/bin/bash"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0f2a8af1c65f59b Environment-variable access.
repo/apps/vscode/src/sdk/auth-service.ts:497
		if (process.env.E2E_TEST === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #af013091eeadc13d Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/src/sdk/auth-service.ts:1036
			const response = await fetch("https://openrouter.ai/api/v1/auth/keys", {
				method: "POST",
				headers: { "Content-Type": "application/json" },
				body: JSON.stringify({ code }),
			})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b55720bf373ac1d4 Environment-variable access.
repo/apps/vscode/src/sdk/cline-session-factory.test.ts:74
const previousGlobalSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5ec3613738e3de9 Environment-variable access.
repo/apps/vscode/src/sdk/cline-session-factory.test.ts:78
	process.env.CLINE_GLOBAL_SETTINGS_PATH = path.join(tempDir, "global-settings.json")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb8080a7b5becbbc Environment-variable access.
repo/apps/vscode/src/sdk/cline-session-factory.test.ts:96
	process.env.CLINE_GLOBAL_SETTINGS_PATH = previousGlobalSettingsPath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b45c2bd5c9ce9ba Filesystem access.
repo/apps/vscode/src/sdk/cline-session-factory.test.ts:102
	fs.writeFileSync(filePath, JSON.stringify(data, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da61ec473d25b8de Environment-variable access.
repo/apps/vscode/src/sdk/cline-session-factory.test.ts:658
		writeJson(process.env.CLINE_GLOBAL_SETTINGS_PATH!, { compactionStrategy: "agentic" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f80a536bf42eb2e3 Environment-variable access.
repo/apps/vscode/src/sdk/cline-session-factory.test.ts:678
		writeJson(process.env.CLINE_GLOBAL_SETTINGS_PATH!, { compactionStrategy: "invalid" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c79e443081f3e4 Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:38
	fs.writeFileSync(filePath, JSON.stringify(data, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dffc2f439799148 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:51
		const original = process.env.CLINE_DATA_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6643e57a3d0a7a52 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:52
		process.env.CLINE_DATA_DIR = "/env/data"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f0e3c17f13a8504 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:56
			process.env.CLINE_DATA_DIR = original

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58406ececcbd120d Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:61
		const originalData = process.env.CLINE_DATA_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed0ddd2cf556f036 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:62
		const originalDir = process.env.CLINE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a5c3bc6e2ee79b9 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:63
		delete process.env.CLINE_DATA_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c5683861e05b6d5 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:64
		process.env.CLINE_DIR = "/cline"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0528fa0fb800b6c Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:70
			process.env.CLINE_DATA_DIR = originalData

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #666a79450477ab9f Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:71
			process.env.CLINE_DIR = originalDir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9c0f9b8f287087c Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:76
		const originalData = process.env.CLINE_DATA_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdff4663af4f034f Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:77
		const originalDir = process.env.CLINE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd90a4d1aec2a83c Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:78
		delete process.env.CLINE_DATA_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af789615dd1df0c7 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:79
		delete process.env.CLINE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d103ba283cdae68c Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:83
			process.env.CLINE_DATA_DIR = originalData

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d960c22f39590c2 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:84
			process.env.CLINE_DIR = originalDir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0b40f396aa74656 Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:116
		fs.writeFileSync(filePath, "NOT VALID JSON{{{")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba587047c06cdeee Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:124
		fs.writeFileSync(filePath, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90557a6e3023c8e6 Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:175
		fs.writeFileSync(filePath, "BROKEN{")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb1a8b850107723b Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:237
		fs.writeFileSync(filePath, "INVALID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eda1c5a2ac146889 Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:359
		fs.writeFileSync(filePath, "NOT JSON")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #975d1115c25b9c6b Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:378
		fs.writeFileSync(path.join(tempDir, "tasks", "not-a-dir.txt"), "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ef765ed49105146 Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:447
		fs.writeFileSync(filePath, "valid json initially")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2f91cfc06e21837 Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.test.ts:461
		fs.writeFileSync(filePath, "   \n  \t  ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #474a86c3aa37457a Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.ts:28
	if (process.env.CLINE_DATA_DIR) return process.env.CLINE_DATA_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c261d628980d4d4 Environment-variable access.
repo/apps/vscode/src/sdk/legacy-state-reader.ts:29
	const clineDir = process.env.CLINE_DIR || path.join(os.homedir(), ".cline")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96fb3ae5972195df Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.ts:91
		const content = fs.readFileSync(filePath, "utf-8").trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ade69d2de5c9be08 Filesystem access.
repo/apps/vscode/src/sdk/legacy-state-reader.ts:170
			fs.writeFileSync(historyPath, JSON.stringify(filteredHistory, null, 2), "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d9b57eaf65d0ade Environment-variable access.
repo/apps/vscode/src/sdk/sdk-telemetry.ts:42
					is_dev: process.env.IS_DEV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0860b4f78f7be40 Environment-variable access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:16
		const filePath = process.env.CLINE_GLOBAL_SETTINGS_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ba946f01086ba5f Filesystem access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:20
		return { autoUpdateEnabled: true, telemetryOptOut: false, ...JSON.parse(readFileSync(filePath, "utf8")) }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9317ee1b5b31e31e Environment-variable access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:23
		const filePath = process.env.CLINE_GLOBAL_SETTINGS_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cb8ef3e13b1c4dd Filesystem access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:28
		writeFileSync(filePath, `${JSON.stringify({ autoUpdateEnabled: true, telemetryOptOut }, null, 2)}\n`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #806523ad2ee84fe0 Environment-variable access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:46
		previousSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e61b02ca81da3be Environment-variable access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:49
		process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #589ccb4682d910cb Environment-variable access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:57
			delete process.env.CLINE_GLOBAL_SETTINGS_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56978dae9616e5cd Environment-variable access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:59
			process.env.CLINE_GLOBAL_SETTINGS_PATH = previousSettingsPath

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3304f0293c79f28 Filesystem access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:70
		expect(JSON.parse(readFileSync(settingsPath, "utf8"))).toMatchObject({ telemetryOptOut: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f717b981010711b Filesystem access.
repo/apps/vscode/src/sdk/telemetry-settings-sync.test.ts:78
		expect(JSON.parse(readFileSync(settingsPath, "utf8"))).toMatchObject({ telemetryOptOut: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ab3060e6fdf9e0f Filesystem access.
repo/apps/vscode/src/services/auth/oca/utils/utils.ts:2
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e307479b161106ea Filesystem access.
repo/apps/vscode/src/services/auth/oca/utils/utils.ts:33
		const raw = fs.readFileSync(OCA_CONFIG_PATH, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed2b90839118e750 Environment-variable access.
repo/apps/vscode/src/services/banner/BannerService.ts:171
		const isLocal = process.env.IS_DEV === "true" || process.env.CLINE_ENVIRONMENT === "local"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e1a2e5cb8f60de0 Environment-variable access.
repo/apps/vscode/src/services/banner/BannerService.ts:177
		const bypassDismissals = process.env.IS_DEV === "true" || process.env.CLINE_ENVIRONMENT === "local"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7cf753cb7336ad4 Filesystem access.
repo/apps/vscode/src/services/browser/utils.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b92d3f9af2c74075 Environment-variable access.
repo/apps/vscode/src/services/error/providers/PostHogErrorProvider.ts:15
const isDev = process.env.IS_DEV === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #591ff1552aeca0cb Environment-variable access.
repo/apps/vscode/src/services/feature-flags/FeatureFlagsService.ts:159
		if (process.env.NODE_ENV === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb3a0e23590d6e80 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a92e5eae689555d9 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:22
		await fs.writeFile(filePath, "export const x = 1\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #66af57ccdfb851e0 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:33
		await fs.writeFile(nestedFile, "export const ok = true\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc647cbed38ecf4f Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:65
		await fs.writeFile(path.join(project, ".gitignore"), "ignored-dir/\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9961543144af1291 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:66
		await fs.writeFile(path.join(project, "visible.ts"), "export const x = 1\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #22840c04c8e35b40 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:67
		await fs.writeFile(path.join(project, "ignored-dir", "secret.ts"), "secret\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b8b1b6cac4e0969 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:68
		await fs.writeFile(path.join(project, "src", "app.ts"), "app\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5bbbe16dcc0d2045 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:96
		await fs.writeFile(path.join(project, ".gitignore"), "*.log\nsecret.env\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88ef6e0db92b16f9 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:97
		await fs.writeFile(path.join(project, "app.ts"), "app\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4ab3c2c3976ae221 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:98
		await fs.writeFile(path.join(project, "debug.log"), "debug output\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #daf4b2c9fa6c3f81 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:99
		await fs.writeFile(path.join(project, "src", "nested.log"), "nested log\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2aa9124e1f5812b Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:100
		await fs.writeFile(path.join(project, "src", "secret.env"), "API_KEY=xxx\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1424a11bbe0ab1a Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:101
		await fs.writeFile(path.join(project, "src", "config.ts"), "config\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7bbd8ad67c971716 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:135
		await fs.writeFile(path.join(srcDir, ".gitignore"), "generated/\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b0a6e80fad45958d Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:136
		await fs.writeFile(path.join(srcDir, "code.ts"), "code\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #38d7ae6f4dcfaa8f Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:137
		await fs.writeFile(path.join(genDir, "output.ts"), "generated output\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6aa7607317dfd6e2 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:138
		await fs.writeFile(path.join(libDir, "util.ts"), "util\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #229b31000423f2e4 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:178
		await fs.writeFile(path.join(project, ".gitignore"), "third-party/\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #20ba16f0e90e7e21 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:179
		await fs.writeFile(path.join(project, "app.ts"), "app\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1f48278082a540a Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:181
		await fs.writeFile(path.join(thirdPartyDir, ".gitignore"), "*.log\nbuild/\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #25a15d324780c6e0 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:182
		await fs.writeFile(path.join(repo1Dir, ".gitignore"), "dist/\ncoverage/\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #218093f3708fece4 Filesystem access.
repo/apps/vscode/src/services/glob/__tests__/list-files.test.ts:183
		await fs.writeFile(path.join(repo1Dir, "file.ts"), "file\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f15c32c60e99fff Filesystem access.
repo/apps/vscode/src/services/glob/list-files.ts:4
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b95f1c4706a7799 Filesystem access.
repo/apps/vscode/src/services/glob/list-files.ts:65
		const content = await fs.readFile(gitignorePath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4315d052acde4f4f Filesystem access.
repo/apps/vscode/src/services/lg-cns-integration/webhook-hooks.ts:1
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19a6234d8247a9f6 Filesystem access.
repo/apps/vscode/src/services/lg-cns-integration/webhook-hooks.ts:17
	await fs.writeFile(
		configPath,
		JSON.stringify(
			{
				webhook_url: webhookUrl,
				webhook_token: webhookToken,
				created_at: new Date().toISOString(),
			},
			null,
			2,
		),
		"utf-8",
	)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b6498ce2476d36b Filesystem access.
repo/apps/vscode/src/services/lg-cns-integration/webhook-hooks.ts:38
		await fs.writeFile(hookPath, hook.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80ae6659dd624b01 Filesystem access.
repo/apps/vscode/src/services/mcp/McpHub.ts:35
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54142f34e6252717 Filesystem access.
repo/apps/vscode/src/services/mcp/McpHub.ts:189
			const content = await fs.readFile(settingsPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ce0493b25420e63 Filesystem access.
repo/apps/vscode/src/services/mcp/McpHub.ts:784
			const content = await fs.readFile(settingsPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a388931e6042e89 Filesystem access.
repo/apps/vscode/src/services/mcp/McpHub.ts:1250
		const content = await fs.readFile(settingsPath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0aceebc5d8ea1a2f Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.deleteServerRPC.test.ts:4
import fs, * as actualFsPromises from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #786af0492ffa40d9 Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.deleteServerRPC.test.ts:78
		await fs.writeFile(settingsPath, JSON.stringify({ mcpServers }, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1965dd03cabc8b43 Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.deleteServerRPC.test.ts:139
		const persisted = JSON.parse(await fs.readFile(settingsPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6fed54ac4a12da8c Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.deleteServerRPC.test.ts:173
		const persisted = JSON.parse(await fs.readFile(settingsPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4719ce2599f361a Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.toggleServerDisabledRPC.test.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #702ed4535f2ec415 Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.toggleServerDisabledRPC.test.ts:45
		await fs.writeFile(settingsPath, JSON.stringify({ mcpServers }, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d70e5fea94fcc647 Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.toggleServerDisabledRPC.test.ts:98
		const persisted = JSON.parse(await fs.readFile(settingsPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #276cd6b77dc0610e Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/McpHub.toggleServerDisabledRPC.test.ts:115
		const persisted = JSON.parse(await fs.readFile(settingsPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f96826755496501a Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/settingsLock.test.ts:16
		await fs.writeFile(settingsPath, JSON.stringify({ mcpServers: {} }, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41cb421bc1674c51 Filesystem access.
repo/apps/vscode/src/services/mcp/__tests__/settingsLock.test.ts:49
		const written = JSON.parse(await fs.readFile(missingPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7e439ee816d69fb Filesystem access.
repo/apps/vscode/src/services/mcp/settingsLock.ts:64
		writeFileSync(tempPath, contents, { encoding: "utf-8", flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5ffb60f9982cd5f Filesystem access.
repo/apps/vscode/src/services/mcp/settingsLock.ts:94
	writeFileSync(stagingOwnerFile, token, { encoding: "utf8", flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8eeb5bd3c562f32 Filesystem access.
repo/apps/vscode/src/services/mcp/settingsLock.ts:160
		settings = JSON.parse(readFileSync(settingsPath, "utf-8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc105f060c1b5487 Filesystem access.
repo/apps/vscode/src/services/search/file-search.ts:3
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #113a2f6f6e17bb90 Environment-variable access.
repo/apps/vscode/src/services/telemetry/TelemetryService.ts:390
			is_dev: process.env.IS_DEV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a79cfe91a3ddbc90 Environment-variable access.
repo/apps/vscode/src/services/telemetry/providers/opentelemetry/OpenTelemetryClientProvider.ts:31
		return process.env.TEL_DEBUG_DIAGNOSTICS === "true" || process.env.IS_DEV === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #441a298355df023c Environment-variable access.
repo/apps/vscode/src/services/telemetry/providers/opentelemetry/OpenTelemetryExporterFactory.ts:17
	return process.env.TEL_DEBUG_DIAGNOSTICS === "true" || process.env.IS_DEV === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59fcc5ec1533cbed Filesystem access.
repo/apps/vscode/src/services/temp/ClineTempManager.ts:11
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38025002168e2e50 Filesystem access.
repo/apps/vscode/src/services/uri/SharedUriHandler.test.ts:3
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05a38f9397ea7c80 Filesystem access.
repo/apps/vscode/src/services/uri/SharedUriHandler.test.ts:137
					await fs.writeFile(promptFilePath, "Implement user registration flow", "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #774ae79811c42d24 Filesystem access.
repo/apps/vscode/src/services/uri/SharedUriHandler.ts:1
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8249107c4b30677d Filesystem access.
repo/apps/vscode/src/services/uri/SharedUriHandler.ts:108
					const specContents = await fs.readFile(promptFile, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10d97e5667da4155 Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:9
	TELEMETRY_SERVICE_API_KEY: process.env.TELEMETRY_SERVICE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2781bbdde2ef91ff Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:10
	ERROR_SERVICE_API_KEY: process.env.ERROR_SERVICE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #348a8baac51a921f Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:11
	ENABLE_ERROR_AUTOCAPTURE: process.env.ENABLE_ERROR_AUTOCAPTURE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d535d32dc4b652be Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:12
	OTEL_TELEMETRY_ENABLED: process.env.OTEL_TELEMETRY_ENABLED,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f47ec28545dd324 Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:13
	OTEL_METRICS_EXPORTER: process.env.OTEL_METRICS_EXPORTER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee31cffd56d8fbcd Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:14
	OTEL_LOGS_EXPORTER: process.env.OTEL_LOGS_EXPORTER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9fb86ffa90ddb83a Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:15
	OTEL_EXPORTER_OTLP_PROTOCOL: process.env.OTEL_EXPORTER_OTLP_PROTOCOL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d620c4868eee79b9 Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:16
	OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #480d21481bb636e9 Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:17
	OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e7fd18ccb1edd69 Environment-variable access.
repo/apps/vscode/src/shared/constants.ts:18
	OTEL_METRIC_EXPORT_INTERVAL: process.env.OTEL_METRIC_EXPORT_INTERVAL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a640df9aa3d90149 Environment-variable access.
repo/apps/vscode/src/shared/net.ts:119
	if (process.env.IS_STANDALONE === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #986a5115f4cd9ff3 Environment-variable access.
repo/apps/vscode/src/shared/services/Logger.ts:5
	private static isVerbose = process.env.IS_DEV === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b4c5133176c290f Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:98
const isTestEnv = process.env.E2E_TEST === "true" || process.env.IS_TEST === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6aa06c207cf098d4 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:172
		enabled: process.env.CLINE_OTEL_TELEMETRY_ENABLED === "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e47993f74cee3bc Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:173
		metricsExporter: process.env.CLINE_OTEL_METRICS_EXPORTER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5541d82d7ee3670 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:174
		logsExporter: process.env.CLINE_OTEL_LOGS_EXPORTER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9ff06262429fa66 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:175
		otlpProtocol: process.env.CLINE_OTEL_EXPORTER_OTLP_PROTOCOL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93979ba910eed8d7 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:176
		otlpEndpoint: process.env.CLINE_OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #811bbea4a77d30af Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:177
		otlpMetricsProtocol: process.env.CLINE_OTEL_EXPORTER_OTLP_METRICS_PROTOCOL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef143e7260ada9d1 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:178
		otlpMetricsEndpoint: process.env.CLINE_OTEL_EXPORTER_OTLP_METRICS_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bd63190beb6bc8b Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:179
		otlpLogsProtocol: process.env.CLINE_OTEL_EXPORTER_OTLP_LOGS_PROTOCOL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e90baf620accf01 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:180
		otlpLogsEndpoint: process.env.CLINE_OTEL_EXPORTER_OTLP_LOGS_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e453509946e8620 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:181
		metricExportInterval: process.env.CLINE_OTEL_METRIC_EXPORT_INTERVAL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d0f326d7c7e86fc Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:182
			? Number.parseInt(process.env.CLINE_OTEL_METRIC_EXPORT_INTERVAL, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #955c39067768a0ec Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:184
		otlpInsecure: process.env.CLINE_OTEL_EXPORTER_OTLP_INSECURE === "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e79ae6a3cea33c31 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:185
		logBatchSize: process.env.CLINE_OTEL_LOG_BATCH_SIZE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #823e3a19d1e38184 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:186
			? Math.max(1, Number.parseInt(process.env.CLINE_OTEL_LOG_BATCH_SIZE, 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6c586bb6c9e1856 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:188
		logBatchTimeout: process.env.CLINE_OTEL_LOG_BATCH_TIMEOUT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baf02824f31a86a1 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:189
			? Math.max(1, Number.parseInt(process.env.CLINE_OTEL_LOG_BATCH_TIMEOUT, 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e0137429ce11e87 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:191
		logMaxQueueSize: process.env.CLINE_OTEL_LOG_MAX_QUEUE_SIZE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #780b9fb66839b4a2 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:192
			? Math.max(1, Number.parseInt(process.env.CLINE_OTEL_LOG_MAX_QUEUE_SIZE, 10))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8e90ef52d1b4472 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:194
		otlpHeaders: process.env.CLINE_OTEL_EXPORTER_OTLP_HEADERS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88f68c3b1269f8d9 Environment-variable access.
repo/apps/vscode/src/shared/services/config/otel-config.ts:195
			? parseKeyPairsIntoRecord(process.env.CLINE_OTEL_EXPORTER_OTLP_HEADERS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0990ebb0d9263244 Environment-variable access.
repo/apps/vscode/src/shared/services/config/posthog-config.ts:31
const useDevEnv = process.env.IS_DEV === "true" || process.env.CLINE_ENVIRONMENT === "local"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10849faa6cba418b Environment-variable access.
repo/apps/vscode/src/shared/services/config/posthog-config.ts:48
const isTestEnv = process.env.E2E_TEST === "true" || process.env.IS_TEST === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab2e3bd447d9d72e Environment-variable access.
repo/apps/vscode/src/shared/services/feature-flags/feature-flags.ts:27
	[FeatureFlag.ONBOARDING_MODELS]: process.env.E2E_TEST === "true" ? { models: {} } : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d71a8cbc5f8b131c Environment-variable access.
repo/apps/vscode/src/shared/services/feature-flags/feature-flags.ts:28
	[FeatureFlag.REMOTE_BANNERS]: process.env.E2E_TEST === "true" || process.env.IS_DEV === "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1a4fe8000ccf82b Environment-variable access.
repo/apps/vscode/src/shared/services/feature-flags/feature-flags.ts:30
	[FeatureFlag.REMOTE_WELCOME_BANNERS]: process.env.E2E_TEST === "true" || process.env.IS_DEV === "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad4887b09cf7b31d Filesystem access.
repo/apps/vscode/src/shared/services/worker/queue.ts:99
				const content = fs.readFileSync(this.queuePath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6f64633e2f9d71d Filesystem access.
repo/apps/vscode/src/shared/services/worker/queue.ts:134
			fs.writeFileSync(tmpPath, JSON.stringify(this.data, null, 2), "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f8b570c9739f7d7 Environment-variable access.
repo/apps/vscode/src/shared/services/worker/worker.ts:41
		intervalMs: parseIntEnv(process.env.CLINE_STORAGE_SYNC_INTERVAL_MS, 30000),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #770dc81c98b6473b Environment-variable access.
repo/apps/vscode/src/shared/services/worker/worker.ts:42
		maxRetries: parseIntEnv(process.env.CLINE_STORAGE_SYNC_MAX_RETRIES, 5),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #434c568815b991e2 Environment-variable access.
repo/apps/vscode/src/shared/services/worker/worker.ts:43
		batchSize: parseIntEnv(process.env.CLINE_STORAGE_SYNC_BATCH_SIZE, 10),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0e748ee4deaa381 Environment-variable access.
repo/apps/vscode/src/shared/services/worker/worker.ts:44
		maxQueueSize: parseIntEnv(process.env.CLINE_STORAGE_SYNC_MAX_QUEUE_SIZE, 1000),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb552633f69689af Environment-variable access.
repo/apps/vscode/src/shared/services/worker/worker.ts:45
		maxFailedAgeMs: parseIntEnv(process.env.CLINE_STORAGE_SYNC_MAX_FAILED_AGE_MS, SEVEN_DAYS_MS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #650f830beb6744a7 Environment-variable access.
repo/apps/vscode/src/shared/services/worker/worker.ts:46
		backfillEnabled: process.env.CLINE_STORAGE_SYNC_BACKFILL_ENABLED === "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13bf9c26eeb1fb69 Filesystem access.
repo/apps/vscode/src/shared/storage/ClineFileStorage.ts:80
				return JSON.parse(fs.readFileSync(this.fsPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93530d286469b2b6 Filesystem access.
repo/apps/vscode/src/shared/storage/ClineFileStorage.ts:106
		fs.writeFileSync(tmpPath, data, {
			flag: "wx",
			encoding: "utf-8",
			mode,
		})

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ef514532a551d7 Environment-variable access.
repo/apps/vscode/src/shared/storage/storage-context.ts:95
	const clineDir = opts.clineDir || process.env.CLINE_DIR || path.join(os.homedir(), ".cline")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d079e574aee489c Environment-variable access.
repo/apps/vscode/src/standalone/cline-core.ts:56
		process.env.PROTOBUS_ADDRESS = `127.0.0.1:${args.port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7de80573af6bc6f Environment-variable access.
repo/apps/vscode/src/standalone/cline-core.ts:59
			process.env.HOST_BRIDGE_ADDRESS = `127.0.0.1:${HOSTBRIDGE_PORT}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6a9a2e4c401a30f Environment-variable access.
repo/apps/vscode/src/standalone/cline-core.ts:63
		process.env.HOST_BRIDGE_ADDRESS = `127.0.0.1:${args.hostBridgePort}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8d3f88e8951edd4 Filesystem access.
repo/apps/vscode/src/standalone/cline-core.ts:178
				const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f38ab960cbcd3d50 Environment-variable access.
repo/apps/vscode/src/standalone/hostbridge-client.ts:9
	const address = process.env.HOST_BRIDGE_ADDRESS || `127.0.0.1:${HOSTBRIDGE_PORT}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #796f33e34b608b67 Environment-variable access.
repo/apps/vscode/src/standalone/protobus-service.ts:32
		const host = process.env.PROTOBUS_ADDRESS || `127.0.0.1:${PROTOBUS_PORT}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8eaa954b2466eaa Filesystem access.
repo/apps/vscode/src/standalone/utils.ts:2
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af0c74686377e9ea Filesystem access.
repo/apps/vscode/src/standalone/utils.ts:23
	const descriptorSet = fs.readFileSync("proto/descriptor_set.pb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5db701f8c6ed49a Filesystem access.
repo/apps/vscode/src/standalone/vscode-context-utils.ts:1
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31c2cd6568269ab4 Filesystem access.
repo/apps/vscode/src/standalone/vscode-context-utils.ts:103
			const data = JSON.parse(fs.readFileSync(this.filePath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6814a7766f0d187 Filesystem access.
repo/apps/vscode/src/standalone/vscode-context-utils.ts:111
		fs.writeFileSync(this.filePath, JSON.stringify(Object.fromEntries(this.data), null, 2), { mode: 0o600 })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34924fcb37e90a24 Filesystem access.
repo/apps/vscode/src/standalone/vscode-context-utils.ts:152
	return JSON.parse(fs.readFileSync(filePath, "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03454892787a702b Environment-variable access.
repo/apps/vscode/src/standalone/vscode-context.ts:12
log(`CLINE_ENVIRONMENT: ${process.env.CLINE_ENVIRONMENT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4541c98764896f71 Environment-variable access.
repo/apps/vscode/src/standalone/vscode-context.ts:18
	const CLINE_DIR = clineDir || process.env.CLINE_DIR || `${os.homedir()}/.cline`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddd049a36bc5497c Environment-variable access.
repo/apps/vscode/src/standalone/vscode-context.ts:20
	const INSTALL_DIR = process.env.INSTALL_DIR || __dirname

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8486cd58135fc196 Environment-variable access.
repo/apps/vscode/src/standalone/vscode-context.ts:21
	const WORKSPACE_STORAGE_DIR = process.env.WORKSPACE_STORAGE_DIR || path.join(DATA_DIR, "workspace")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b4bf6733aaa1d21 Environment-variable access.
repo/apps/vscode/src/standalone/vscode-context.ts:28
	const EXTENSION_MODE = process.env.IS_DEV === "true" ? ExtensionMode.Development : ExtensionMode.Production

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ea888d53b24e17db Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:20
			process.env.TEST_VAR = "test_value"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #aa661df253de52d1 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:26
			process.env.VAR1 = "value1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4410d31ba4823eee Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:27
			process.env.VAR2 = "value2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3ececc3c319871a1 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:33
			process.env.API_KEY = "secret123"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #823c8eac477c06cf Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:44
			process.env.EMPTY_VAR = ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e7afb6811a556d5 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:50
			process.env.SPACED_VAR = "value"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7d2416a7790b8aad Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:56
			process.env["VAR-NAME"] = "hyphenated"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59fe4ca55c88bfa5 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:62
			process.env.VAR_NAME = "underscored"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2a26e7ca62c57631 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:68
			process.env.TEST_VAR = "value"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fd291ea82ccb56ec Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:81
			process.env.API_KEY = "secret"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4923d473c40cfb63 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:91
			process.env.TOKEN = "token123"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bef2f94bb8f98ee9 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:92
			process.env.KEY = "key456"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ad8bab7dc742cce9 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:112
			process.env.VAR = "value"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #083ad5af854d65fd Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:130
			process.env.VAR1 = "first"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6864e14eee18ab8a Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:131
			process.env.VAR2 = "second"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ef74a58ace4305d Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:137
			process.env.ARG1 = "arg1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8538073cee27c0dd Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:138
			process.env.ARG2 = "arg2"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3cbfaa17147cbadc Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:148
			process.env.VAR = "value"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #066c7fd300daa915 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:156
			process.env.API_KEY = "key123"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b9b95a91d9714da Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:157
			process.env.TOKEN = "token456"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #574e1782d674fc86 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:189
			process.env.MCP_API_KEY = "mykey"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8edef74d06bd92b9 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:209
			process.env.AUTH_TOKEN = "bearer_token_123"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #70ebad6a10438ead Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:227
			process.env.MCP_HOST = "api.example.com"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35cc3fda0219ba02 Environment-variable access.
repo/apps/vscode/src/utils/__tests__/envExpansion.test.ts:228
			process.env.MCP_PORT = "8080"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3457371cbb3b36a Environment-variable access.
repo/apps/vscode/src/utils/env.ts:50
	if (process.env.CLINE_CAPTURE_BROWSER === "1" || process.env.CLINE_CAPTURE_BROWSER === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbd14d3568fd8e2a Environment-variable access.
repo/apps/vscode/src/utils/env.ts:87
		const clineDir = process.env.CLINE_DIR || path.join(os.homedir(), ".cline")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5805768a9df7f57c Environment-variable access.
repo/apps/vscode/src/utils/env.ts:97
	const harnessPort = process.env.CLINE_DEBUG_HARNESS_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7c5ecffb5446e70 Environment-variable access.
repo/apps/vscode/src/utils/envExpansion.ts:24
		const envValue = process.env[trimmedVarName]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c66162f6d39a944 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #860dc5cdf3267860 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:24
			await fs.writeFile(testFile, "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdfba96bf5194346 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:80
			await fs.writeFile(testFile, "test")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faf53024ad6cf99e Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:97
			await fs.writeFile(path.join(testDir, "file1.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07f67f2f167ebbc7 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:98
			await fs.writeFile(path.join(testDir, "file2.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab071d528fe46929 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:111
			await fs.writeFile(path.join(testDir, "include.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2c36afde4a7e1f4 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:112
			await fs.writeFile(path.join(excludeDir, "excluded.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66ce72ddc018bb1f Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:128
		await fs.writeFile(path.join(complexDir, "root.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85b4be187572e215 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:132
		await fs.writeFile(path.join(complexDir, "dir1", "file1.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #419856e5bd378b6b Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:136
		await fs.writeFile(path.join(complexDir, "dir2", "file2.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #039cd5b2165bf606 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:137
		await fs.writeFile(path.join(complexDir, "dir2", "subdir1", "file3.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e85f5bad73ab399 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:141
		await fs.writeFile(path.join(complexDir, "dir3", "file4.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79bd4f63d88b6547 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:142
		await fs.writeFile(path.join(complexDir, "dir3", "subdir2", "file5.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75e88fa584274a11 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:143
		await fs.writeFile(path.join(complexDir, "dir3", "subdir2", "deepdir", "file6.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d294fffac2d7b7d Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:169
		await fs.writeFile(path.join(complexDir, "root.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #421fa014f75010ed Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:173
		await fs.writeFile(path.join(complexDir, "dir1", "file1.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9260ff4b08c975c0 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:177
		await fs.writeFile(path.join(complexDir, "dir2", "file2.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dcc7dd50e909d7b Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:178
		await fs.writeFile(path.join(complexDir, "dir2", "subdir1", "file3.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #864a428c4b7888e0 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:182
		await fs.writeFile(path.join(complexDir, "dir3", "file4.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9400cba194c141b6 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:183
		await fs.writeFile(path.join(complexDir, "dir3", "subdir2", "file5.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3588451f9ae62159 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:184
		await fs.writeFile(path.join(complexDir, "dir3", "subdir2", "deepdir", "file6.txt"), "content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d768a951f2c0c637 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:208
		await fs.writeFile(path.join(clinerulesDirPath, "config.json"), "{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31c5b40c23a17f8d Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:209
		await fs.writeFile(path.join(clinerulesDirPath, "settings.js"), "// settings")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #226542171c3b93c1 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:214
		await fs.writeFile(path.join(otherDirPath, "helper.js"), "// helper code")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2770954a29497a9b Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:215
		await fs.writeFile(path.join(otherDirPath, "util.js"), "// util functions")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #562041f21b26fc50 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:220
		await fs.writeFile(path.join(workflowsDirPath, "workflow1.js"), "// workflow1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dc64f5e9f513024 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:221
		await fs.writeFile(path.join(workflowsDirPath, "workflow2.js"), "// workflow2")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d9a0c86d202ccf7 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:267
		await fs.writeFile(path.join(clinerulesDirPath, "config.json"), "{}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94fbd8c373d43dcc Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:268
		await fs.writeFile(path.join(clinerulesDirPath, "settings.js"), "// settings")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d24f4ccff309f69 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:273
		await fs.writeFile(path.join(workflowsDirPath, "workflow1.js"), "// workflow1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48e2c96ef4565f16 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:278
		await fs.writeFile(path.join(hooksDirPath, "PreToolUse"), "#!/usr/bin/env bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf4621374017b039 Filesystem access.
repo/apps/vscode/src/utils/fs.test.ts:279
		await fs.writeFile(path.join(hooksDirPath, "PostToolUse"), "#!/usr/bin/env bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cc99f3db22cbd25 Filesystem access.
repo/apps/vscode/src/utils/fs.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #201da01eff5d7cbb Filesystem access.
repo/apps/vscode/src/utils/fs.ts:80
		await fs.writeFile(filePath, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #13dba91006d26019 Filesystem access.
repo/apps/vscode/src/utils/fs.ts:82
		await fs.writeFile(filePath, content, encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b646db605cc727c Environment-variable access.
repo/apps/vscode/src/utils/powershell.ts:19
	const programFiles = process.env.ProgramW6432 || process.env.ProgramFiles || "C:\\Program Files"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36c1c25514c0cafd Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0ee769a8c596c04 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:26
			await fs.writeFile(path.join(testDir, ".worktreeinclude"), "node_modules/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #779bb01048f383b3 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:58
			await fs.writeFile(path.join(src, ".worktreeinclude"), "node_modules/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b84a7637fc077469 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:72
			await fs.writeFile(path.join(src, ".worktreeinclude"), "*.log\nbuild/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ec7e099d8eea560 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:73
			await fs.writeFile(path.join(src, ".gitignore"), "*.log\nbuild/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #727f1fe283b1e759 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:74
			await fs.writeFile(path.join(src, "test.log"), "log content")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f16df82234c4df0 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:75
			await fs.writeFile(path.join(src, "test.txt"), "txt content") // Should not be copied

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4479171bf39101d Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:104
			await fs.writeFile(path.join(src, ".worktreeinclude"), "node_modules/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5da168f09c00ba06 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:105
			await fs.writeFile(path.join(src, ".gitignore"), "node_modules/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3151563eadc9bb6 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:106
			await fs.writeFile(path.join(src, "node_modules", "pkg", "index.js"), "module code")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5043ed8b5431364 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:107
			await fs.writeFile(path.join(src, "node_modules", "file.txt"), "file in node_modules")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96adf32980435dd1 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:128
			await fs.writeFile(path.join(src, ".worktreeinclude"), "*.log")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b085706501ac5a0 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:129
			await fs.writeFile(path.join(src, ".gitignore"), "*.tmp") // Different pattern

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3aa49b005ef2c892 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:130
			await fs.writeFile(path.join(src, "test.log"), "log")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e85cd3eee960ff92 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.test.ts:131
			await fs.writeFile(path.join(src, "test.tmp"), "tmp")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #208a04aac4ce253b Filesystem access.
repo/apps/vscode/src/utils/worktree-include.ts:2
import * as fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fde4ab494ce02337 Filesystem access.
repo/apps/vscode/src/utils/worktree-include.ts:17
		const content = await fs.readFile(filePath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b150deeee29bab51 Filesystem access.
repo/apps/vscode/test-setup.js:2
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #246d1f37ed11e5b1 Filesystem access.
repo/apps/vscode/test-setup.js:8
const tsConfig = JSON.parse(fs.readFileSync(path.join(baseUrl, "tsconfig.json"), "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): sdk/packages/core

npm first-party
high pii_flow production #b73653a45630dbfb User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/sdk/packages/core/src/auth/cline.ts:409 · flow /tmp/closeopen-epgogze_/repo/sdk/packages/core/src/auth/cline.ts:410 → /tmp/closeopen-epgogze_/repo/sdk/packages/core/src/auth/cline.ts:409
	const response = await fetch(
		resolveUrl(options.apiBaseUrl, DEFAULT_AUTH_ENDPOINTS.token),
		{
			method: "POST",
			headers: {
				"Content-Type": "application/json",
				...(await resolveHeaders(options.headers)),
			},
			body: JSON.stringify(body),
			signal: AbortSignal.timeout(
				options.requestTimeoutMs ?? DEFAULT_HTTP_TIMEOUT_MS,
			),
		},
	);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #a164090f4f5e3b37 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/sdk/packages/core/src/auth/codex.ts:93 · flow /tmp/closeopen-epgogze_/repo/sdk/packages/core/src/auth/codex.ts:93 → /tmp/closeopen-epgogze_/repo/sdk/packages/core/src/auth/codex.ts:93
	const response = await fetch(OPENAI_CODEX_OAUTH_CONFIG.tokenEndpoint, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			grant_type: "authorization_code",
			client_id: OPENAI_CODEX_OAUTH_CONFIG.clientId,
			code,
			code_verifier: verifier,
			redirect_uri: redirectUri,
		}),
		signal: AbortSignal.timeout(OPENAI_CODEX_OAUTH_CONFIG.httpTimeoutMs),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #e882fa14eb0356ce User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/sdk/packages/core/src/auth/codex.ts:140 · flow /tmp/closeopen-epgogze_/repo/sdk/packages/core/src/auth/codex.ts:140 → /tmp/closeopen-epgogze_/repo/sdk/packages/core/src/auth/codex.ts:140
		const response = await fetch(OPENAI_CODEX_OAUTH_CONFIG.tokenEndpoint, {
			method: "POST",
			headers: { "Content-Type": "application/x-www-form-urlencoded" },
			body: new URLSearchParams({
				grant_type: "refresh_token",
				refresh_token: refreshToken,
				client_id: OPENAI_CODEX_OAUTH_CONFIG.clientId,
			}),
			signal: AbortSignal.timeout(OPENAI_CODEX_OAUTH_CONFIG.httpTimeoutMs),
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #f6e76af01f6618bc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/sdk/packages/core/src/services/feature-flags/posthog.ts:8
import { PostHog, type PostHogOptions } from "posthog-node";

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 723 low-confidence finding(s)
low env_fs production #fc70d97eefa046ab Filesystem access.
repo/sdk/packages/core/src/ClineCore.test.ts:92
			writeFileSync(join(dir, "tracked.txt"), "before\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d56efa1fd9fd3918 Filesystem access.
repo/sdk/packages/core/src/ClineCore.test.ts:96
			writeFileSync(join(dir, "tracked.txt"), "after\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bee0fad1db3a8e94 Filesystem access.
repo/sdk/packages/core/src/ClineCore.test.ts:626
		writeFileSync(
			join(cronDir, "events", "local.event.md"),
			`---
id: local-test
title: Local Test
workspaceRoot: ${root}
event: local.manual_test
filters:
  topic: cron-feature-2
---
Summarize the local event.
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d18722679c3626db Filesystem access.
repo/sdk/packages/core/src/cron/reports/cron-report-writer.ts:151
	writeFileSync(path, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52cfc590fc6b9ba7 Filesystem access.
repo/sdk/packages/core/src/cron/runner/cron-runner.test.ts:217
		const report = readFileSync(reportPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c77fa24b67582e4 Filesystem access.
repo/sdk/packages/core/src/cron/specs/cron-reconciler.test.ts:35
		writeFileSync(full, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ea1ee64eae0f611 Filesystem access.
repo/sdk/packages/core/src/cron/specs/cron-reconciler.ts:157
			raw = readFileSync(absolutePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df108d6a73e37cb9 Filesystem access.
repo/sdk/packages/core/src/cron/specs/cron-watcher.test.ts:50
		writeFileSync(
			specPath,
			`---\nid: cleanup\nworkspaceRoot: /ws\n---\nRemove stale files`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bc8f35e1a5ace4c Filesystem access.
repo/sdk/packages/core/src/extensions/config/runtime-commands.test.ts:29
		await writeFile(join(skillDir, "SKILL.md"), "Use the debugging skill.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #043d2b3c8daaf55b Filesystem access.
repo/sdk/packages/core/src/extensions/config/runtime-commands.test.ts:30
		await writeFile(
			join(workflowsDir, "release.md"),
			`---
name: release
---
Run the release workflow.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f9efc7cfafdca8d Filesystem access.
repo/sdk/packages/core/src/extensions/config/runtime-commands.test.ts:74
		await writeFile(join(skillDir, "SKILL.md"), "Use the ship skill.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2170540fb2a61b8e Filesystem access.
repo/sdk/packages/core/src/extensions/config/runtime-commands.test.ts:75
		await writeFile(
			join(workflowsDir, "ship.md"),
			`---
name: ship
---
Run the ship workflow.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93b4741cbb310211 Filesystem access.
repo/sdk/packages/core/src/extensions/config/runtime-commands.test.ts:82
		await writeFile(
			join(workflowsDir, "disabled.md"),
			`---
name: disabled
disabled: true
---
Do not run this workflow.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16a3fe39650d9ae1 Filesystem access.
repo/sdk/packages/core/src/extensions/config/runtime-commands.test.ts:124
		await writeFile(
			join(workflowsDir, "review.md"),
			`# Review Current Branch

Review the current branch and summarize findings.
`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24c70e4dca4dd123 Filesystem access.
repo/sdk/packages/core/src/extensions/config/runtime-commands.test.ts:161
		await writeFile(skillPath, "Use the review skill.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8014c26c9f072f1 Filesystem access.
repo/sdk/packages/core/src/extensions/config/skill-frontmatter-toggle.test.ts:93
		await writeFile(
			filePath,
			`---
name: file-skill
---
Use file-backed instructions.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #884cd25524208843 Filesystem access.
repo/sdk/packages/core/src/extensions/config/skill-frontmatter-toggle.test.ts:102
		const written = await readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6857e864213a2936 Filesystem access.
repo/sdk/packages/core/src/extensions/config/skill-frontmatter-toggle.ts:74
	const content = await readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #520b0664c9e6596e Filesystem access.
repo/sdk/packages/core/src/extensions/config/skill-frontmatter-toggle.ts:76
	await writeFile(filePath, updated);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4f83c92a532c730 Filesystem access.
repo/sdk/packages/core/src/extensions/config/unified-config-file-watcher.test.ts:63
		await writeFile(
			profileFilePath,
			"name: Reviewer\n\nReview code carefully.",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f1fd005ef86dc51 Filesystem access.
repo/sdk/packages/core/src/extensions/config/unified-config-file-watcher.test.ts:94
			await writeFile(
				profileFilePath,
				"name: Reviewer\n\nReview code with strictness.",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae4dc1e597d5d17b Filesystem access.
repo/sdk/packages/core/src/extensions/config/unified-config-file-watcher.test.ts:126
		await writeFile(
			join(profilesDir, "researcher.profile"),
			"name: Researcher\n\nInvestigate related code paths.",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3b380de5c711492 Filesystem access.
repo/sdk/packages/core/src/extensions/config/unified-config-file-watcher.test.ts:130
		await writeFile(
			join(skillsDir, "SKILL.md"),
			`---
name: incident-response
description: Handle incidents
---
Escalation playbook`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95426c282d12df27 Filesystem access.
repo/sdk/packages/core/src/extensions/config/unified-config-file-watcher.ts:417
					const content = await readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82d76b0def12bd2e Environment-variable access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:85
			join(process.env.HOME ?? "~", ".cline", "data", "workflows"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09f248e1445d6bbe Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:152
		await writeFile(
			join(skillsDir, "incident-response", "SKILL.md"),
			`---
name: incident-response
description: Handle incidents fast
---
Escalation runbook`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #279dd9c0fdd0019f Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:160
		await writeFile(
			join(rulesDir, "default.md"),
			"Keep changes minimal and tested.",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d61806b768a09b88 Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:164
		await writeFile(
			join(workflowsDir, "release.md"),
			"Ship with release checklist.",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5d41f6560727b63 Environment-variable access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:203
		const originalHomeDir = process.env.HOME?.trim() || homedir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03b9617516da7fa0 Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:213
		await writeFile(globalAgentsPath, "Use global AGENTS rules.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35d951fe92c9401a Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:214
		await writeFile(fallbackAgentsPath, "Use fallback AGENTS rules.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b91f7248a3e0b61 Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:215
		await writeFile(workspaceAgentsPath, "Use workspace AGENTS rules.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae3b8ddbcc745bee Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:259
			await writeFile(
				join(targetSkillDir, "SKILL.md"),
				`---
name: data-agent-skill
description: Analyze data
---
Use the data agent skill.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c14ecf2bae3fd8fc Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:297
			await writeFile(
				join(skillDir, "SKILL.md"),
				`---
name: commit
---
Use conventional commits.`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e44abd3961cda1cb Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:332
		await writeFile(
			join(pluginRoot, "managed.json"),
			JSON.stringify({ source: "enterprise", version: "1", files: [] }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c7ba3f1d569ea32 Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:336
		await writeFile(
			join(pluginRoot, "rules.md"),
			`---
name: enterprise-policy
---
Follow enterprise policy.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #095177362db1cb4a Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:343
		await writeFile(
			join(pluginRoot, "workflows", "triage.md"),
			`---
name: triage
---
Follow the triage workflow.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #219c430b17e7b62f Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:350
		await writeFile(
			join(pluginRoot, "skills", "security-review", "SKILL.md"),
			`---
name: security-review
---
Use the security review checklist.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b4d74c4b32ef446 Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:396
		await writeFile(
			join(tempRoot, ".clinerules", "workflows", "release.md"),
			`---
name: release
---
Legacy release workflow.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a9bc7419dfc63f2 Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.test.ts:403
		await writeFile(
			join(tempRoot, ".cline", "workflows", "release.md"),
			`---
name: release
---
New release workflow.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #139b7438ac4b9510 Filesystem access.
repo/sdk/packages/core/src/extensions/config/user-instruction-config-loader.ts:168
				const content = await readFile(manifestPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebd647b473e19725 Environment-variable access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:32
const LIVE_TEST_ENABLED = process.env.CORE_LIVE_COMPACTION_TESTS === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cee644207425e191 Environment-variable access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:34
	process.env.CORE_LIVE_COMPACTION_PROVIDERS_PATH ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17ad53ecdf1c8b15 Environment-variable access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:35
	process.env.LLMS_LIVE_PROVIDERS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eed50fdf93c74394 Environment-variable access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:37
	process.env.CORE_LIVE_COMPACTION_TIMEOUT_MS ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d40ba439bf31ac89 Environment-variable access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:38
		process.env.LLMS_LIVE_PROVIDER_TIMEOUT_MS ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #689519fd5a599006 Environment-variable access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:42
	process.env.CORE_LIVE_COMPACTION_TOOL_OUTPUT_CHARS ?? "1100000",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e03d84cfc48c2095 Environment-variable access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:64
	const value = process.env[envName]?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ded9635630f81fd Filesystem access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:90
			readFileSync(filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7d63f0e9ee32184 Filesystem access.
repo/sdk/packages/core/src/extensions/context/compaction.live.test.ts:183
	const parsed = JSON.parse(readFileSync(filePath, "utf8")) as unknown;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9737cbd38bdc8244 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:44
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						docs: {
							transport: {
								type: "stdio",
								command: "npx",
								args: ["-y", "@modelcontextprotocol/server-filesystem"],
							},
						},
						search: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.example.com",
							},
							disabled: true,
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cd210006476fdf9 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:106
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						docs: {
							transport: {
								type: "stdio",
								command: "node",
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1cf0b50b90585f0 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:151
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						broken: {
							transport: {
								type: "stdio",
								command: "",
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #337f06db0c2127b6 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:179
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						docs: {
							command: "node",
							args: ["server.js"],
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1fb8ee8686c34e4 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:216
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						legacySse: {
							url: "https://sse.example.com",
						},
						legacyHttp: {
							url: "https://http.example.com",
							transportType: "http",
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d99f1ce297537988 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:265
		await writeFile(
			filePath,
			JSON.stringify(
				{
					otherSetting: true,
					mcpServers: {
						docs: {
							command: "node",
							args: ["server.js"],
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49d9ea460118fb3f Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:284
		const disabled = JSON.parse(await readFile(filePath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e1345443ff02c06 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:299
		const enabled = JSON.parse(await readFile(filePath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49977ee9c24809de Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:309
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						linear: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.linear.app/mcp",
							},
							oauth: {
								tokens: {
									access_token: "old-token",
									token_type: "Bearer",
								},
								lastAuthenticatedAt: 123,
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9833e62e4604724c Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:360
		const written = JSON.parse(await readFile(filePath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4ee0781de4b227e Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:380
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a601d8ed12a74dc Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:420
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						linear: {
							transport: {
								type: "streamableHttp",
								url: "https://linear.example.com",
							},
						},
						github: {
							transport: {
								type: "streamableHttp",
								url: "https://github.example.com",
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9790cee41a271afe Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:460
		const written = JSON.parse(await readFile(filePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f99ced1235795d1 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:475
		await writeFile(
			filePath,
			JSON.stringify({ mcpServers: {} }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c517bd7931ac861 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:485
		writeFileSync(join(lockPath, "owner.dead"), "dead-owner");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #900a4e7839809a7d Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:505
		await writeFile(
			filePath,
			JSON.stringify({ mcpServers: {} }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84a43faf26f0c666 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:521
			writeFileSync(
				join(replacement, "owner.replacement"),
				"replacement-owner",
				{ flag: "wx" },
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb21c813477b8a7d Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:536
		await writeFile(
			filePath,
			JSON.stringify({ mcpServers: {} }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ca10e63ce64ce17 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:570
		await writeFile(
			filePath,
			JSON.stringify({ mcpServers: {} }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dfc6f03ee61d67d Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:597
		const written = JSON.parse(await readFile(filePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #920b41fd6d80f691 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:609
			writeFileSync(join(lockDir, "owner.holder"), "holder");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44fc1b5f4f947893 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:636
			await writeFile(
				filePath,
				JSON.stringify(
					{
						mcpServers: {
							linear: {
								transport: {
									type: "streamableHttp",
									url: "https://linear.example.com",
								},
							},
							github: {
								transport: {
									type: "streamableHttp",
									url: "https://github.example.com",
								},
							},
						},
					},
					null,
					2,
				),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6feea9cde81694a Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:665
			const written = JSON.parse(await readFile(filePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00241e27981cee04 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:693
		const written = JSON.parse(await readFile(filePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a49557a56f9b5a6a Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.test.ts:701
		writeFileSync(join(lockDir, "owner.dead"), "dead-owner");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e00661d375898f9 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.ts:251
		writeFileSync(tempPath, contents, { encoding: "utf8", flag: "wx" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7ca178e96c06444 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.ts:320
	writeFileSync(join(stagingDir, `owner.${token}`), token, {
		encoding: "utf8",
		flag: "wx",
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47341d09b6f5bc52 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.ts:554
	const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e419b7252bc6c98 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/config-loader.ts:616
	const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02cf7c09c06f1c42 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/oauth.test.ts:23
		await writeFile(
			filePath,
			JSON.stringify(
				{
					mcpServers: {
						linear: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.linear.app/mcp",
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae202db06b74abde Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/oauth.test.ts:69
		const before = await readFile(settingsPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df8a9b38936f7b73 Filesystem access.
repo/sdk/packages/core/src/extensions/mcp/oauth.test.ts:77
		await expect(readFile(settingsPath, "utf8")).resolves.toBe(before);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1625e90b5d36aacf Environment-variable access.
repo/sdk/packages/core/src/extensions/mcp/plugin-server-registration.ts:70
		const sourceValue = process.env[sourceName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7afc078ac7989bd Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:17
		HOME: process.env.HOME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ceeb291ce3eda761 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:18
		CLINE_GLOBAL_SETTINGS_PATH: process.env.CLINE_GLOBAL_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e406d9678cea1e8 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:22
		process.env.HOME = envSnapshot.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a82b17649600a034 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:23
		process.env.CLINE_GLOBAL_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60a8c64c357c255a Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:33
			await writeFile(join(root, "a.js"), "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36ec590e59083f6e Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:34
			await writeFile(join(nested, "b.ts"), "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a9fa6c3390e4101 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:35
			await writeFile(
				join(root, ".a.js.cline-plugin.js"),
				"export default {}",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0553666345f34ae1 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:40
			await writeFile(join(root, "ignore.txt"), "noop", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da16ddc8b09d6e00 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:52
			process.env.HOME = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfa4475100a3c406 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:58
			await writeFile(filePath, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a1f3655620b8b00 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:59
			await writeFile(dirPluginPath, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57adee4086dde968 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:76
			process.env.HOME = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f03124770fce66b7 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:83
			await writeFile(
				join(pluginDir, "package.json"),
				JSON.stringify({
					name: "plugin-package",
					private: true,
					cline: {
						plugins: [
							{
								paths: ["./src/index.ts"],
								capabilities: ["tools"],
							},
						],
					},
				}),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7742339c9eb73e54 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:99
			await writeFile(declaredEntry, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ace1a86a1e03b956 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:100
			await writeFile(ignoredEntry, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb6de5eb75629750 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:118
			process.env.HOME = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0938ca2dc7cb77c4 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:125
			await writeFile(
				join(pluginDir, "package.json"),
				JSON.stringify({
					name: "plugin-package",
					private: true,
					cline: {
						plugins: [
							{
								paths: ["./src/index.ts"],
								capabilities: ["tools"],
							},
						],
					},
				}),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0a47e1bc142eb3f Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:141
			await writeFile(join(srcDir, "index.ts"), "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74142c7d3957a15a Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:142
			await writeFile(
				join(skillDir, "SKILL.md"),
				"---\nname: review\n---\nReview skill.",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c8bffc46dbeec54 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:163
			process.env.HOME = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f73f408dac3d13dc Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:170
			await writeFile(
				join(pluginDir, "package.json"),
				JSON.stringify({
					name: "plugin-package",
					private: true,
					cline: {
						plugins: [
							{
								paths: ["./src/index.ts"],
								capabilities: ["tools"],
							},
						],
					},
				}),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d9cfbfec4b5b5d1 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:186
			await writeFile(join(srcDir, "index.ts"), "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #963c09e28af0560f Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:187
			await writeFile(
				join(skillDir, "SKILL.md"),
				"---\nname: review\n---\nReview skill.",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8d722595c8a0494 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:213
			await writeFile(
				join(pluginDir, "package.json"),
				JSON.stringify({
					name: "plugin-package",
					private: true,
					cline: {
						plugins: [{ paths: ["./src/index.ts"] }],
					},
				}),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a5af3076e470874 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:225
			await writeFile(pluginPath, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ad2df8e2f0ea7f3 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:226
			await writeFile(
				join(skillDir, "SKILL.md"),
				"---\nname: review\n---\nReview skill.",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d068079834b46f5 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:247
			await writeFile(
				join(root, "package.json"),
				JSON.stringify({
					name: "monorepo-root",
					private: true,
				}),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a37c96904854072 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:256
			await writeFile(pluginPath, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c70498279bbdebd2 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:257
			await writeFile(
				join(rootSkillDir, "SKILL.md"),
				"---\nname: private-root-skill\n---\nPrivate root skill.",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c21c9b71ba62e18 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:277
			process.env.HOME = home;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2251a2372fc92dd Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:290
			await writeFile(
				join(installRoot, "package.json"),
				JSON.stringify({
					name: "cline-installed-plugin-demo",
					private: true,
					cline: {
						plugins: [{ paths: ["./package/index.ts"] }],
					},
				}),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea2c53abeb52584b Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:301
			await writeFile(
				join(packageRoot, "index.ts"),
				"export default {}",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbc91e8fc9ef29a4 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:306
			await writeFile(
				join(skillDir, "SKILL.md"),
				"---\nname: review\n---\nReview skill.",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0db2ec53ca95dbb3 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:332
			process.env.HOME = home;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2894ea77516b428a Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:343
			await writeFile(workspacePlugin, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48ae403a3fbb49d4 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:344
			await writeFile(userPlugin, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c656168503a3196 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:345
			await writeFile(documentsPlugin, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4448dcbf80c751da Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:366
			process.env.HOME = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9c1f61aaeaa4f6f Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:371
			process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75859e253a2b6139 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:372
			await writeFile(enabledPlugin, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6aedc7cd39be9f75 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:373
			await writeFile(disabledPlugin, "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #846e9779593fc21e Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:374
			await writeFile(
				settingsPath,
				JSON.stringify({ disabledPlugins: [disabledPlugin] }, null, 2),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46a4868639996681 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:394
			process.env.HOME = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ee41fa304dc0c96 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:399
			await writeFile(
				first,
				"export default { name: 'duplicate-plugin', manifest: { capabilities: ['tools'] } };",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af04c2657353e134 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:404
			await writeFile(
				second,
				"export default { name: 'duplicate-plugin', manifest: { capabilities: ['commands'] } };",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54f84280c085a4da Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:409
			await writeFile(invalid, "export default { name: 'broken' };", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c6a370f5e936a6 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:435
			process.env.HOME = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90c1af6c4b8225bb Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:439
			await writeFile(
				compatible,
				`export default {
	name: 'compatible-plugin',
	manifest: {
		capabilities: ['tools'],
		providerIds: ['cline'],
		modelIds: ['anthropic/claude-haiku-4.5']
	}
};`,
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5db9a84c89a7acbf Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.test.ts:451
			await writeFile(
				incompatible,
				`export default {
	name: 'incompatible-plugin',
	manifest: {
		capabilities: ['tools'],
		providerIds: ['openai'],
		modelIds: ['gpt-5.4']
	}
};`,
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1105b153873b69dd Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-config-loader.ts:98
			readFileSync(join(packageRoot, PACKAGE_JSON_FILE_NAME), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59e7fe682acb2446 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:19
		await writeFile(
			join(dir, "plugin-default.mjs"),
			[
				"export default {",
				"  name: 'from-default',",
				"  manifest: { capabilities: ['hooks'] },",
				"  hooks: { beforeRun: () => undefined }",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dfdfd818a7ffabcd Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:30
		await writeFile(
			join(dir, "plugin-top-level-await.mjs"),
			[
				"const name = await Promise.resolve('plugin-top-level-await');",
				"export default {",
				"  name,",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97f0579e66caf408 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:41
		await writeFile(
			join(dir, "plugin-named.mjs"),
			[
				"export const plugin = {",
				"  name: 'from-named',",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7fe4da81cb47896 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:51
		await writeFile(
			join(dir, "plugin-a.mjs"),
			"export default { name: 'plugin-a', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb2adfe8fa9e8551 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:56
		await writeFile(
			join(dir, "plugin-b.mjs"),
			"export default { name: 'plugin-b', manifest: { capabilities: ['commands'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ace5f39081438892 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:61
		await writeFile(
			join(dir, "plugin-ts.ts"),
			[
				"const name: string = 'plugin-ts';",
				"export default {",
				"  name,",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a496554351231bb4 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:75
		await writeFile(
			join(depDir, "package.json"),
			JSON.stringify({
				name: "plugin-local-dep",
				type: "module",
				exports: "./index.js",
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a991174d0689e884 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:84
		await writeFile(
			join(depDir, "index.js"),
			"export const depName = 'plugin-local-dep';\n",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #659daafd1bcf4bb5 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:89
		await writeFile(
			join(dir, "plugin-with-dep.ts"),
			[
				"import { depName } from 'plugin-local-dep';",
				"export default {",
				"  name: depName,",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #922dc95deb81aad9 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:103
		await writeFile(
			join(sdkDir, "package.json"),
			JSON.stringify({
				name: "@cline/shared",
				type: "module",
				exports: "./index.js",
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e74549d51d6decff Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:112
		await writeFile(
			join(sdkDir, "index.js"),
			"export const sdkMarker = 'plugin-installed-sdk';\n",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbe415e0537a35b7 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:117
		await writeFile(
			join(dir, "plugin-with-sdk-dep.ts"),
			[
				"import { sdkMarker } from '@cline/shared';",
				"export default {",
				"  name: sdkMarker,",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca87811beecb9117 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:129
		await writeFile(
			join(copyDir, "portable-subagents.ts"),
			[
				"import { safeJsonStringify } from '@cline/shared';",
				"import { resolveClineDataDir } from '@cline/shared/storage';",
				"import YAML from 'yaml';",
				"export default {",
				"  name: typeof safeJsonStringify === 'function' ? YAML.stringify({ ok: !!resolveClineDataDir() }) : 'invalid',",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2947b78414ca7c3 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:145
		await writeFile(
			join(packagedCopyDir, "package.json"),
			JSON.stringify({
				name: "packaged-plugin",
				type: "module",
				cline: {
					plugins: ["index.ts"],
				},
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85b3816e9f9266c7 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:156
		await writeFile(
			join(packagedCopyDir, "index.ts"),
			[
				"import YAML from 'yaml';",
				"export default {",
				"  name: YAML.stringify({ ok: true }),",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aba5583cab2480e3 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:170
		await writeFile(
			join(packagedSdkSubpathDir, "package.json"),
			JSON.stringify({
				name: "packaged-sdk-subpath",
				type: "module",
				cline: {
					plugins: ["index.ts"],
				},
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7c2f1dc02a2927 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:181
		await writeFile(
			join(packagedSdkSubpathDir, "index.ts"),
			[
				"import { createConfiguredTelemetryHandle } from '@cline/core/telemetry';",
				"export default {",
				"  name: typeof createConfiguredTelemetryHandle === 'function' ? 'sdk-subpath-ok' : 'invalid',",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43b00208d3b55dcf Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:195
		await writeFile(
			join(packagedTypeOnlyDir, "package.json"),
			JSON.stringify({
				name: "packaged-type-only-imports",
				type: "module",
				cline: {
					plugins: ["index.ts"],
				},
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06448259a8cb4071 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:206
		await writeFile(
			join(packagedTypeOnlyDir, "index.ts"),
			[
				"import type { MissingStaticType } from 'missing-static-type';",
				"type MissingImportType = import('missing-import-type').Foo;",
				"type MissingTypeQuery = typeof import('missing-type-query');",
				"type TypeBag = { value: MissingStaticType; imported: MissingImportType; query: MissingTypeQuery };",
				"function acceptsTypeOnly(input: import('missing-param-type').Foo): TypeBag | undefined {",
				"  void input;",
				"  return undefined;",
				"}",
				"const value = {} as import('missing-assertion-type').Foo;",
				"void value;",
				"void acceptsTypeOnly;",
				"export default {",
				"  name: 'type-only-imports-ok',",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcb00619e14f253d Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:228
		await writeFile(
			join(dir, "invalid-plugin.mjs"),
			"export default { name: 'invalid-plugin' };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f76cd3f7b3bdc6e Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:234
		await writeFile(
			join(dir, "duplicate-one.mjs"),
			"export default { name: 'duplicate-plugin', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99769c8c4fb50d4c Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:239
		await writeFile(
			join(dir, "duplicate-two.mjs"),
			"export default { name: 'duplicate-plugin', manifest: { capabilities: ['commands'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a1289bf50ece509 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:244
		await writeFile(
			join(dir, "targeted-plugin.mjs"),
			[
				"export default {",
				"  name: 'targeted-plugin',",
				"  manifest: { capabilities: ['tools'], providerIds: ['openai'], modelIds: ['gpt-5.4'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95350c356a91531e Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:334
		const previousWrapperPath = process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4b35ca9f8beb6d7 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:341
		await writeFile(join(wrapperBinDir, "cline"), "#!/usr/bin/env node\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ff94ea85faab8ef Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:342
		await writeFile(
			join(depDir, "package.json"),
			JSON.stringify({
				name: "wrapper-host-dep",
				type: "module",
				exports: "./index.js",
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3acf6ee8ad32d1f Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:351
		await writeFile(
			join(depDir, "index.js"),
			"export const depName = 'wrapper-host-dep';\n",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c70673409227a9c6 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:356
		await writeFile(
			pluginPath,
			[
				"import { depName } from 'wrapper-host-dep';",
				"export default {",
				"  name: depName,",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #902fc1e0806f6b8a Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:369
			process.env.CLINE_WRAPPER_PATH = join(wrapperBinDir, "cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8772a6f51314701b Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:374
				delete process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09176dad082a5087 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-loader.test.ts:376
				process.env.CLINE_WRAPPER_PATH = previousWrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36015438ad27364b Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-module-import.ts:71
			const pkg = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bbf32525a8c08c2 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-module-import.ts:256
		const pkg = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96773b250e14ead4 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-module-import.ts:295
	const wrapperPath = process.env.CLINE_WRAPPER_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0884ab6e1eef9583 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-module-import.ts:315
				const pkg = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0270dd0a09204bfb Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-module-import.ts:364
				const pkg = JSON.parse(readFileSync(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d43f1a611a67096 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-module-import.ts:448
	const source = readFileSync(pluginPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #954ae5715a3fe3a4 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-module-import.ts:495
	const source = readFileSync(pluginPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d21c4fe87fc514f5 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:74
		await writeFile(
			join(dir, "plugin.mjs"),
			[
				"export default {",
				"  name: 'sandbox-test',",
				"  manifest: { capabilities: ['hooks','tools'] },",
				"  setup(api) {",
				"    api.registerTool({",
				"      name: 'sandbox_echo',",
				"      description: 'echo',",
				"      inputSchema: { type: 'object', properties: { value: { type: 'string' } }, required: ['value'] },",
				"      execute: async (input) => ({ echoed: input.value }),",
				"    });",
				"  },",
				"  hooks: { beforeRun() { return { reason: 'sandbox-before-run' }; } },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c061a9fdfa54b7c Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:94
		await writeFile(
			join(dir, "plugin-events.mjs"),
			[
				"export default {",
				"  name: 'sandbox-events',",
				"  manifest: { capabilities: ['tools'] },",
				"  setup(api) {",
				"    api.registerTool({",
				"      name: 'emit_event',",
				"      description: 'emit host event',",
				"      inputSchema: { type: 'object', properties: { value: { type: 'string' } }, required: ['value'] },",
				"      execute: async (input) => {",
				"        globalThis.__clinePluginHost?.emitEvent?.('test_event', { value: input.value });",
				"        return { ok: true };",
				"      },",
				"    });",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d76d8b86001f976 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:116
		await writeFile(
			join(dir, "plugin-run-end.mjs"),
			[
				"export default {",
				"  name: 'sandbox-run-end',",
				"  manifest: { capabilities: ['hooks'] },",
				"  hooks: { afterRun(ctx) {",
				"    globalThis.__clinePluginHost?.emitEvent?.('run_end_hook', {",
				"      finishReason: ctx.result?.status,",
				"      iterations: ctx.result?.iterations,",
				"    });",
				"  } },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a42191ba7fdc1d2 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:133
		await writeFile(
			join(dir, "plugin-message-builder.mjs"),
			[
				"export default {",
				"  name: 'sandbox-message-builder',",
				"  manifest: { capabilities: ['messageBuilders'] },",
				"  setup(api) {",
				"    api.registerMessageBuilder({",
				"      name: 'append-system-context',",
				"      build: async (messages) => messages.concat([{ role: 'user', content: [{ type: 'text', text: 'from sandbox builder' }] }]),",
				"    });",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7052ae22fc0ae817 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:150
		await writeFile(
			join(dir, "plugin-rules.mjs"),
			[
				"let resolveCount = 0;",
				"export default {",
				"  name: 'sandbox-rules',",
				"  manifest: { capabilities: ['rules'] },",
				"  setup(api) {",
				"    api.registerRule({",
				"      id: 'sandbox-rules:static',",
				"      source: 'sandbox-rules',",
				"      content: 'Static sandbox rule',",
				"    });",
				"    api.registerRule({",
				"      id: 'sandbox-rules:lazy',",
				"      source: 'sandbox-rules',",
				"      content: async () => {",
				"        resolveCount += 1;",
				"        return 'Lazy sandbox rule ' + resolveCount;",
				"      },",
				"    });",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a065f6fea360cb04 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:177
		await writeFile(
			join(dir, "plugin-automation-events.mjs"),
			[
				"export default {",
				"  name: 'sandbox-automation-events',",
				"  manifest: { capabilities: ['automationEvents','tools'] },",
				"  setup(api, ctx) {",
				"    api.registerAutomationEventType({",
				"      eventType: 'local.plugin_event',",
				"      source: 'local-plugin',",
				"      description: 'Local event emitted by a sandbox plugin',",
				"      attributesSchema: { type: 'object', properties: { topic: { type: 'string' } } },",
				"    });",
				"    api.registerTool({",
				"      name: 'emit_automation_event',",
				"      description: 'emit automation event',",
				"      inputSchema: { type: 'object', properties: { topic: { type: 'string' } }, required: ['topic'] },",
				"      execute: async (input) => {",
				"        await ctx.automation?.ingestEvent?.({",
				"          eventId: 'plugin-' + input.topic,",
				"          eventType: 'local.plugin_event',",
				"          source: 'local-plugin',",
				"          subject: input.topic,",
				"          occurredAt: '2026-04-24T10:00:00.000Z',",
				"          attributes: { topic: input.topic },",
				"        });",
				"        return { ok: true };",
				"      },",
				"    });",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #072c513b0b3e7a99 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:212
		await writeFile(
			join(dir, "plugin-ts.ts"),
			[
				"const TOOL_NAME: string = 'sandbox_ts_echo';",
				"export default {",
				"  name: 'sandbox-ts',",
				"  manifest: { capabilities: ['tools'] },",
				"  setup(api) {",
				"    api.registerTool({",
				"      name: TOOL_NAME,",
				"      description: 'echo',",
				"      inputSchema: { type: 'object', properties: { value: { type: 'string' } }, required: ['value'] },",
				"      execute: async (input) => ({ echoed: input.value }),",
				"    });",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #994a2fa29329ba06 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:234
		await writeFile(
			join(localDepDir, "package.json"),
			JSON.stringify({
				name: "sandbox-local-dep",
				type: "module",
				exports: "./index.js",
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddee791c4187a2e1 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:243
		await writeFile(
			join(localDepDir, "index.js"),
			"export const depName = 'sandbox-local-dep';\n",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdfacbf20be7e21d Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:248
		await writeFile(
			join(dir, "plugin-dep.ts"),
			[
				"import { depName } from 'sandbox-local-dep';",
				"export default {",
				"  name: depName,",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e46eb64ecc038212 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:262
		await writeFile(
			join(sdkDepDir, "package.json"),
			JSON.stringify({
				name: "@cline/shared",
				type: "module",
				exports: "./index.js",
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b992f4d54b2864d5 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:271
		await writeFile(
			join(sdkDepDir, "index.js"),
			"export const sdkMarker = 'sandbox-plugin-installed-sdk';\n",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #65d5572e7ab1afec Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:276
		await writeFile(
			join(dir, "plugin-sdk.ts"),
			[
				"import { sdkMarker } from '@cline/shared';",
				"export default {",
				"  name: sdkMarker,",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a2ee3158531008f Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:288
		await writeFile(
			join(dir, "plugin-host-dep.ts"),
			[
				"import { resolveClineDataDir } from '@cline/shared/storage';",
				"import YAML from 'yaml';",
				"export default {",
				"  name: YAML.stringify({ host: !!resolveClineDataDir() }).trim(),",
				"  manifest: { capabilities: ['tools'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d12c71002134c9b Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:301
		await writeFile(
			join(dir, "plugin-create-tool.ts"),
			[
				"import { createTool } from '@cline/agents';",
				"export default {",
				"  name: 'sandbox-create-tool',",
				"  manifest: { capabilities: ['tools'] },",
				"  setup(api) {",
				"    api.registerTool(createTool({",
				"      name: 'created_tool',",
				"      description: 'created via agents export',",
				"      inputSchema: { type: 'object', properties: { value: { type: 'string' } }, required: ['value'] },",
				"      execute: async (input) => ({ echoed: input.value }),",
				"    }));",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c659d57ce1e9076 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:321
		await writeFile(
			join(dir, "plugin-broken-setup.mjs"),
			[
				"export default {",
				"  name: 'sandbox-broken-setup',",
				"  manifest: { capabilities: ['tools'] },",
				"  async setup() {",
				"    throw new Error('broken setup');",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c39936e039db05f Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:335
		await writeFile(
			join(dir, "plugin-duplicate-a.mjs"),
			"export default { name: 'sandbox-duplicate', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67d1b625f7fff091 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:340
		await writeFile(
			join(dir, "plugin-duplicate-b.mjs"),
			"export default { name: 'sandbox-duplicate', manifest: { capabilities: ['commands'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #857887c50a3fc128 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:345
		await writeFile(
			join(dir, "plugin-targeted.mjs"),
			[
				"export default {",
				"  name: 'sandbox-targeted',",
				"  manifest: { capabilities: ['tools'], providerIds: ['openai'], modelIds: ['gpt-5.4'] },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #983f29f273696143 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:424
			await writeFile(
				pluginPath,
				[
					"export default {",
					"  name: 'sandbox-timeout',",
					"  manifest: { capabilities: ['hooks'] },",
					"  hooks: { beforeRun() { return new Promise(() => {}); } },",
					"};",
				].join("\n"),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17cf6222f284c91 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:458
			await writeFile(
				pluginPath,
				[
					"await new Promise(() => {});",
					"export default {",
					"  name: 'sandbox-import-hang',",
					"  manifest: { capabilities: ['tools'] },",
					"};",
				].join("\n"),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f26ab8d78e3c5f1 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:502
		const previousWrapperPath = process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6d432f2b27198b2 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:526
			await writeFile(wrapperPath, "#!/usr/bin/env node\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad957487db4899d0 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:527
			await writeFile(
				join(packageRoot, "package.json"),
				JSON.stringify({
					name: `@cline/cli-${platform}-${process.arch}`,
					version: "0.0.0-test",
					type: "module",
				}),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25f447c717f29c31 Filesystem access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:536
			await writeFile(
				bootstrapPath,
				[
					"process.on('message', (message) => {",
					"  if (!message || message.type !== 'call') return;",
					"  if (message.method !== 'initialize') throw new Error('Unexpected method: ' + message.method);",
					"  process.send?.({ type: 'event', name: 'wrapper_bootstrap_selected', payload: { ok: true } });",
					"  process.send?.({",
					"    type: 'response',",
					"    id: message.id,",
					"    ok: true,",
					"    result: {",
					"      plugins: [{",
					"        pluginId: 'plugin_1',",
					"        pluginPath: 'wrapper-bootstrap',",
					"        name: 'wrapper-bootstrap',",
					"        manifest: { capabilities: ['tools'] },",
					"        contributions: { tools: [], commands: [], messageBuilders: [], providers: [], automationEventTypes: [] },",
					"      }],",
					"      failures: [],",
					"      warnings: [],",
					"    },",
					"  });",
					"});",
				].join("\n"),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe50c5c5d5c4152a Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:564
			process.env.CLINE_WRAPPER_PATH = wrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7c7a4b6a3442875 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:586
				delete process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8921290e7179bbd Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.test.ts:588
				process.env.CLINE_WRAPPER_PATH = previousWrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #347e1b485503ff11 Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.ts:141
	const wrapperPath = process.env.CLINE_WRAPPER_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e8794b7139c17da Environment-variable access.
repo/sdk/packages/core/src/extensions/plugin/plugin-sandbox.ts:231
		const raw = process.env[envVarName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ebb4bd4d7aa0163 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:20
		await fs.writeFile(
			filePath,
			[
				"export default function Page() {",
				"\treturn (",
				"\t\t<div>",
				'\t\t\t<button onClick={() => console.log("clicked")}>Click me</button>',
				"\t\t</div>",
				"\t);",
				"}",
			].join("\n"),
			"utf-8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0e2e6bf00078c63 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:54
		await expect(fs.readFile(filePath, "utf-8")).resolves.toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #021d5a5f19ff1ff5 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:81
		await expect(fs.readFile(filePath, "utf-8")).resolves.toBe("hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05c09acb36c642a2 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:86
		await fs.writeFile(
			filePath,
			["alpha", "EOF literal", "``` fence", "omega"].join("\n"),
			"utf-8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cf6e763f190e222 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:109
		await expect(fs.readFile(filePath, "utf-8")).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cdaa0fd1d9b4d28 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:131
		await expect(fs.readFile(filePath, "utf-8")).resolves.toBe("hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #406dfd6fe10f83eb Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:151
		await fs.writeFile(filePath, original, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12b26e5fabd4aa5d Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:171
		await expect(fs.readFile(filePath, "utf-8")).resolves.toBe(original);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #112d5444ffe29a8b Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.ts:205
			fileContent = await fs.readFile(absolutePath, encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea6d6163d0379091 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.ts:295
				await fs.writeFile(sourceAbsPath, change.newContent, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89398b53c2669b00 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.ts:312
					await fs.writeFile(moveAbsPath, change.newContent, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6b2fa326bde76c8 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/apply-patch.ts:316
					await fs.writeFile(sourceAbsPath, change.newContent, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb77c2aab6e4dbc0 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:19
	await fs.writeFile(filePath, content, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d272cf7fdce576f Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:48
			await expect(fs.readFile(filePath, "utf-8")).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea09a2e9d7c1b791 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:59
		await fs.writeFile(filePath, "one\ntwo", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6dfaad9216b10ff Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:77
			await expect(fs.readFile(filePath, "utf-8")).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #613d1420a6aecdc5 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:95
			await expect(fs.readFile(filePath, "utf-8")).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c0301d6955a037 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:132
			await expect(fs.readFile(filePath, "utf-8")).resolves.toBe("a\nB\ne\nf");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b53a09712d816c9 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:195
		await fs.writeFile(filePath, "one\ntwo", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67f22fc3fe8e621b Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.test.ts:217
			await expect(fs.readFile(filePath, "utf-8")).resolves.toBe("one\ntwo");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #581f24fa11944aac Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.ts:137
	await fs.writeFile(filePath, fileText, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #795ad5f1cc774e64 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.ts:157
	const content = await fs.readFile(filePath, encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa32a1de36cbb4b2 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.ts:171
	await fs.writeFile(filePath, updated, { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08eb7a13303f8b1f Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.ts:183
	const content = await fs.readFile(filePath, encoding);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2e34b3b9f74fdcb Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/editor.ts:195
	await fs.writeFile(filePath, lines.join("\n"), { encoding });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f851feee1873f21 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:28
			await fs.writeFile(filePath, content, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d59648e58607608d Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:90
		await fs.writeFile(filePath, numberedLines(100), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda897e74c485c5a Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:108
		await fs.writeFile(filePath, numberedLines(2500), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7571cb0db3f3c363 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:139
		await fs.writeFile(filePath, "hello", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7635cad98a36082f Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:159
		await fs.writeFile(filePath, "hello", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #961a48f2513d564a Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:212
		await fs.writeFile(filePath, pngBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c47119f76136914d Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:250
		await fs.writeFile(filePath, gifBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44692938620af9c8 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.test.ts:296
		await fs.writeFile(path.join(dir, onDisk), pngBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2da2c610433cee8 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/file-read.ts:240
			const data = await fs.readFile(resolvedPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7185bd249da95f6f Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/search.test.ts:19
		await fs.writeFile(
			filePath,
			`needle ${"x".repeat(MAX_SEARCH_OUTPUT_CHARS * 2)} TAIL`,
			"utf-8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d1df614a4101fb2 Filesystem access.
repo/sdk/packages/core/src/extensions/tools/executors/search.ts:409
				const content = await fs.readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b745b44c8e8146e Filesystem access.
repo/sdk/packages/core/src/extensions/tools/team/configured-agent-config.ts:177
				const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db5dc9d99e922a04 Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:15
		CLINE_DATA_DIR: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2966cac90d9d9c38 Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:16
		CLINE_TEAM_DATA_DIR: process.env.CLINE_TEAM_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcc8471094d1c5cb Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:21
	process.env.CLINE_DATA_DIR = snapshot.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b9ac492f83715f7 Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:22
	process.env.CLINE_TEAM_DATA_DIR = snapshot.CLINE_TEAM_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82f390370ae6779b Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:44
		process.env.CLINE_TEAM_DATA_DIR = "/tmp/team-dir";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7b26b5c8bbba41d Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:45
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #199530ee2a49cf59 Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:51
		delete process.env.CLINE_TEAM_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a4abf5d475212ba Environment-variable access.
repo/sdk/packages/core/src/extensions/tools/team/team-tools.test.ts:52
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b6edcafd5654a48 Filesystem access.
repo/sdk/packages/core/src/hooks/checkpoint-hooks.test.ts:27
	await writeFile(join(cwd, "note.txt"), "base\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6af3f643dd3794ca Filesystem access.
repo/sdk/packages/core/src/hooks/checkpoint-hooks.test.ts:77
			await writeFile(join(cwd, "note.txt"), "run-one\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96daad4e1ca7a305 Filesystem access.
repo/sdk/packages/core/src/hooks/checkpoint-hooks.test.ts:85
			await writeFile(join(cwd, "note.txt"), "run-two\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88f2ab8f284dcb90 Filesystem access.
repo/sdk/packages/core/src/hooks/checkpoint-hooks.test.ts:166
			await writeFile(join(cwd, "note.txt"), "subagent-dirty\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3efd1556f05cd8be Filesystem access.
repo/sdk/packages/core/src/hooks/checkpoint-hooks.test.ts:214
			await writeFile(join(cwd, "note.txt"), "run-three\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac11e5dcab7e499f Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-config.test.ts:6
		delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cc414e6fe5d7a7a Filesystem access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:26
			return await readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3b08fef0749149e Filesystem access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:70
	await writeFile(hookPath, body, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c66b4389ac64a2d Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:416
		const originalLogPath = process.env.CLINE_HOOKS_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7af99db62f9d451c Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:417
		process.env.CLINE_HOOKS_LOG_PATH = outputPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faed71a0e91cde30 Filesystem access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:436
			const payloads = (await readFile(outputPath, "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8b7383d246090e4 Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:458
				delete process.env.CLINE_HOOKS_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d22ec758d819ebe Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:460
				process.env.CLINE_HOOKS_LOG_PATH = originalLogPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b11eae230f6fcd4b Filesystem access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.test.ts:500
			await writeFile(
				join(workspace, ".clinerules", "hooks", "UserPromptSubmit.js"),
				`let data='';process.stdin.on('data',c=>data+=c);process.stdin.on('end',()=>{require('node:fs').appendFileSync(${JSON.stringify(outputPath)}, data.trim()+"\\n");});\n`,
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b32e9c857015bf1f Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.ts:182
		process.env.CLINE_USER_ID?.trim() || process.env.USER?.trim() || "unknown";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be70dea95feccfc4 Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.ts:187
		clineVersion: process.env.CLINE_VERSION?.trim() || "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2bacf60f7da310e Filesystem access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.ts:399
		const content = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a708f92568ed63d2 Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.ts:682
		const envPath = process.env.CLINE_HOOKS_LOG_PATH?.trim() || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02a5fc2399a8337d Environment-variable access.
repo/sdk/packages/core/src/hooks/hook-file-hooks.ts:1001
					process.env.CLINE_HOOK_AGENT_RESUME === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faf66a15ef3a5366 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:5
	CLINE_HUB_DISCOVERY_PATH: process.env.CLINE_HUB_DISCOVERY_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7df3f925cac5cc71 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:6
	CLINE_DATA_DIR: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57f545541e7a9fd1 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:7
	CLINE_BUILD_ENV: process.env.CLINE_BUILD_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7963f6d0db863e6a Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:13
	process.env.CLINE_BUILD_ENV = "production";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ab69181911763cc Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:17
	process.env.CLINE_HUB_DISCOVERY_PATH = envSnapshot.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67b1b2f237bea1a6 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:18
	process.env.CLINE_DATA_DIR = envSnapshot.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1626fc638d1ca22 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:20
		delete process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44a41711038e57e6 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:22
		process.env.CLINE_BUILD_ENV = envSnapshot.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86de960771664688 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:31
		process.env.CLINE_HUB_DISCOVERY_PATH = discoveryPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #683b832579e7da44 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:50
		delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7751160e37d0f04 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:51
		process.env.CLINE_DATA_DIR = "/tmp/cline-connect-test-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47677ee3dd16f9c3 Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:52
		process.env.CLINE_BUILD_ENV = "development";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a0393b369ed522b Environment-variable access.
repo/sdk/packages/core/src/hub/client/connect.test.ts:79
		process.env.CLINE_HUB_DISCOVERY_PATH = "/tmp/missing-hub-discovery.json";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84d2698a7241279f Environment-variable access.
repo/sdk/packages/core/src/hub/client/index.test.ts:768
		delete process.env.CLINE_HUB_BUILD_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff29dc995aeb45e1 Environment-variable access.
repo/sdk/packages/core/src/hub/client/index.test.ts:1030
		const originalBuildEnv = process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2ff054e7c82da7a Environment-variable access.
repo/sdk/packages/core/src/hub/client/index.test.ts:1031
		process.env.CLINE_BUILD_ENV = "development";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82e90d12a4ce1f85 Environment-variable access.
repo/sdk/packages/core/src/hub/client/index.test.ts:1088
				delete process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dfceef826fc7929 Environment-variable access.
repo/sdk/packages/core/src/hub/client/index.test.ts:1090
				process.env.CLINE_BUILD_ENV = originalBuildEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cde0ff3e91b341a3 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/entry.ts:12
initVcr(process.env.CLINE_VCR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bf5719bf962d5d0 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/index.test.ts:48
const originalRunAsHubDaemon = process.env[CLINE_RUN_AS_HUB_DAEMON_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58def61064306b17 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/index.test.ts:98
		delete process.env[CLINE_RUN_AS_HUB_DAEMON_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b56c0e060d9759c8 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/index.test.ts:121
			delete process.env[CLINE_RUN_AS_HUB_DAEMON_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14a8c91d9408144e Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/index.test.ts:123
			process.env[CLINE_RUN_AS_HUB_DAEMON_ENV] = originalRunAsHubDaemon;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12fa36a57764becb Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/index.test.ts:203
		process.env[CLINE_RUN_AS_HUB_DAEMON_ENV] = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e11e101e0ada655 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/index.test.ts:213
		process.env[CLINE_RUN_AS_HUB_DAEMON_ENV] = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d27873cf46490daa Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/index.ts:359
		!!process.env.CLINE_HUB_PORT?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6badbc0cee4a5b6b Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.test.ts:54
const originalHubPort = process.env.CLINE_HUB_PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f2ca96c58e3995e Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.test.ts:68
			delete process.env.CLINE_HUB_PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7197940ef5b41e9 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.test.ts:70
			process.env.CLINE_HUB_PORT = originalHubPort;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01bb27b56fe9cc38 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.test.ts:75
		delete process.env.CLINE_HUB_PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01219fe0f1d6c557 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.test.ts:92
		delete process.env.CLINE_HUB_PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #234a4b4399062c18 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.test.ts:110
		delete process.env.CLINE_HUB_PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49ac7373c809727b Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.test.ts:124
		process.env.CLINE_HUB_PORT = "30001";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eae31836caf3a446 Environment-variable access.
repo/sdk/packages/core/src/hub/daemon/start-shared-server.ts:63
		options.port !== undefined || !!process.env.CLINE_HUB_PORT?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef2f9d3b48a81a5f Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:19
		CLINE_DATA_DIR: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04e3f782afeca53a Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:20
		CLINE_HUB_DISCOVERY_PATH: process.env.CLINE_HUB_DISCOVERY_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e54cf0fe0e31600 Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:25
	process.env.CLINE_DATA_DIR = snapshot.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a17a617d48f25044 Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:26
	process.env.CLINE_HUB_DISCOVERY_PATH = snapshot.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abc3bb092e7d531f Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:38
		delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ad0b556a7d14442 Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:39
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b8ccc0f0478aa0d Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:54
		process.env.CLINE_HUB_DISCOVERY_PATH = "/tmp/custom-hub-discovery.json";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ee35fbd883bd51a Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:63
		delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5fe94b2929bf2ce Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:64
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77615979c5ba74de Filesystem access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:79
		await writeFile(discoveryPath, "{}\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80ecc1689bc4e2f2 Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:95
		delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b7aa2ee457765c2 Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:96
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #329cecf10bd5458b Filesystem access.
repo/sdk/packages/core/src/hub/discovery/index.test.ts:100
		await writeFile(
			discoveryPath,
			`${JSON.stringify({
				hubId: "hub_123",
				protocolVersion: "v1",
				host: "127.0.0.1",
				port: 25463,
				url: "ws://127.0.0.1:25463/hub",
				startedAt: new Date().toISOString(),
				updatedAt: new Date().toISOString(),
			})}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e888b04add3a8a22 Filesystem access.
repo/sdk/packages/core/src/hub/discovery/index.ts:92
			await readFile(join(lockDir, "owner.json"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb5edacd866e92eb Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.ts:111
	return process.env[HUB_BUILD_ID_ENV]?.trim() || String(corePackage.version);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54471eb201bf4fc3 Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/index.ts:119
		process.env[HUB_DISCOVERY_ENV]?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8f3569d64296a48 Filesystem access.
repo/sdk/packages/core/src/hub/discovery/index.ts:141
			await readFile(discoveryPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4b238318f5c7386 Filesystem access.
repo/sdk/packages/core/src/hub/discovery/index.ts:196
	await writeFile(discoveryPath, `${JSON.stringify(record, null, 2)}\n`, {
		encoding: "utf8",
		mode: 0o600,
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a7cb7342481f3c1 Filesystem access.
repo/sdk/packages/core/src/hub/discovery/index.ts:218
			await writeFile(
				join(lockDir, "owner.json"),
				`${JSON.stringify(
					{ pid: process.pid, acquiredAt: new Date().toISOString() },
					null,
					2,
				)}\n`,
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8af0c88171e07ad1 Environment-variable access.
repo/sdk/packages/core/src/hub/discovery/workspace.ts:32
			process.env[HUB_DISCOVERY_ENV]?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68eb0f2bbe6349d5 Environment-variable access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.test.ts:10
	const previousDataDir = process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1f7edf6389d9380 Environment-variable access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.test.ts:14
		process.env.CLINE_DATA_DIR = previousDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9543ae11305499c0 Environment-variable access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.test.ts:23
		process.env.CLINE_DATA_DIR = root;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49ef09a4f5730faa Filesystem access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.test.ts:60
			readFileSync(__test__.resolveConnectorSettingsPath(), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3278bb9792004626 Filesystem access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.test.ts:82
			readFileSync(__test__.resolveConnectorSettingsPath(), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe408de637773098 Filesystem access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.test.ts:137
			readFileSync(__test__.resolveConnectorSettingsPath(), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e663e74f4978f3b Filesystem access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.ts:110
		const parsed = JSON.parse(readFileSync(path, "utf8")) as unknown;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #232c1c5f4176517a Filesystem access.
repo/sdk/packages/core/src/hub/server/handlers/connector-handlers.ts:146
	writeFileSync(path, `${JSON.stringify(settings, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f3f5eedd6ce34e6 Environment-variable access.
repo/sdk/packages/core/src/hub/server/hub-server-logging.ts:26
	const configured = process.env.CLINE_HUB_LOG_LEVEL?.trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98a14570239f9731 Environment-variable access.
repo/sdk/packages/core/src/hub/server/hub-server-logging.ts:36
	return process.env.VITEST ? "error" : "info";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5acb3ba0be26d352 Environment-variable access.
repo/sdk/packages/core/src/hub/server/hub-websocket-server.ts:569
		!!process.env.CLINE_HUB_PORT?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d2a36ac9e1dc794 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:13
const originalSessionDataDir = process.env.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac464b45e1786ac4 Filesystem access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:96
	await writeFile(
		join(sessionDir, `${sessionId}.json`),
		`${JSON.stringify(completeManifest, null, 2)}\n`,
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b13bf9d096f9a88 Filesystem access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:111
	await writeFile(
		path,
		`${JSON.stringify({ version: 1, messages }, null, 2)}\n`,
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22a29c5eddd7f981 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:127
			delete process.env.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2a99f0b9e7df2eb Environment-variable access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:129
			process.env.CLINE_SESSION_DATA_DIR = originalSessionDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb6e0af90309f9d0 Filesystem access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:455
		await writeFile(
			messagesPath,
			JSON.stringify([{ role: "user", content: "hi" }]),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27b1364e82c7082c Environment-variable access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:486
		process.env.CLINE_SESSION_DATA_DIR = tempSessionDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddd4824acb539d5b Filesystem access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:495
		await writeFile(
			manifestMessagesPath,
			JSON.stringify([{ role: "user", content: "manifest prompt" }]),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b34392d0db8cc2c Filesystem access.
repo/sdk/packages/core/src/runtime/host/history.test.ts:500
		await writeFile(
			olderManifestMessagesPath,
			JSON.stringify([{ role: "user", content: "older manifest prompt" }]),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4cd67ebcef935e4 Filesystem access.
repo/sdk/packages/core/src/runtime/host/history.ts:162
			const raw = await readFile(manifestPath, "utf8").catch(() => undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12fa59eca8d6284b Filesystem access.
repo/sdk/packages/core/src/runtime/host/history.ts:475
	const raw = await readFile(manifestPath, "utf8").catch(() => undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7196db7c4c59aa8 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/host.test.ts:63
		delete process.env.CLINE_SESSION_BACKEND_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a88bc3bed92ecb38 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/host.test.ts:64
		delete process.env.CLINE_VCR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c7c0c6b1d59aa24 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/host.test.ts:95
		process.env.CLINE_SESSION_BACKEND_MODE = "local";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9095ba8cb6987b7 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/host.test.ts:104
		process.env.CLINE_VCR = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a601e907220c5cb1 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/host.ts:23
	if (process.env.CLINE_VCR?.trim()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fa2a0b13b366733 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/host.ts:26
	const raw = process.env.CLINE_SESSION_BACKEND_MODE?.trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da57f6b45a7e47eb Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:104
		writeFileSync(
			manifestPath,
			`${JSON.stringify(manifest, null, 2)}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f0a9aff8af1784d Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:109
		writeFileSync(
			messagesPath,
			`${JSON.stringify({ version: 1, updated_at: startedAt, messages: [] }, null, 2)}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2fddda33eb4e5c3 Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:169
		writeFileSync(
			row.messagesPath,
			`${JSON.stringify(payload, null, 2)}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e56e4d57ef2c69a Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:195
		writeFileSync(
			manifestPath,
			`${JSON.stringify(manifest, null, 2)}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #869711b2db03ad9a Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:220
		HOME: process.env.HOME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e497bc314931b23 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:221
		CLINE_DIR: process.env.CLINE_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8159e12b17516d17 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:228
		process.env.HOME = isolatedHomeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b64426573e8be4e5 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:229
		process.env.CLINE_DIR = join(isolatedHomeDir, ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2ff10616c2f2ece Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:231
		setClineDir(process.env.CLINE_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb6e30def9000cdc Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:235
		process.env.HOME = envSnapshot.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91f16368c4a46060 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:236
		process.env.CLINE_DIR = envSnapshot.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d9917072dcff654 Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:374
			readFileSync(started.manifestPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c69bcdf46acd048 Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.e2e.test.ts:511
		const payload = JSON.parse(readFileSync(started.messagesPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d145f95d5973914 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:156
		HOME: process.env.HOME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #022ec6534fa54265 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:157
		CLINE_DIR: process.env.CLINE_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8de3d99f91c00162 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:163
		process.env.HOME = isolatedHomeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #510a08265d5ea424 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:164
		process.env.CLINE_DIR = join(isolatedHomeDir, ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff69c9f537a5148d Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:166
		setClineDir(process.env.CLINE_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42ff1bce2f6ecc6e Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:170
		process.env.HOME = envSnapshot.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26b8fdcc93e76287 Environment-variable access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:171
		process.env.CLINE_DIR = envSnapshot.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06b72dd102724bdc Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:1013
		writeFileSync(
			messagesPath,
			`${JSON.stringify({ version: 1, messages })}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7dcb35979c47c1a Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:3156
		writeFileSync(
			join(sessionDir, "investigator__resume.messages.json"),
			`${JSON.stringify({
				version: 1,
				messages: [
					{
						role: "assistant",
						content: "teammate answer",
						metrics: {
							inputTokens: 7,
							outputTokens: 5,
							cacheReadTokens: 2,
							cacheWriteTokens: 1,
							cost: 0.12,
						},
					},
				],
			})}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5415875f9d65d3f Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:4675
			writeFileSync(messagesPath, JSON.stringify(persistedMessages), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0597c4dc50f1c95 Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:4805
			writeFileSync(messagesPath, JSON.stringify(sourceMessages), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b88107894dddddc Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:4861
			writeFileSync(mentionPath, "export const v = 1;\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63723567267b3329 Filesystem access.
repo/sdk/packages/core/src/runtime/host/local-runtime-host.test.ts:4862
			writeFileSync(explicitPath, "note\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb931509ae029248 Filesystem access.
repo/sdk/packages/core/src/runtime/host/local/user-files.ts:13
	const content = await readFile(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7fdaadf228d4144 Filesystem access.
repo/sdk/packages/core/src/runtime/host/runtime-host-support.test.ts:24
		await writeFile(
			messagesPath,
			JSON.stringify([
				{
					role: "user",
					content: '<user_input mode="act">spawn a team of agents</user_input>',
				},
				{
					role: "assistant",
					content: "Working on it.",
				},
				{
					role: "user",
					content: [
						{
							type: "text",
							text: '<user_input mode="plan"><mode_notice>The user switched from act mode to plan mode before sending this message.</mode_notice>\ninspect repo</user_input>',
						},
					],
				},
			]),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a13beb106768e247 Filesystem access.
repo/sdk/packages/core/src/runtime/host/runtime-host-support.ts:59
		const raw = (await readFile(path, "utf8")).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d853877ce0e03ef8 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.configured-agent-execution.test.ts:88
	const previousHome = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53d566e1d0e4164f Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.configured-agent-execution.test.ts:103
		process.env.HOME = previousHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0013bc67737a589c Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.configured-agent-execution.test.ts:116
		process.env.HOME = tempHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d3511d70926ba9c Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.configured-agent-execution.test.ts:124
		writeFileSync(
			join(agentsDir, "reviewer.yml"),
			`---
name: reviewer
description: Reviews code
tools: Execute_Command, Read_File, Use_Skill
skills: commit
providerId: openai
modelId: gpt-4.1
maxIterations: 3
---
You are a reviewer.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5a7b8d2a69e4a31 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.configured-agent-execution.test.ts:138
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: commit
description: Commit messages
---
Write a concise commit message.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7909640ebe40bef1 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.configured-agent-execution.test.ts:267
		writeFileSync(
			join(agentsDir, "reviewer.yml"),
			`---
name: reviewer
description: Reviews code
skills: commit
---
You are a reviewer.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b530ef75d6dbe52 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:57
	const previousHome = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd9f3ae9dc513319 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:58
	const previousGlobalSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d280230f336e4cc9 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:62
		process.env.HOME = previousHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70a0ab6af3393db0 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:64
		process.env.CLINE_GLOBAL_SETTINGS_PATH = previousGlobalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f1d89b38decd0c2 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:103
		writeFileSync(
			join(globalAgentsDir, "code-reviewer.yml"),
			`---
name: code-reviewer
description: Reviews code for quality and best practices
tools: Execute_Command, Read_File
modelId: anthropic/claude-sonnet-4.6
---
You are a code reviewer.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca8cb5bafe77b38d Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:147
		writeFileSync(
			join(agentsDir, "code-reviewer.yml"),
			`---
name: code-reviewer
description: Reviews code
tools: use_skill
skills: review
---
You are a code reviewer.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f209fc25dbd5cd5b Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:158
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: review
---
Use the review guidance.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea8ade673dddb3f Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:370
		process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4de2a64d098e921 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:371
		writeFileSync(
			settingsPath,
			JSON.stringify({ disabledTools: ["search_codebase"] }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #010edda87c1a76ba Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:412
		const previousSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ccc3feee1c6075e Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:414
		writeFileSync(
			serverPath,
			`let buffer = "";
function write(payload) {
  process.stdout.write(JSON.stringify(payload) + "\\n");
}
function handle(message) {
  if (message.method === "initialize") {
    write({ jsonrpc: "2.0", id: message.id, result: { protocolVersion: "2024-11-05", capabilities: { tools: {} }, serverInfo: { name: "mock", version: "1.0.0" } } });
    return;
  }
  if (message.method === "tools/list") {
    write({ jsonrpc: "2.0", id: message.id, result: { tools: [{ name: "echo", description: "Echo tool", inputSchema: { type: "object", properties: { value: { type: "string" } }, required: [] } }] } });
    return;
  }
  if (message.method === "tools/call") {
    write({ jsonrpc: "2.0", id: message.id, result: { echoed: message.params?.arguments?.value ?? null } });
  }
}
process.stdin.on("data", (chunk) => {
  buffer += chunk.toString("utf8");
  while (true) {
    const separator = buffer.indexOf("\\n");
    if (separator < 0) break;
    const line = buffer.slice(0, separator).trim();
    buffer = buffer.slice(separator + 1);
    if (!line) continue;
    const message = JSON.parse(line);
    if (message.method === "notifications/initialized") continue;
    handle(message);
  }
});`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8865952d39f2c9dc Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:448
		writeFileSync(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						mock: {
							command: process.execPath,
							args: [serverPath],
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a63b35f6cae19206 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:465
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2796aa87f51c68a Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:473
			process.env.CLINE_MCP_SETTINGS_PATH = previousSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5c96bebcf3936b1 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:483
		const previousSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6adca09cd6e60676 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:485
		writeFileSync(
			serverPath,
			`let buffer = "";
function write(payload) {
  const body = JSON.stringify(payload);
  process.stdout.write("Content-Length: " + Buffer.byteLength(body, "utf8") + "\\r\\n\\r\\n" + body);
}
function handle(message) {
  if (message.method === "initialize") {
    write({ jsonrpc: "2.0", id: message.id, result: { protocolVersion: "2024-11-05", capabilities: { tools: {} }, serverInfo: { name: "mock", version: "1.0.0" } } });
    return;
  }
  if (message.method === "tools/list") {
    write({ jsonrpc: "2.0", id: message.id, result: { tools: [{ name: "echo", description: "Echo tool", inputSchema: { type: "object", properties: { value: { type: "string" } }, required: [] } }] } });
    return;
  }
  if (message.method === "tools/call") {
    write({ jsonrpc: "2.0", id: message.id, result: { echoed: message.params?.arguments?.value ?? null } });
  }
}
process.stdin.on("data", (chunk) => {
  buffer += chunk.toString("utf8");
  while (true) {
    const separator = buffer.indexOf("\\r\\n\\r\\n");
    if (separator < 0) break;
    const header = buffer.slice(0, separator);
    const match = header.match(/Content-Length:\\s*(\\d+)/i);
    if (!match) throw new Error("missing content length");
    const length = Number(match[1]);
    const start = separator + 4;
    const end = start + length;
    if (buffer.length < end) break;
    const body = buffer.slice(start, end);
    buffer = buffer.slice(end);
    const message = JSON.parse(body);
    if (message.method === "notifications/initialized") continue;
    handle(message);
  }
});`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27d5f0b1bbba2b0f Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:526
		writeFileSync(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						mock: {
							command: process.execPath,
							args: [serverPath],
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf0adf67c11e80d8 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:543
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ac4e0d035de8e9b Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:555
			process.env.CLINE_MCP_SETTINGS_PATH = previousSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d05ccedcda56eda6 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:563
		const previousSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef94e9ad61aff4e7 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:565
		writeFileSync(
			serverPath,
			`process.stdin.once("data", () => {
  process.stdout.write("Content-Length: 2\\r\\n\\r\\n{]");
});`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a216e36451fd3374 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:572
		writeFileSync(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						broken: {
							command: process.execPath,
							args: [serverPath],
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e40b260f8886c4cb Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:589
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7be97f818abc265e Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:600
			process.env.CLINE_MCP_SETTINGS_PATH = previousSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a47f64bf52bff188 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:609
		const previousSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55c3cb33eec6ce68 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:611
		writeFileSync(settingsPath, "{ not valid json !!!", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f929bd8bb77d0ad0 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:613
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99f7957ea6da91bf Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:622
			process.env.CLINE_MCP_SETTINGS_PATH = previousSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d91c0470ce7c50b0 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:630
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: commit
description: Create commit message
---
Use conventional commits.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52eb77f5838f4072 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:652
		process.env.HOME = cwd;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2275eb951319cf36 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:657
		writeFileSync(
			join(pluginDir, "package.json"),
			JSON.stringify(
				{
					name: "review-plugin",
					private: true,
					cline: {
						plugins: [{ paths: ["./index.ts"] }],
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84d23779b430b0cd Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:672
		writeFileSync(join(pluginDir, "index.ts"), "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ae4efda2754f455 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:673
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: review
description: Review code
---
Use the review plugin guidance.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96d06400578ef928 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:711
		process.env.HOME = cwd;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cc6b5dfbdc8aaa1 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:717
		writeFileSync(
			join(pluginDir, "package.json"),
			JSON.stringify({
				name: "review-plugin",
				private: true,
				cline: {
					plugins: [{ paths: ["./index.ts"] }],
				},
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43535b76a66f2882 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:728
		writeFileSync(join(pluginDir, "index.ts"), "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #290aabccce34f91a Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:729
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: review
description: Review code
---
Use the review plugin guidance.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2acf2d99cdd24ba3 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:769
		process.env.HOME = cwd;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffc38e5f203239b2 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:774
		writeFileSync(
			join(pluginDir, "package.json"),
			JSON.stringify({
				name: "review-plugin",
				private: true,
				cline: {
					plugins: [{ paths: ["./index.ts"] }],
				},
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a657cadf4aed01e Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:785
		writeFileSync(join(pluginDir, "index.ts"), "export default {}", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25799a860ccad458 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:786
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: review
---
Use the review plugin guidance.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48259623450e4149 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:812
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: commit
description: Create commit message
---
Use conventional commits.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #467887f457729c1f Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:853
		writeFileSync(
			join(enabledDir, "SKILL.md"),
			`---
name: commit
---
Enabled skill.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #551bc0342ecb19c0 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:861
		writeFileSync(
			join(disabledDir, "SKILL.md"),
			`---
name: review
disabled: true
---
Disabled skill.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04404c545a6f972b Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:901
		writeFileSync(
			join(commitDir, "SKILL.md"),
			`---
name: commit
---
Commit skill.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c12e12435b2465d7 Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:909
		writeFileSync(
			join(reviewDir, "SKILL.md"),
			`---
name: review
---
Review skill.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0251ce0bd8bfd1d Filesystem access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-builder.test.ts:960
		writeFileSync(
			join(skillDir, "SKILL.md"),
			`---
name: review
disabled: true
---
Review skill.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2bd870a678e4670 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-parity.test.ts:74
		HOME: process.env.HOME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c89657fa054fd44 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-parity.test.ts:75
		CLINE_DIR: process.env.CLINE_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33405b508fdd6471 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-parity.test.ts:81
		process.env.HOME = isolatedHomeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01b7108c05282bb1 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-parity.test.ts:82
		process.env.CLINE_DIR = join(isolatedHomeDir, ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6360a67cdededb1 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-parity.test.ts:84
		setClineDir(process.env.CLINE_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0195837f26b327a6 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-parity.test.ts:88
		process.env.HOME = envSnapshot.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08ff878d6bcbae65 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/runtime-parity.test.ts:89
		process.env.CLINE_DIR = envSnapshot.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17ff6e3c28c25790 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/session-runtime-orchestrator.test.ts:1289
			process.env[MESSAGE_BUILDER_LIMIT_ENV.minOutdatedRewriteBytes];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #196cf77f38e52c59 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/session-runtime-orchestrator.test.ts:1290
		process.env[MESSAGE_BUILDER_LIMIT_ENV.minOutdatedRewriteBytes] = "7000";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88616a66bbeeb373 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/session-runtime-orchestrator.test.ts:1294
			delete process.env[MESSAGE_BUILDER_LIMIT_ENV.minOutdatedRewriteBytes];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cab5f048af960b2 Environment-variable access.
repo/sdk/packages/core/src/runtime/orchestration/session-runtime-orchestrator.test.ts:1296
			process.env[MESSAGE_BUILDER_LIMIT_ENV.minOutdatedRewriteBytes] =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc5f9dabb489ac2d Filesystem access.
repo/sdk/packages/core/src/runtime/tools/tool-approval.ts:54
	await writeFile(
		requestPath,
		`${JSON.stringify(
			{
				requestId,
				sessionId,
				createdAt: nowIso(),
				toolCallId: request.toolCallId,
				toolName: request.toolName,
				input: request.input,
				iteration: request.iteration,
				agentId: request.agentId,
				conversationId: request.conversationId,
			},
			null,
			2,
		)}\n`,
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bde0d44bc92fb74 Filesystem access.
repo/sdk/packages/core/src/runtime/tools/tool-approval.ts:79
			const raw = await readFile(decisionPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1bb145b2a9a318d Filesystem access.
repo/sdk/packages/core/src/services/feature-flags/FeatureFlagsService.test.ts:117
		writeFileSync(
			cacheFilePath,
			`${JSON.stringify({
				version: 1,
				updatedAt: Date.now(),
				userId: "user-1",
				flagsPayload: {
					featureFlags: { [TEST_BOOLEAN_FLAG]: true },
					featureFlagPayloads: { [TEST_PAYLOAD_FLAG]: 1234 },
				},
			})}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4930bf124fef3029 Filesystem access.
repo/sdk/packages/core/src/services/feature-flags/FeatureFlagsService.test.ts:156
		const cache = JSON.parse(readFileSync(cacheFilePath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee4b06623b9f8111 Filesystem access.
repo/sdk/packages/core/src/services/feature-flags/FeatureFlagsService.ts:186
				readFileSync(this.cacheFilePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04f6aa8674239be1 Filesystem access.
repo/sdk/packages/core/src/services/feature-flags/FeatureFlagsService.ts:242
			writeFileSync(
				this.cacheFilePath,
				`${JSON.stringify(cache, null, 2)}\n`,
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9f096fc43227750 Environment-variable access.
repo/sdk/packages/core/src/services/feature-flags/FeatureFlagsService.ts:324
		if (process.env.NODE_ENV === "test" || process.env.IS_TEST === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1deced0f2014f4f Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:19
	const previousGlobalSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a39b8ba3d115452c Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:22
		process.env.CLINE_GLOBAL_SETTINGS_PATH = previousGlobalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #472f262f3ec1a527 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:83
			process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b9e4c2feb17caa4 Filesystem access.
repo/sdk/packages/core/src/services/global-settings.test.ts:95
			expect(JSON.parse(await readFile(settingsPath, "utf8"))).toEqual({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6079d824309278ef Filesystem access.
repo/sdk/packages/core/src/services/global-settings.test.ts:101
			await writeFile(
				settingsPath,
				JSON.stringify({
					disabledTools: ["read_files"],
					extra: true,
					telemetryOptOut: true,
				}),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d36e540799e206b Filesystem access.
repo/sdk/packages/core/src/services/global-settings.test.ts:115
			await writeFile(
				settingsPath,
				JSON.stringify({
					disabledTools: 42,
					extra: true,
					telemetryOptOut: true,
				}),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67e5d0ed954a14d0 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:136
			process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03491177bd6b9cd9 Filesystem access.
repo/sdk/packages/core/src/services/global-settings.test.ts:148
			expect(JSON.parse(await readFile(settingsPath, "utf8"))).toEqual({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8536b2fda811d958 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:163
			process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c54dd085dc923b Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:188
			process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c51a489ceac66cdf Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:210
			process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00f177a71ca1e852 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:225
				process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #168dca07b48725e3 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:245
				process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0d4d5618a2e7b5e Filesystem access.
repo/sdk/packages/core/src/services/global-settings.test.ts:249
				await writeFile(
					settingsPath,
					JSON.stringify({ disabledTools: ["read_files"] }),
				);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85fa9d1499aad354 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:271
				process.env.CLINE_GLOBAL_SETTINGS_PATH = pathA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57af375465fa572c Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:279
				process.env.CLINE_GLOBAL_SETTINGS_PATH = pathB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e15505314610fa81 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:287
				process.env.CLINE_GLOBAL_SETTINGS_PATH = pathA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97f62dfff92b34a5 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:303
				process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d65cdef94cdce06 Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:322
				process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #951cfe880cf458ee Environment-variable access.
repo/sdk/packages/core/src/services/global-settings.test.ts:348
				process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94b3ca9701c44fd7 Filesystem access.
repo/sdk/packages/core/src/services/global-settings.test.ts:355
				await writeFile(
					settingsPath,
					JSON.stringify({ disabledTools: ["editor"] }),
				);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3350416491386587 Filesystem access.
repo/sdk/packages/core/src/services/global-settings.ts:108
		raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbf9908c7ab09981 Filesystem access.
repo/sdk/packages/core/src/services/global-settings.ts:158
	writeFileSync(filePath, `${JSON.stringify(normalized, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6f6bcfd09991703 Filesystem access.
repo/sdk/packages/core/src/services/llms/runtime-config.ts:13
	const raw = await readFile(resolvedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eac7e339d6d6cc29 Environment-variable access.
repo/sdk/packages/core/src/services/local-runtime-bootstrap.test.ts:41
	const previousGlobalSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #968460addea66412 Environment-variable access.
repo/sdk/packages/core/src/services/local-runtime-bootstrap.test.ts:45
		process.env.CLINE_GLOBAL_SETTINGS_PATH = previousGlobalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70fb68fcc7c92625 Environment-variable access.
repo/sdk/packages/core/src/services/local-runtime-bootstrap.test.ts:125
		process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39dfd5bd4fae0a00 Filesystem access.
repo/sdk/packages/core/src/services/local-runtime-bootstrap.test.ts:126
		writeFileSync(
			settingsPath,
			JSON.stringify({ disabledTools: ["blocked_tool"] }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24381f9d17357336 Environment-variable access.
repo/sdk/packages/core/src/services/local-runtime-bootstrap.ts:152
	headers["User-Agent"] = `Cline/${process.env.npm_package_version || "1.0.0"}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9adb89f6ca837055 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:18
		originalHome = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #254c94848541a767 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:19
		originalClineDir = process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41b63085de61eac7 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:20
		process.env.HOME = home;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e56e17e274351e9f Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:21
		process.env.CLINE_DIR = join(home, ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0175a8d8c4fa4387 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:23
		setClineDir(process.env.CLINE_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bafa6a4de092c47 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:28
			delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #270502aabb599a7d Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:30
			process.env.HOME = originalHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a77d51997027b9d9 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:33
			delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c82aca87c35a333 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:35
			process.env.CLINE_DIR = originalClineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebec0789197d3c27 Filesystem access.
repo/sdk/packages/core/src/services/marketplace.test.ts:42
		await writeFile(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						context7: { transport: { type: "stdio", command: "node" } },
						other: { transport: { type: "stdio", command: "node" } },
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89a0903013e65092 Filesystem access.
repo/sdk/packages/core/src/services/marketplace.test.ts:73
		const settings = JSON.parse(readFileSync(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10f464fa48313d87 Filesystem access.
repo/sdk/packages/core/src/services/marketplace.test.ts:83
		await writeFile(
			join(skillDir, "SKILL.md"),
			"---\nname: Review\n---\n",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99d09424ea657460 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.test.ts:125
			process.env.CLINE_DIR ?? "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac04bba5d5ca8f64 Filesystem access.
repo/sdk/packages/core/src/services/marketplace.test.ts:130
		await writeFile(join(clineSkillDir, "SKILL.md"), "# Review Team", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #087b93d56a817cdc Filesystem access.
repo/sdk/packages/core/src/services/marketplace.test.ts:164
		await writeFile(
			join(installPath, "package.json"),
			JSON.stringify({ name: "goal" }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34c57d0deb2decbd Filesystem access.
repo/sdk/packages/core/src/services/marketplace.test.ts:169
		await writeFile(
			entryPath,
			"export default { name: 'goal', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ba61a9ddcfc8919 Environment-variable access.
repo/sdk/packages/core/src/services/marketplace.ts:64
		process.env.HOME?.trim() || process.env.USERPROFILE?.trim() || homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01b220eaa719afda Filesystem access.
repo/sdk/packages/core/src/services/mcp-install.test.ts:31
		return JSON.parse(readFileSync(settingsPath, "utf8")) as Record<

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9466dd6963457a7b Filesystem access.
repo/sdk/packages/core/src/services/mcp-install.test.ts:128
		writeFileSync(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						existing: {
							transport: { type: "stdio", command: "node" },
							disabled: true,
						},
					},
					customTopLevelKey: true,
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ec7bf3f4877b63b Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:42
		originalHome = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e68ca62d3f1f773 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:43
		originalClineDir = process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed6fab30dc56575f Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:44
		originalClineDataDir = process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e112c661368e5b36 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:45
		originalMcpSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9e78ae2883ee0e0 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:46
		process.env.HOME = home;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08d0677ccffe3546 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:47
		process.env.CLINE_DIR = join(home, ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d539542e420441a Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:48
		process.env.CLINE_DATA_DIR = join(home, ".cline", "data");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f3612d63f25fb6a Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:49
		process.env.CLINE_MCP_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2201776ec8b64387 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:55
		setClineDir(process.env.CLINE_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5d8df93a9a32834 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:61
			delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a4bf66fcd1f8378 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:63
			process.env.HOME = originalHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df28d7f355549208 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:66
			delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d9f6ae17b039c43 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:68
			process.env.CLINE_DIR = originalClineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a5de41ca0ec9825 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:71
			delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16c0845dd3a38cf7 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:73
			process.env.CLINE_DATA_DIR = originalClineDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39d9870b5f291238 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:76
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c02333415c37ed2 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:78
			process.env.CLINE_MCP_SETTINGS_PATH = originalMcpSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f281d52341abf23b Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:95
				await writeFile(join(pluginRoot, filename), content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca0d4c3c843c7878 Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:130
		writeFileSync(
			source,
			"export default { name: 'weather', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a04aca17e02630b Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:166
		expect(readFileSync(result.entryPaths[0] ?? "", "utf8")).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fa6f5ceb62d9938 Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:196
		expect(readFileSync(result.entryPaths[0] ?? "", "utf8")).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69bd27c09e086aeb Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:200
			readFileSync(join(result.installPath, "package.json"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42193fbbf953206f Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:214
		writeFileSync(
			source,
			`
export default {
  name: "sdk-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "sdk-docs",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e30cb6210517ed4 Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:243
			readFileSync(process.env.CLINE_MCP_SETTINGS_PATH ?? "", "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c24056dae5e4c93 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:243
			readFileSync(process.env.CLINE_MCP_SETTINGS_PATH ?? "", "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #595a867a8ad58ee9 Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.test.ts:265
		writeFileSync(
			source,
			"export default { name: 'replaceable', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfa233cbb063a30c Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.ts:583
			readFileSync(packageJsonPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1d3ca1866161fe2 Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.ts:644
	await writeFile(
		packageJsonPath,
		`${JSON.stringify(manifest, null, 2)}\n`,
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a39060d1d35c1f24 Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.ts:742
	await writeFile(
		join(wrapperRoot, "package.json"),
		JSON.stringify(
			{
				...WRAPPER_PACKAGE_JSON,
				name: packageName,
				cline: {
					plugins: [{ paths: entryPaths }],
				},
			},
			null,
			2,
		),
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c855859a517b1b7f Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.ts:767
	await writeFile(
		join(packageRoot, "package.json"),
		JSON.stringify({ name: "cline-plugin-install", private: true }, null, 2),
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55a886334c808f83 Filesystem access.
repo/sdk/packages/core/src/services/plugin-install.ts:959
		await writeFile(join(stagingRoot, parsed.filename), body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6a614b985877912 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-install.ts:1151
		options.npmCommand ?? (process.env.CLINE_NPM_COMMAND?.trim() || "npm");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35763ca0e3eff0a8 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:32
		await writeFile(pluginPath, source, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f28fd534b5f7ba0 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:63
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44a6cf81ef11b705 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:95
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3e2a3f1975381b0 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:122
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecd600214591deb7 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:154
		await expect(readFile(settingsPath, "utf8")).rejects.toThrow();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e9ad5515135271f Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:171
		await writeFile(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						"old-docs": {
							transport: {
								type: "streamableHttp",
								url: "https://old.example.com/mcp",
							},
							metadata: {
								source: "plugin",
								pluginName: "plain-tools",
								pluginPath,
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9b1c4cde495f9e0 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:208
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68bbf88dc311fa95 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:221
		await writeFile(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						"old-docs": {
							transport: {
								type: "streamableHttp",
								url: "https://old.example.com/mcp",
							},
							metadata: {
								source: "plugin",
								pluginName: "repo-docs",
								pluginPath,
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a627045b53e5c8dd Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:258
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6ab795ef228bef6 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:268
		await writeFile(
			goodPluginPath,
			`
export default {
  name: "good-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "good-docs",
      transport: { type: "streamableHttp", url: "https://good.example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7a9608e448c7b6f Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:284
		await writeFile(
			badPluginPath,
			`
export default {
  name: "bad-plugin",
  manifest: { capabilities: ["tools"] },
  setup(api) {
    api.registerMcpServer({
      name: "bad-docs",
      transport: { type: "streamableHttp", url: "https://bad.example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f1dc6106048bc4a Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:300
		await writeFile(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						"bad-docs": {
							transport: {
								type: "streamableHttp",
								url: "https://old-bad.example.com/mcp",
							},
							metadata: {
								source: "plugin",
								pluginName: "bad-plugin",
								pluginPath: badPluginPath,
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9adede094d0284c9 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:344
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1795936d08dd7716 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:368
		await writeFile(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						"repo-docs": {
							transport: {
								type: "streamableHttp",
								url: "https://user.example.com/mcp",
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdf8d5052548993d Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:396
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b2a691cd51506ea Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:417
		await writeFile(settingsPath, "{ nope", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e041eaf29d9122c4 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:429
		expect(await readFile(settingsPath, "utf8")).toBe("{ nope");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #edf82683a0187673 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:446
		await writeFile(blockedDirectory, "file", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ebcf4a0038bc431 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:483
		await writeFile(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						"repo-docs": {
							transport: {
								type: "streamableHttp",
								url: "https://old.example.com/mcp",
							},
							oauth: {
								tokens: {
									access_token: "token",
								},
							},
							metadata: {
								source: "plugin",
								pluginName: "repo-docs",
								pluginPath,
							},
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a782f3e2a3b066d9 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:517
		const written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39bca780640c5580 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:556
		let written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e702aa2cc062da8 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.test.ts:565
		written = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3623c2df0c5ac407 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.ts:68
		const parsed = JSON.parse(readFileSync(filePath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c95291bb6e977299 Filesystem access.
repo/sdk/packages/core/src/services/plugin-mcp-settings.ts:97
	writeFileSync(
		filePath,
		`${JSON.stringify({ ...settings, mcpServers: servers }, null, 2)}\n`,
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #684db21b4b75af0c Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:22
		originalHome = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37360b832302c57e Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:23
		originalClineDir = process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4dc0af9a30059f4 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:24
		originalClineDataDir = process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92098a744ae2231e Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:25
		originalGlobalSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a0e56bdcdddfe2e Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:26
		originalMcpSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe8ed7cf499bafab Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:27
		process.env.HOME = home;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f752743041f2c45 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:28
		process.env.CLINE_DIR = join(home, ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #373e8e4efe955634 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:29
		process.env.CLINE_DATA_DIR = join(home, ".cline", "data");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #087db89d72ac8dd6 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:30
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eee481b805180a56 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:38
		setClineDir(process.env.CLINE_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a25cf6135ffa023 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:43
			delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d720431bbfc41a9 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:45
			process.env.HOME = originalHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #166016c88e49c0fd Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:48
			delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59fc5f22d03d5211 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:50
			process.env.CLINE_DIR = originalClineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ad3bf46c34fec7e Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:53
			delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9093860d6cf4cfd Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:55
			process.env.CLINE_DATA_DIR = originalClineDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9adf8874ce155b34 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:58
			delete process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39aff2a8e147a668 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:60
			process.env.CLINE_GLOBAL_SETTINGS_PATH = originalGlobalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17c7122289476007 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:63
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c4871306bebb02 Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:65
			process.env.CLINE_MCP_SETTINGS_PATH = originalMcpSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52372e9329d7aad3 Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:81
		await writeFile(
			join(installPath, "package.json"),
			JSON.stringify(
				{
					name: "cline-installed-plugin-test",
					cline: {
						plugins: [{ paths: ["./package/index.ts"] }],
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #148882fca0eb4478 Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:95
		await writeFile(
			join(installPath, "package", "package.json"),
			JSON.stringify({ name: "cline-internal-bundled-skills-demo" }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3104fa31c209ecec Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:100
		await writeFile(
			entryPath,
			"export default { name: 'demo', manifest: { capabilities: ['skills'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2de971a04e5535f3 Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:125
		await writeFile(
			pluginPath,
			"export default { name: 'direct', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #171bb89bc12f9c5d Environment-variable access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:142
			process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #053a268fd730b695 Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:144
			await writeFile(
				pluginPath,
				"export default { name: 'mcp-plugin', manifest: { capabilities: ['mcp'] } };",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #558029da389cb5e7 Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:149
			await writeFile(
				settingsPath,
				JSON.stringify(
					{
						mcpServers: {
							smoke: {
								transport: {
									type: "stdio",
									command: process.execPath,
									args: ["-e", "process.exit(0)"],
								},
								metadata: {
									source: "plugin",
									pluginName: "mcp-plugin",
									pluginPath,
								},
							},
						},
					},
					null,
					2,
				),
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57d58b3568b753fa Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.test.ts:193
			await writeFile(
				pluginPath,
				"export default { name: 'locked', manifest: { capabilities: ['tools'] } };",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #459a1198fee9d774 Filesystem access.
repo/sdk/packages/core/src/services/plugin-uninstall.ts:83
		const parsed = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8cf5a8a57a34e3b Filesystem access.
repo/sdk/packages/core/src/services/providers/local-provider-registry.ts:114
		const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85a03ed778c51f98 Filesystem access.
repo/sdk/packages/core/src/services/providers/local-provider-registry.ts:126
		const raw = await readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a1c586023ceba8b Filesystem access.
repo/sdk/packages/core/src/services/providers/local-provider-registry.ts:140
	writeFileSync(filePath, `${JSON.stringify(parsed, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6d9dc20c30f79cb Filesystem access.
repo/sdk/packages/core/src/services/providers/local-provider-registry.ts:149
	await writeFile(filePath, `${JSON.stringify(parsed, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fd5441dd61e0d7e Filesystem access.
repo/sdk/packages/core/src/services/providers/local-provider-service.test.ts:777
			writeFileSync(
				path.join(settingsDir, "models.json"),
				`${JSON.stringify(
					{
						version: 1,
						providers: {
							cline: {
								models: {
									"openai/gpt-5.5": {
										id: "openai/gpt-5.5",
										name: "OpenAI GPT-5.5",
									},
								},
							},
						},
					},
					null,
					2,
				)}\n`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dee2877ce6c4e3b1 Filesystem access.
repo/sdk/packages/core/src/services/session-data.ts:335
	writeFileSync(
		path,
		`${JSON.stringify(
			buildMessagesFilePayload({
				updatedAt: startedAt,
				context,
				messages: [],
			}),
			null,
			2,
		)}\n`,
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71eef78eeb4a0cba Filesystem access.
repo/sdk/packages/core/src/services/storage/file-team-store.ts:123
		return readFileSync(historyPath, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a59b46155af8ba36 Filesystem access.
repo/sdk/packages/core/src/services/storage/file-team-store.ts:173
		writeFileSync(tempPath, `${JSON.stringify(envelope, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60fbff1e53e948f9 Filesystem access.
repo/sdk/packages/core/src/services/storage/file-team-store.ts:240
				readFileSync(path, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a00cf4b62eb17eb Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:30
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "anthropic",
					actModeApiModelId: "claude-sonnet-4-6",
					anthropicBaseUrl: "https://example.invalid/anthropic",
					actModeReasoningEffort: "high",
					actModeThinkingBudgetTokens: 2048,
					requestTimeoutMs: 90000,
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30d52b68f1b9e17d Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:46
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ apiKey: "legacy-anthropic-key" }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7d72e7454757eb Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:83
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "plan",
					planModeApiProvider: "oca",
					actModeReasoningEffort: "low",
					planModeOcaReasoningEffort: "high",
					actModeOcaReasoningEffort: "medium",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba907defcf6e9506 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:97
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ ocaApiKey: "legacy-oca-key" }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d3bb4b1d023da56 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:125
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "anthropic",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34afcd70e26986e2 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:136
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ apiKey: "legacy-key" }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86da1a6c63f6c557 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:171
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "openai-codex",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ed84288bf5e175 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:182
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify(
				{
					"openai-codex-oauth-credentials": JSON.stringify({
						type: "openai-codex",
						access_token: "legacy-access",
						refresh_token: "legacy-refresh",
						expires: Date.now() + 60_000,
						accountId: "acct_123",
					}),
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d23ec49f9930b029 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:230
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "anthropic",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6ad8ff7d434c2b9 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:241
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify(
				{
					"cline:clineAccountId": makeClineAccountJson({
						idToken: "legacy-cline-access",
						refreshToken: "legacy-cline-refresh",
						expiresAt: 1_750_000_000,
						userId: "user-123",
					}),
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f6475053cf6195e Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:280
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "openai",
					actModeOpenAiModelId: "gpt-oss-120b",
					openAiBaseUrl: "https://gateway.example.invalid/v1",
					openAiHeaders: {
						"X-Test": "legacy-header",
					},
					requestTimeoutMs: 45000,
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ade6e243bbc42fff Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:297
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ openAiApiKey: "legacy-openai-compatible-key" }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3fa6395d271ed36 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:324
		expect(JSON.parse(readFileSync(modelsPath, "utf8"))).toEqual({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9b7769ea6659316 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:355
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "openai",
					actModeOpenAiModelId: "gpt-5",
					openAiBaseUrl: "https://api.openai.com/v1",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59ff5f5b06bfe5bd Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:368
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ openAiApiKey: "legacy-openai-key" }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c37c02a923e77182 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:400
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "bedrock",
					actModeApiModelId: "global.anthropic.claude-opus-4-6-v1",
					awsRegion: "us-east-1",
					awsAuthentication: "profile",
					awsProfile: "bedrock",
					awsBedrockUsePromptCache: true,
					awsUseCrossRegionInference: true,
					awsUseGlobalInference: false,
					actModeAwsBedrockCustomModelBaseId:
						"anthropic.claude-sonnet-4-5-20250929-v1:0",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f351e6f7e49290c9 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:420
		writeFileSync(path.join(tempDir, "secrets.json"), JSON.stringify({}));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12efccc29c183a07 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:456
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "bedrock",
					actModeApiModelId: "anthropic.claude-haiku-4-5-20251001-v1:0",
					awsRegion: "us-east-1",
					awsAuthentication: "credentials",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e5425eb22ab6d2a Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:470
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ awsAccessKey: "access", awsSecretKey: "secret" }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fd636e2451cb2ba Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:497
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "sapaicore",
					actModeApiModelId: "anthropic--claude-4.6-sonnet",
					sapAiCoreBaseUrl: "https://api.ai.example.aws.ml.hana.ondemand.com",
					sapAiCoreTokenUrl:
						"https://example.authentication.sap.hana.ondemand.com",
					sapAiResourceGroup: "default",
					sapAiCoreUseOrchestrationMode: true,
					actModeSapAiCoreDeploymentId: "deployment-id",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60d674a3980dc1a6 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:515
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify(
				{
					sapAiCoreClientId: "sap-client",
					sapAiCoreClientSecret: "sap-secret",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee8491adcb088a45 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:560
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "sapaicore",
					actModeApiModelId: "gpt-4o",
					sapAiCoreBaseUrl: "https://api.ai.example.aws.ml.hana.ondemand.com",
					sapAiCoreTokenUrl:
						"https://example.authentication.sap.hana.ondemand.com",
					sapAiResourceGroup: "default",
					sapAiCoreUseOrchestrationMode: false,
					actModeSapAiCoreDeploymentId: "deployment-id",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85a8cbca4820e332 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:578
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify(
				{
					sapAiCoreClientId: "sap-client",
					sapAiCoreClientSecret: "sap-secret",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98f15f8a234b072c Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:609
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					sapAiCoreBaseUrl: "https://api.ai.example.aws.ml.hana.ondemand.com",
					sapAiCoreTokenUrl:
						"https://example.authentication.sap.hana.ondemand.com",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c42adc9c22a8983 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.test.ts:621
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify(
				{
					sapAiCoreClientId: "sap-client",
					sapAiCoreClientSecret: "sap-secret",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d52c2cfde9122133 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-legacy-migration.ts:252
		const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83204c3560d563a6 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:89
		const before = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d62130b9c2423cd3 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:102
		expect(readFileSync(filePath, "utf8")).toBe(before);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ad8156248b02ed1 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:250
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "anthropic",
					actModeApiModelId: "claude-sonnet-4-6",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ebf01efe5c637f9 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:262
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ apiKey: "legacy-key" }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d7c8ca044332a1f Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:284
		writeFileSync(
			path.join(tempDir, "globalState.json"),
			JSON.stringify(
				{
					mode: "act",
					actModeApiProvider: "openai",
					actModeOpenAiModelId: "gpt-oss-120b",
					openAiBaseUrl: "https://gateway.example.invalid/v1",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68abf8858d564b2b Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:297
		writeFileSync(
			path.join(tempDir, "secrets.json"),
			JSON.stringify({ openAiApiKey: "legacy-key" }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f2b299f0bd41d06 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:335
		writeFileSync(
			filePath,
			JSON.stringify(
				{
					version: 1,
					lastUsedProvider: "custom-provider",
					providers: {
						"custom-provider": {
							settings: {
								provider: "custom-provider",
								baseUrl: "https://custom.example.invalid/v1",
								model: "custom-model",
								apiKey: "test-key",
								capabilities: ["reasoning", "tools"],
							},
							updatedAt: new Date().toISOString(),
							tokenSource: "manual",
						},
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b105b6b8d3cba141 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:392
		writeFileSync(
			filePath,
			JSON.stringify(
				{
					version: 1,
					lastUsedProvider: "custom-responses",
					providers: {
						"custom-responses": {
							settings: {
								provider: "custom-responses",
								baseUrl: "https://responses.example.invalid/v1",
								model: "responses-model",
								protocol: "openai-responses",
								apiKey: "test-key",
							},
							updatedAt: new Date().toISOString(),
							tokenSource: "manual",
						},
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e990538db94e1462 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:445
		writeFileSync(
			filePath,
			JSON.stringify(
				{
					version: 1,
					providers: {
						"disk-added-provider": {
							settings: {
								provider: "disk-added-provider",
								baseUrl: "https://disk.example.invalid/v1",
								model: "disk-model",
							},
							updatedAt: new Date().toISOString(),
							tokenSource: "manual",
						},
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b6cacabade8ca20 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.test.ts:535
		writeFileSync(filePath, "{ not-json", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #310d3a3d869003d0 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.ts:100
			const raw = readFileSync(this.filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc11e105daeffd49 Filesystem access.
repo/sdk/packages/core/src/services/storage/provider-settings-manager.ts:130
			writeFileSync(tempPath, `${JSON.stringify(normalized, null, 2)}\n`, {
				encoding: "utf8",
				mode: 0o600,
			});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6119b8687a147223 Environment-variable access.
repo/sdk/packages/core/src/services/telemetry/OpenTelemetryProvider.test.ts:15
	const previousGlobalSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #330ec1e3f735a764 Environment-variable access.
repo/sdk/packages/core/src/services/telemetry/OpenTelemetryProvider.test.ts:20
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b3b0f68eae7d70f4 Environment-variable access.
repo/sdk/packages/core/src/services/telemetry/OpenTelemetryProvider.test.ts:27
		process.env.CLINE_GLOBAL_SETTINGS_PATH = previousGlobalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cab367ad1969f610 Filesystem access.
repo/sdk/packages/core/src/services/telemetry/distinct-id.ts:52
			const savedDistinctId = readFileSync(distinctIdPath, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6ba7d894154d243 Filesystem access.
repo/sdk/packages/core/src/services/telemetry/distinct-id.ts:64
		writeFileSync(distinctIdPath, generatedDistinctId, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4257cea71b62769 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:27
			await writeFile(path.join(cwd, "src", "main.ts"), "export {}\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bf51b64284b9295 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:28
			await writeFile(path.join(cwd, "README.md"), "# Demo\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c73eb02075bb87c5 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:43
			await writeFile(path.join(cwd, ".git", "config"), "[core]\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8092fb0eaba5b882 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:44
			await writeFile(
				path.join(cwd, "node_modules", "pkg", "index.js"),
				"module.exports = {}\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #502f6dcfb5aaee33 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:49
			await writeFile(
				path.join(cwd, "app.ts"),
				"export const app = 1\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2800a83ee2d8ca2 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:66
			await writeFile(
				path.join(cwd, "first.ts"),
				"export const first = 1\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bccaa1ad4ec0519 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:74
			await writeFile(
				path.join(cwd, "second.ts"),
				"export const second = 2\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d37ec328c20b078 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:93
			await writeFile(
				path.join(cwd, "visible.ts"),
				"export const ok = 1\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d86a1f8eed280eeb Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:98
			await writeFile(
				path.join(unreadableDir, "hidden.ts"),
				"export const hidden = 1\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d8e156cbce1047b Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:122
			await writeFile(
				path.join(firstWorkspace, "first.ts"),
				"export const first = 1\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eab51e20c6d8110a Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:127
			await writeFile(
				path.join(secondWorkspace, "second.ts"),
				"export const second = 2\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17a7f208d4b00ca5 Filesystem access.
repo/sdk/packages/core/src/services/workspace/file-indexer.test.ts:140
			await writeFile(
				path.join(firstWorkspace, "later.ts"),
				"export const later = 3\n",
				"utf8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #516321ea3e53858a Filesystem access.
repo/sdk/packages/core/src/services/workspace/mention-enricher.test.ts:28
			await writeFile(sourcePath, "export const answer = 42\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e76d16bb6683f370 Filesystem access.
repo/sdk/packages/core/src/services/workspace/mention-enricher.test.ts:47
			await writeFile(path.join(cwd, "README.md"), "# Demo\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #593cf76be467aa21 Filesystem access.
repo/sdk/packages/core/src/services/workspace/mention-enricher.test.ts:68
			await writeFile(path.join(cwd, "a.ts"), "123", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8777ddbebb016a35 Filesystem access.
repo/sdk/packages/core/src/services/workspace/mention-enricher.test.ts:69
			await writeFile(path.join(cwd, "b.ts"), "const b = 2\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec7a415b258176ef Filesystem access.
repo/sdk/packages/core/src/services/workspace/mention-enricher.test.ts:89
			await writeFile(path.join(cwd, "a.ts"), "aaa", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ae9cf629dc98066 Filesystem access.
repo/sdk/packages/core/src/services/workspace/mention-enricher.test.ts:90
			await writeFile(path.join(cwd, "b.ts"), "bbb", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a66750b26305fed6 Filesystem access.
repo/sdk/packages/core/src/services/workspace/mention-enricher.test.ts:91
			await writeFile(path.join(cwd, "c.ts"), "ccc", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd98dc2f384edfa6 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.test.ts:29
		writeFileSync(join(dir, "tracked.txt"), "base\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7d8a30675ab52fa Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.test.ts:30
		writeFileSync(join(dir, "deleted.txt"), "delete me\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8ea8dbb8fe882a7 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.test.ts:41
		writeFileSync(join(dir, "tracked.txt"), "changed\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3035139149b23304 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.test.ts:43
		writeFileSync(join(dir, "untracked.txt"), "new file\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d61debb27ab69cac Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.test.ts:78
		writeFileSync(join(dir, "tracked.txt"), "checkpoint dirty\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5309b3bfd5998ae Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.test.ts:80
		writeFileSync(join(dir, "tracked.txt"), "current dirty\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9962f89035869341 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.test.ts:134
		writeFileSync(join(dir, "tracked.txt"), "changed\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92d4890f7b1a0ae6 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-diff.ts:70
		return await fs.readFile(resolveGitPath(cwd, relativePath), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9497531070755c22 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-restore.test.ts:31
	writeFileSync(join(cwd, "tracked.txt"), "base\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cedf7999aac9249 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-restore.test.ts:50
		writeFileSync(join(dir, "tracked.txt"), "dirty\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5613ac7cf1a4ad4 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-restore.test.ts:51
		writeFileSync(join(dir, "untracked.txt"), "keep me\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b6ff7964bc970c3 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-restore.test.ts:62
		expect(readFileSync(join(dir, "tracked.txt"), "utf8")).toBe("dirty\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb66a5c3f11e5290 Filesystem access.
repo/sdk/packages/core/src/session/checkpoint-restore.test.ts:63
		expect(readFileSync(join(dir, "untracked.txt"), "utf8")).toBe("keep me\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad17e1d2ace0fb01 Filesystem access.
repo/sdk/packages/core/src/session/services/file-session-service.ts:46
	writeFileSync(tempPath, `${JSON.stringify(value, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff335812b51ed94a Filesystem access.
repo/sdk/packages/core/src/session/services/file-session-service.ts:76
			const parsed = JSON.parse(readFileSync(path, "utf8")) as FileSessionIndex;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55233248ad1ed6f7 Filesystem access.
repo/sdk/packages/core/src/session/services/file-session-service.ts:96
			const parsed = JSON.parse(readFileSync(path, "utf8")) as FileSpawnQueue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2540421f1090289d Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:74
			JSON.parse(readFileSync(artifacts.manifestPath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7314b593c6edabae Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:82
			JSON.parse(readFileSync(artifacts.manifestPath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a1d98d49fe7f8e3 Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:85
			readFileSync(artifacts.messagesPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b69a17a6d506b57a Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:88
			readFileSync(artifacts.compactionPath ?? "", "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e14d87e869ec3ae Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:141
			JSON.parse(readFileSync(artifacts.manifestPath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e58d8a7e6afe920 Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:168
			readFileSync(artifacts.manifestPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74846398e22f2dfb Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:173
		writeFileSync(
			artifacts.manifestPath,
			`${JSON.stringify(manifest, null, 2)}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #743e04d5b06223be Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:192
			JSON.parse(readFileSync(artifacts.manifestPath, "utf8")),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d42a3e31b9c180a Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:240
				readFileSync(artifacts.manifestPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b302581c1c99f19 Environment-variable access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:254
			const globalHookLog = process.env.CLINE_HOOKS_LOG_PATH ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8792e27ea2b02182 Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:256
				const hookContent = readFileSync(globalHookLog, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1855a6f135de5fdb Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:353
			const payload = JSON.parse(readFileSync(path, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18e92597c4696631 Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:460
			readFileSync(row?.messagesPath as string, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0b62b81f9702e52 Filesystem access.
repo/sdk/packages/core/src/session/services/persistence-service.test.ts:505
			readFileSync(artifacts.manifestPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7890a191caf880d Filesystem access.
repo/sdk/packages/core/src/session/stores/atomic-file.ts:32
		await handle.writeFile(contents, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59ea8087ca98306c Filesystem access.
repo/sdk/packages/core/src/session/stores/session-manifest-store.ts:73
		writeFileSync(
			manifestPath,
			`${JSON.stringify(SessionManifestSchema.parse(manifest), null, 2)}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c536149c5c500fa Filesystem access.
repo/sdk/packages/core/src/session/stores/session-manifest-store.ts:101
			raw = await readFile(manifestPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #298b1be8f33d2af0 Filesystem access.
repo/sdk/packages/core/src/session/stores/session-manifest-store.ts:137
					JSON.parse(readFileSync(manifestPath, "utf8")) as SessionManifest,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fa676f8bab6bc5e Filesystem access.
repo/sdk/packages/core/src/session/stores/session-manifest-store.ts:175
		writeFileSync(path, contents, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa44b721dc41c8db Filesystem access.
repo/sdk/packages/core/src/session/stores/session-manifest-store.ts:226
				JSON.parse(await readFile(path, "utf8")) as unknown,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fce154b0b1446221 Environment-variable access.
repo/sdk/packages/core/src/session/stores/session-manifest-store.ts:265
		const envPath = process.env.CLINE_HOOKS_LOG_PATH?.trim() || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f229d9c0b582b74a Filesystem access.
repo/sdk/packages/core/src/session/stores/team-persistence-store.ts:51
			const raw = readFileSync(this.statePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1815cb7d837a62c Filesystem access.
repo/sdk/packages/core/src/session/stores/team-persistence-store.ts:90
		writeFileSync(tmpPath, `${JSON.stringify(envelope, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6022892355659ce0 Environment-variable access.
repo/sdk/packages/core/src/session/team/team-child-session-manager.ts:407
		const envPath = process.env.CLINE_HOOKS_LOG_PATH?.trim() || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40f0445b26e37e5b Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:11
		CLINE_GLOBAL_SETTINGS_PATH: process.env.CLINE_GLOBAL_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #457ff06cbf142b01 Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:12
		CLINE_MCP_SETTINGS_PATH: process.env.CLINE_MCP_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7fe7761966b728f Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:17
			delete process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c13d9aa0bcaad18e Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:19
			process.env.CLINE_GLOBAL_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a10339c08c5e2d50 Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:23
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18d28a53f11b3c0f Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:25
			process.env.CLINE_MCP_SETTINGS_PATH = envSnapshot.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5d07932812b55ce Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:37
		await writeFile(
			skillPath,
			`---
name: skill-one
---
Use this skill.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f43891fe0afb998 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:84
		const written = await readFile(skillPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c75f0ed9516b9e47 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:100
		await writeFile(join(skillDir, "SKILL.md"), "Use this skill.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89cf64666daa6c97 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:133
		await writeFile(
			join(installRoot, "package.json"),
			JSON.stringify({
				name: "test-plugin-skill-owner",
				cline: {
					plugins: [{ paths: ["./package/index.ts"] }],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82319177a43e6ef4 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:142
		await writeFile(pluginPath, "export default {};");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfe2571915defc6d Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:143
		await writeFile(
			join(skillDir, "SKILL.md"),
			`---
name: test-plugin-skill-owner
description: Browser agent
---
Use the browser.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59d87e3edfe1762d Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:174
		process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #089d9d83923d0d38 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:187
		await writeFile(
			join(installRoot, "package.json"),
			JSON.stringify({
				name: "test-plugin-skill-disabled",
				cline: {
					plugins: [{ paths: ["./package/index.ts"] }],
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #835259812a0b0c9a Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:196
		await writeFile(pluginPath, "export default {};");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #014694ee8ae699fe Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:197
		await writeFile(
			join(skillDir, "SKILL.md"),
			`---
name: test-plugin-skill-disabled
description: Browser agent
---
Use the browser.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #825c13bb26be6157 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:205
		await writeFile(
			settingsPath,
			JSON.stringify({ disabledPlugins: [pluginPath] }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d9a7483b09120cb Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:226
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cbffe06ea2c2af5 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:227
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					otherSetting: true,
					mcpServers: {
						docs: {
							transport: {
								type: "stdio",
								command: "node",
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ccab60e3e82b9bd Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:269
			await readFile(settingsPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7663cf3b28446e70 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:287
			await readFile(settingsPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5af33a8a154a9c8 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:300
			await readFile(settingsPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5316acd21769658 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:313
			await readFile(settingsPath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #672af54a104f696b Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:326
		await writeFile(skillPath, "Use this skill.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91f136abcdcc6bb1 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:365
		await writeFile(outsidePath, outsideContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3a6016311ca54af Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:376
		expect(await readFile(outsidePath, "utf8")).toBe(outsideContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #956ebb234dbe6581 Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:382
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08be198d6cd277b4 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:401
				await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32c6a56e92c0dade Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:401
				await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b7c853f84574180 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:413
				await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82308f8f150c4054 Environment-variable access.
repo/sdk/packages/core/src/settings/settings-service.test.ts:413
				await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d951e6ee795586a5 Filesystem access.
repo/sdk/packages/core/src/settings/settings-service.ts:74
		const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/cli

npm first-party
high pii_flow production #01810179722ee9cd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/cli/src/connectors/adapters/discord.ts:1363 · flow /tmp/closeopen-epgogze_/repo/apps/cli/src/connectors/adapters/discord.ts:1362 → /tmp/closeopen-epgogze_/repo/apps/cli/src/connectors/adapters/discord.ts:1363
			const rootMessage = await event.channel.post(
				`${displayName} invoked ${commandText}`,
			);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #79a79d73f8cd3d2b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/apps/cli/src/connectors/adapters/slack.ts:999 · flow /tmp/closeopen-epgogze_/repo/apps/cli/src/connectors/adapters/slack.ts:1000 → /tmp/closeopen-epgogze_/repo/apps/cli/src/connectors/adapters/slack.ts:999
			const rootMessage = await event.channel.post(
				`${event.user.fullName} invoked ${commandText}`,
			);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #d2d137e5851069b9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/cli/src/utils/feature-flags.ts:52
						client: buildClinePostHogClient(apiKey),

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 600 low-confidence finding(s)
low env_fs production #01245a377fa95c1c Filesystem access.
repo/apps/cli/bin/cline:15
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4b57121bb471361 Environment-variable access.
repo/apps/cli/bin/cline:46
const envPath = process.env.CLINE_BIN_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b1a43dc9a340a5f Environment-variable access.
repo/apps/cli/script/build.ts:43
		defines[`process.env.${name}`] = JSON.stringify(process.env[name] ?? "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a775b3f7527dcf30 Filesystem access.
repo/apps/cli/script/build.ts:48
const pkg = JSON.parse(readFileSync(join(cliDir, "package.json"), "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e9f55872f53d105 Filesystem access.
repo/apps/cli/script/build.ts:267
		const content = readFileSync(bootstrapSrc);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8994064b1a112f3 Filesystem access.
repo/apps/cli/script/publish-npm.ts:80
	const pkg: unknown = JSON.parse(readFileSync(packageJsonPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49e226af91b558f4 Filesystem access.
repo/apps/cli/script/publish-npm.ts:178
		readFileSync(join(cliDir, "dist", filepath), "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2237a7b77b66df11 Filesystem access.
repo/apps/cli/script/publish-npm.ts:213
	readFileSync(join(cliDir, "package.json"), "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d162dccb29a58171 Filesystem access.
repo/apps/cli/script/publish-npm.ts:290
	readFileSync(join(cliDir, "package.json"), "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe029cd9ab4f84b0 Environment-variable access.
repo/apps/cli/src/acp/acpAgent.ts:114
		if (!this.authResult && !process.env.CLINE_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b72d8cd79891c650 Environment-variable access.
repo/apps/cli/src/acp/acpAgent.ts:131
			process.env.CLINE_PROVIDER ?? this.authResult?.providerId ?? "cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #781aaf80c55191ac Environment-variable access.
repo/apps/cli/src/acp/acpAgent.ts:133
			process.env.CLINE_MODEL ?? "anthropic/claude-sonnet-4.6";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #066d8e99174531c0 Environment-variable access.
repo/apps/cli/src/acp/acpAgent.ts:310
				if (process.env.CLINE_PROVIDER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5436b991d3e77c11 Environment-variable access.
repo/apps/cli/src/acp/acpAgent.ts:516
		const providerId = process.env.CLINE_PROVIDER ?? session.currentProviderId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22e1eb6f73356307 Environment-variable access.
repo/apps/cli/src/acp/acpAgent.ts:517
		const apiKey = process.env.CLINE_API_KEY ?? this.authResult?.apiKey ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #782406a1e0397d5f Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:17
	readFileSync(path.join(cliRoot, "package.json"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d54fa412d4992e91 Environment-variable access.
repo/apps/cli/src/cli.e2e.test.ts:19
const bunExec = process.env.BUN_EXEC_PATH ?? "bun";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b805bbb6082b5722 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:301
		writeFileSync(
			path.join(workflowsDir, "release.md"),
			`---
name: release
---
Release checklist.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaea08322ca5273a Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:309
		writeFileSync(
			path.join(workflowsDir, "disabled.md"),
			`---
name: disabled
disabled: true
---
Do not list this.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #000ed519050262b9 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:339
		writeFileSync(
			path.join(workflowsDir, "release.md"),
			`---
name: release
---
Release checklist.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #373b05923bbc9a99 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:365
		writeFileSync(
			path.join(workflowsDir, "review.md"),
			`---
name: review
---
Review checklist.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7cb983101d232eda Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:396
		writeFileSync(
			path.join(docsWorkflowsDir, "docs-release.md"),
			`---
name: docs-release
---
Release from docs path.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b068a0bf9b9f2b59 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:421
		writeFileSync(
			path.join(rulesDir, "rule.md"),
			`---
name: no-force-push
---
Do not force push.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c92f450c439602a Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:445
		writeFileSync(
			path.join(skillsDir, "SKILL.md"),
			`---
name: commit
---
Create a concise commit message.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2223f96d2039e9a Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:478
		writeFileSync(
			path.join(docsRulesDir, "docs-rule.md"),
			`---
name: docs-rule
---
Rule from docs path.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #018943e224bf2fb4 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:486
		writeFileSync(
			path.join(docsSkillsDir, "SKILL.md"),
			`---
name: docs-skill
---
Skill from docs path.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07b41d9aee601c71 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:524
		writeFileSync(
			path.join(globalAgentsDir, "reviewer.yaml"),
			`---
name: Reviewer
description: Reviews code changes
---
Review diffs thoroughly.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7644d1938f7d7f8b Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:533
		writeFileSync(
			path.join(workspaceAgentsDir, "planner.yaml"),
			`---
name: Planner
description: Plans implementation tasks
---
Break work into clear steps.`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a790ff1cb0cf31a Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:600
		writeFileSync(
			path.join(workspacePluginsDir, "workspace-plugin.ts"),
			"export default { name: 'workspace-plugin', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfb7daaaee3e6e7c Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:605
		writeFileSync(
			path.join(userPluginsDir, "user-plugin.js"),
			"export default { name: 'user-plugin', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0864c4911e68359a Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:610
		writeFileSync(
			path.join(documentsPluginsDir, "docs-plugin.ts"),
			"export default { name: 'docs-plugin', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8a7dc58038d11b8 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:684
		writeFileSync(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						docs: {
							transport: {
								type: "stdio",
								command: "node",
							},
						},
						remote: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.example.com",
							},
							disabled: true,
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e373def0fe45940b Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:783
		writeFileSync(
			path.join(workspacePluginsDir, "workspace-plugin.ts"),
			[
				"export default {",
				"  name: 'workspace-plugin',",
				"  manifest: { capabilities: ['tools'] },",
				"  setup(api) {",
				"    api.registerTool({",
				"      name: 'plugin_echo',",
				"      description: 'Echo from plugin',",
				"      inputSchema: { type: 'object', properties: {}, required: [] },",
				"      execute: async () => ({ ok: true }),",
				"    });",
				"  },",
				"};",
			].join("\n"),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08b53737c1b589fe Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:801
		writeFileSync(
			globalSettingsPath,
			JSON.stringify({ disabledTools: ["plugin_echo"] }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e057722bedece520 Filesystem access.
repo/apps/cli/src/cli.e2e.test.ts:931
		const log = readFileSync(logPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e6280bd7afc12b0 Environment-variable access.
repo/apps/cli/src/cli.interactive.e2e.test.ts:9
const bunExec = process.env.BUN_EXEC_PATH ?? "bun";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8862d1d5b0886c88 Filesystem access.
repo/apps/cli/src/commands/bin-wrapper.test.ts:31
	writeFileSync(scriptPath, `#!/usr/bin/env node\n${contents}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #198d29704e1c6701 Environment-variable access.
repo/apps/cli/src/commands/config.ts:29
	const clineDir = process.env.CLINE_DIR?.trim() || join(homedir(), ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b6998eb0289aa11 Filesystem access.
repo/apps/cli/src/commands/config.ts:212
				const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29b2e0a8df844488 Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:27
	ENV_KEYS.map((key) => [key, process.env[key]]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8035e4b722ced5f Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:34
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf1654e020497248 Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:36
			process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbd1f35d492bbc03 Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:62
		process.env.CLINE_HUB_WEBVIEW_DIST_DIR = webviewDistDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #652ffe0024db060c Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:78
					workspaceRoot: process.env.WORKSPACE_ROOT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #068c5d1da0c28d9c Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:79
					clineDir: process.env.CLINE_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc73a92b627aa1f4 Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:80
					clineDataDir: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd9f3c4743308b85 Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:81
					providerSettingsPath: process.env.CLINE_PROVIDER_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e2dd32466a8f07f Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:82
					host: process.env.HOST,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d652daa9520a914d Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:83
					port: process.env.CLINE_HUB_DASHBOARD_PORT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7c60b265812296b Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:84
					publicUrl: process.env.PUBLIC_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f8a98abfce4a963 Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:85
					roomSecret: process.env.ROOM_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee7b81f3d54db51b Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:86
					webviewDistDir: process.env.CLINE_HUB_WEBVIEW_DIST_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68003c50fffc12aa Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:125
		expect(process.env.WORKSPACE_ROOT).toBe(originalEnv.WORKSPACE_ROOT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d33d9ebfb344da Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:126
		expect(process.env.CLINE_HUB_WEBVIEW_DIST_DIR).toBe(webviewDistDir);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab026ac3a9b88793 Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:168
		process.env.CLINE_WRAPPER_PATH = wrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c45f0216ad17d00f Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:169
		delete process.env.CLINE_HUB_WEBVIEW_DIST_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c69e32ae9bf20ff Environment-variable access.
repo/apps/cli/src/commands/dashboard.test.ts:179
				observedWebviewDistDir = process.env.CLINE_HUB_WEBVIEW_DIST_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9e88fa62a06fca4 Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:41
	const previous = process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3ac726b7520b7ad Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:43
		process.env[name] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0138805dc0a2aad Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:47
			delete process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f3acc9f324a5698 Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:49
			process.env[name] = previous;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbc5d83cffc9dc8a Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:80
	if (options.dataDir || process.env.CLINE_SANDBOX?.trim() === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a0f9a80ad65ebfb Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:97
	if (process.env[WEBVIEW_DIST_ENV]?.trim()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26285349bd334f53 Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:118
		process.env.CLINE_WRAPPER_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c363b619d4ae47c3 Environment-variable access.
repo/apps/cli/src/commands/dashboard.ts:119
			? dirname(process.env.CLINE_WRAPPER_PATH)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3097ef0d50d6b2bd Filesystem access.
repo/apps/cli/src/commands/distribution-package.test.ts:46
			await writeFile(
				join(packageDir, "package.json"),
				`${JSON.stringify(
					{
						name: "cline",
						version: "1.2.3",
						description: "CLI test package",
						license: "Apache-2.0",
						bin: {
							cline: "./bin/cline",
						},
						scripts: {
							postinstall: "node ./postinstall.mjs || true",
						},
						optionalDependencies: {
							"@cline/cli-linux-x64": "1.2.3",
						},
					},
					null,
					2,
				)}\n`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #878edbf54fe62584 Filesystem access.
repo/apps/cli/src/commands/distribution-package.test.ts:68
			await writeFile(
				join(packageDir, "bin", "cline"),
				[
					"#!/usr/bin/env node",
					'console.log("cline wrapper smoke test");',
					"",
				].join("\n"),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #053f940395806b66 Filesystem access.
repo/apps/cli/src/commands/distribution-package.test.ts:77
			await writeFile(
				join(packageDir, "postinstall.mjs"),
				"process.exit(0);\n",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6085ae4e5dfdea1 Filesystem access.
repo/apps/cli/src/commands/doctor.test.ts:194
		writeFileSync(
			discoveryPath,
			JSON.stringify({
				url: "ws://127.0.0.1:25463/hub",
				port: 25463,
				pid: 50000,
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16666bef4849d8c2 Filesystem access.
repo/apps/cli/src/commands/doctor.test.ts:204
		writeFileSync(
			path.join(startupLockDir, "owner.json"),
			JSON.stringify({
				pid: process.pid,
				acquiredAt: new Date().toISOString(),
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #357e82301ce23ef5 Filesystem access.
repo/apps/cli/src/commands/doctor.ts:203
		const raw = readFileSync(logPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2eafd3fce18ceac4 Filesystem access.
repo/apps/cli/src/commands/doctor.ts:241
		const raw = JSON.parse(readFileSync(path, "utf8")) as Record<

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d822928a98ba338b Filesystem access.
repo/apps/cli/src/commands/history.test.ts:313
		await expect(readFile(outputPath, "utf8")).resolves.toContain("world");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba432edb6cc5545d Filesystem access.
repo/apps/cli/src/commands/history.test.ts:352
		await expect(readFile(outputPath, "utf8")).resolves.toContain("cmd /c dir");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7afa6a20052f9392 Filesystem access.
repo/apps/cli/src/commands/history.ts:37
	await writeFile(targetPath, html, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #910f542dd189f98f Environment-variable access.
repo/apps/cli/src/commands/hub.test.ts:39
const originalBuildEnv = process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acfabf65b5064a8a Environment-variable access.
repo/apps/cli/src/commands/hub.test.ts:45
			delete process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eb53a1e9de63580 Environment-variable access.
repo/apps/cli/src/commands/hub.test.ts:47
			process.env.CLINE_BUILD_ENV = originalBuildEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a56f25291b2dc7f Environment-variable access.
repo/apps/cli/src/commands/hub.test.ts:95
		process.env.CLINE_BUILD_ENV = "development";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8be757b8fc4f13a8 Environment-variable access.
repo/apps/cli/src/commands/kanban.test.ts:15
const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d2f73dec397b0dd Filesystem access.
repo/apps/cli/src/commands/kanban.test.ts:33
	writeFileSync(filePath, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5620cef8915d5c3 Environment-variable access.
repo/apps/cli/src/commands/kanban.test.ts:40
			delete process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1d45285246b88ca Environment-variable access.
repo/apps/cli/src/commands/kanban.test.ts:42
			process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baae8d74868e7184 Environment-variable access.
repo/apps/cli/src/commands/kanban.test.ts:140
		process.env.PATH = "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f04384ac1503fd4 Environment-variable access.
repo/apps/cli/src/commands/kanban.test.ts:148
		process.env.PATH = dir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85ae52e9e817240b Environment-variable access.
repo/apps/cli/src/commands/kanban.test.ts:167
		process.env.PATH = dir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01477908c1a43e40 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:45
		originalHome = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab75b78caf3e6c08 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:46
		originalClineDir = process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1551ce8cd4bf4c3d Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:47
		originalClineDataDir = process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f244b1557ea39898 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:48
		originalMcpSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c638bd145ff74f1 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:49
		process.env.HOME = home;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34af49b80b4fc8bd Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:50
		process.env.CLINE_DIR = join(home, ".cline");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9f48735eb12152a Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:51
		process.env.CLINE_DATA_DIR = join(home, ".cline", "data");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be2ecd88aaa14777 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:53
		setClineDir(process.env.CLINE_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f37fd346b8a43cb Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:68
				await writeFile(join(pluginRoot, filename), content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b662e77fc199383 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:83
			delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a28e32ad2116cd4 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:85
			process.env.HOME = originalHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db6bf1fe158b6af9 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:88
			delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cad002eb0436e385 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:90
			process.env.CLINE_DIR = originalClineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87f72f878cebaec5 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:93
			delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb2fc92f0222b1c7 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:95
			process.env.CLINE_DATA_DIR = originalClineDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c5de235f4be2f4f Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:98
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9eb374a6b9ecd321 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:100
			process.env.CLINE_MCP_SETTINGS_PATH = originalMcpSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bff553af65a0a54b Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:179
		writeFileSync(
			source,
			"export const plugin = { name: 'weather', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1336408b4623ba3d Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:217
		expect(readFileSync(result.entryPaths[0] ?? "", "utf8")).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fe4121f421a9174 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:247
		expect(readFileSync(result.entryPaths[0] ?? "", "utf8")).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a476f37b07ae11a Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:251
			readFileSync(join(result.installPath, "package.json"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cdbf95d8982eea7 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:286
		writeFileSync(
			npmCommandPath,
			`#!/bin/sh\nprintf '%s\\n' "$PWD $*" >> "${npmLogPath}"\nexit 0\n`,
			{ encoding: "utf8", mode: 0o755 },
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1f44e72fcf12b03 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:299
		const npmLog = readFileSync(npmLogPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c0e0eac72d525f1 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:302
		expect(readFileSync(result.entryPaths[0] ?? "", "utf8")).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0c980283f6cf0e6 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:329
		await writeFile(
			join(localPluginRoot, "index.ts"),
			"export default { name: 'local-web-search', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda2784a3c93e04b Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:344
			readFileSync(join(result.installPath, "package.json"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8e179e7dc1205cd Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:347
		expect(readFileSync(result.entryPaths[0] ?? "", "utf8")).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d80a085f30e90698 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:419
		writeFileSync(
			npmCommandPath,
			`#!/bin/sh\nprintf '%s\\n' "$PWD $*" >> "${npmLogPath}"\nexit 0\n`,
			{ encoding: "utf8", mode: 0o755 },
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efe8a5ad6a2ea961 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:427
		await writeFile(
			join(source, "package.json"),
			JSON.stringify(
				{
					name: "plugin-package",
					cline: {
						plugins: [{ paths: ["./index.ts"], capabilities: ["tools"] }],
					},
					dependencies: {
						"@cline/core": "latest",
						yaml: "^2.8.1",
					},
					peerDependencies: {
						"@cline/shared": "*",
						bun: ">=1.0.0",
					},
					peerDependenciesMeta: {
						"@cline/shared": {
							optional: true,
						},
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96c6dc0c2b34812a Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:454
		await writeFile(
			join(source, "index.ts"),
			"export default { name: 'plugin-package', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c91a352a4b378ce4 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:459
		await writeFile(
			join(source, "node_modules", "dependency", "noise.ts"),
			"export default { name: 'noise', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fe41c2978c0beda Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:465
		await writeFile(join(source, ".git", "HEAD"), "ref: refs/heads/main\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7ee63f7b4a5875e Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:474
			readFileSync(join(result.installPath, "package.json"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9d58b988103d3a1 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:482
			readFileSync(join(result.installPath, "package", "package.json"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #024af46a9392d0de Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:491
		const npmLog = readFileSync(npmLogPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #419a49202a9d0c8c Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:510
		writeFileSync(
			npmCommandPath,
			[
				"#!/bin/sh",
				`printf '%s\\n' "$*" >> "${npmLogPath}"`,
				"prefix=''",
				"while [ $# -gt 0 ]; do",
				"  if [ \"$1\" = '--prefix' ]; then",
				"    shift",
				'    prefix="$1"',
				"  fi",
				"  shift",
				"done",
				'mkdir -p "$prefix/node_modules/published-plugin"',
				'mkdir -p "$prefix/node_modules/@cline/core"',
				'printf \'%s\\n\' \'{"name":"published-plugin","type":"module","cline":{"plugins":["index.ts"]}}\' > "$prefix/node_modules/published-plugin/package.json"',
				"printf '%s\\n' \"export default { name: 'published-plugin', manifest: { capabilities: ['tools'] } };\" > \"$prefix/node_modules/published-plugin/index.ts\"",
				'printf \'%s\\n\' \'{"name":"@cline/core"}\' > "$prefix/node_modules/@cline/core/package.json"',
				"exit 0",
			].join("\n"),
			{ encoding: "utf8", mode: 0o755 },
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e06f31c0369befd6 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:538
		const npmLog = readFileSync(npmLogPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3ec1a76957867d2 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:552
		writeFileSync(
			source,
			"export default { name: 'replace', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fcf3681b6929ca0 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:569
		await writeFile(
			join(source, "package.json"),
			JSON.stringify(
				{
					name: "replace-package",
					cline: {
						plugins: [{ paths: ["./index.ts"], capabilities: ["tools"] }],
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7c9a87da770d898 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:583
		await writeFile(
			join(source, "index.ts"),
			"export default { name: 'installed-v1', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a7858eb5c9ad72a Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:588
		writeFileSync(npmCommandPath, "#!/bin/sh\nexit 0\n", {
			encoding: "utf8",
			mode: 0o755,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efa5a5454a0855c0 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:594
		await writeFile(
			join(source, "index.ts"),
			"export default { name: 'installed-v2', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a08d5c46967dfbf5 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:599
		writeFileSync(npmCommandPath, "#!/bin/sh\nprintf 'offline' >&2\nexit 1\n", {
			encoding: "utf8",
			mode: 0o755,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #919d08c148b95ce2 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:610
			readFileSync(join(first.installPath, "package", "index.ts"), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de01485ed89800dd Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:618
		await writeFile(
			join(source, "package.json"),
			JSON.stringify(
				{
					name: "cli-uninstall-plugin",
					cline: {
						plugins: [{ paths: ["./index.ts"], capabilities: ["tools"] }],
					},
				},
				null,
				2,
			),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9599388ad726354e Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:632
		await writeFile(
			join(source, "index.ts"),
			"export default { name: 'cli-uninstall-plugin', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f7aa01ea1d552aa Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:637
		writeFileSync(npmCommandPath, "#!/bin/sh\nexit 0\n", {
			encoding: "utf8",
			mode: 0o755,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06187e98c05a77dc Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:664
		writeFileSync(
			source,
			"export default { name: 'json', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d505da0a8b76a7f Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:694
		process.env.CLINE_MCP_SETTINGS_PATH = join(root, "mcp-settings.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e29006c84b3ed84 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:696
		writeFileSync(
			source,
			`
export default {
  name: "json-oauth-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "json-oauth-docs",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68236ed0cb6b3da7 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:748
		writeFileSync(
			source,
			`
export default {
  name: "mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "mcp-plugin",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5244830a684205b Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:765
		writeFileSync(blockedDirectory, "file", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93058f39fb0a1b91 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:766
		const originalSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #208744e73d81a41a Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:767
		process.env.CLINE_MCP_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d3678a6f47261ff Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:789
				delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42ea3534268975a7 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:791
				process.env.CLINE_MCP_SETTINGS_PATH = originalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5197207a0620968 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:797
		process.env.CLINE_MCP_SETTINGS_PATH = join(root, "mcp-settings.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e854b7dd3093225 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:799
		writeFileSync(
			source,
			`
export default {
  name: "oauth-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "oauth-docs",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3391cceba8e219ae Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:828
		process.env.CLINE_MCP_SETTINGS_PATH = join(root, "mcp-settings.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6acb9d2c1247adc5 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:830
		writeFileSync(
			source,
			`
export default {
  name: "headers-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "headers-docs",
      transport: {
        type: "streamableHttp",
        url: "https://example.com/mcp",
        headers: { Authorization: "Bearer token" },
      },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34658c7996342162 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:858
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6003309fb206b76 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:860
		writeFileSync(
			source,
			`
export default {
  name: "authorized-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "authorized-docs",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7e7188dd0ba89a3 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:877
		const settings = JSON.parse(readFileSync(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ca3a930320828e8 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:885
		writeFileSync(settingsPath, JSON.stringify(settings, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9e392462bfcdfa1 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:896
		process.env.CLINE_MCP_SETTINGS_PATH = join(root, "mcp-settings.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c64562b60676f3a2 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:898
		writeFileSync(
			source,
			`
export default {
  name: "interactive-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "interactive-docs",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15be557f5c96a867 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:938
		process.env.CLINE_MCP_SETTINGS_PATH = join(root, "mcp-settings.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9188e64c5e9cf966 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:940
		writeFileSync(
			source,
			`
export default {
  name: "failing-oauth-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "failing-docs",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2a835d580230c55 Environment-variable access.
repo/apps/cli/src/commands/plugin.test.ts:980
		process.env.CLINE_MCP_SETTINGS_PATH = join(root, "mcp-settings.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #401882d96d09103a Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:982
		writeFileSync(
			source,
			`
export default {
  name: "non-interactive-mcp-plugin",
  manifest: { capabilities: ["mcp"] },
  setup(api) {
    api.registerMcpServer({
      name: "non-interactive-docs",
      transport: { type: "streamableHttp", url: "https://example.com/mcp" },
    })
  },
}
`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6becc36512e69e52 Filesystem access.
repo/apps/cli/src/commands/plugin.test.ts:1058
		writeFileSync(
			source,
			"export default { name: 'workspace', manifest: { capabilities: ['tools'] } };",
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #523e555b5320ef97 Filesystem access.
repo/apps/cli/src/commands/schedule.test.ts:211
		await writeFile(
			sourcePath,
			JSON.stringify({
				name: "Daily Review",
				cronPattern: "0 9 * * *",
				prompt: "review status",
				workspaceRoot: "/tmp/workspace",
				modelSelection: {
					providerId: "anthropic",
					modelId: "claude-sonnet-4-6",
				},
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bdbba270be9867c Filesystem access.
repo/apps/cli/src/commands/schedule.test.ts:312
			const written = await readFile(targetPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01bb4a0d616a5c76 Filesystem access.
repo/apps/cli/src/commands/schedule.test.ts:376
			const written = await readFile(targetPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe4e637fd4a63d6c Environment-variable access.
repo/apps/cli/src/commands/schedule/common.ts:177
	const resolved = address ?? process.env.CLINE_HUB_ADDRESS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbb954c81ae1988b Filesystem access.
repo/apps/cli/src/commands/schedule/import-export.ts:97
						await writeFile(resolvedPath, serialized, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbe0549ad47edf9d Filesystem access.
repo/apps/cli/src/commands/schedule/import-export.ts:143
				const sourceRaw = await readFile(sourcePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae50f352ac187de7 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:15
const originalBuildEnv = process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f9d6008c05c4c5b Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:16
const originalDataDir = process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74e1249c4289f7ac Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:17
const originalHubDiscoveryPath = process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd4ef61e20e88fa3 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:18
const originalWrapperPath = process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a2945dbaf2b1b4f Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:19
const originalGlobalSettingsPath = process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0ba523a690b405b Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:20
const originalIsDev = process.env.IS_DEV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ce0e22192dc67bb Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:21
const originalNoAutoUpdate = process.env.CLINE_NO_AUTO_UPDATE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #520cf14d3a93ee94 Filesystem access.
repo/apps/cli/src/commands/update.test.ts:26
	writeFileSync(path, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #641fb6401ab3fe7e Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:40
			delete process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc0897a47ea036ed Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:42
			process.env.CLINE_BUILD_ENV = originalBuildEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02a4f15f09349668 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:45
			delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32155ca5cbb2c5e5 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:47
			process.env.CLINE_DATA_DIR = originalDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #348183f2ee83978f Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:50
			delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #916ff70cb3028a41 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:52
			process.env.CLINE_HUB_DISCOVERY_PATH = originalHubDiscoveryPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #799211fc7f919e4e Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:55
			delete process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3baa867660f3e1b1 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:57
			process.env.CLINE_WRAPPER_PATH = originalWrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4faa022d9c131c64 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:60
			delete process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #805108e1c34f70e4 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:62
			process.env.CLINE_GLOBAL_SETTINGS_PATH = originalGlobalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ade2ee265ee5cae Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:65
			delete process.env.IS_DEV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fee1e5376bcc75a Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:67
			process.env.IS_DEV = originalIsDev;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6518e1678d6e051e Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:70
			delete process.env.CLINE_NO_AUTO_UPDATE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7add932fa5a4684 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:72
			process.env.CLINE_NO_AUTO_UPDATE = originalNoAutoUpdate;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #461bbe62c4c7ebcc Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:82
		process.env.CLINE_WRAPPER_PATH = wrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #101b97b953cdfc03 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:94
		process.env.CLINE_WRAPPER_PATH = wrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e54d49957c7bd9f1 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:110
		process.env.CLINE_WRAPPER_PATH = wrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fea25814b69dac41 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:121
		delete process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ff2a427401b513c Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:135
			delete process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16de75e2ba37e675 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:137
			process.env.CLINE_BUILD_ENV = originalBuildEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bb39dd664356111 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:140
			delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #743d8ff3e56a9665 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:142
			process.env.CLINE_DATA_DIR = originalDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a0d2882fc3db34d Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:145
			delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15fd008ecc252aab Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:147
			process.env.CLINE_HUB_DISCOVERY_PATH = originalHubDiscoveryPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acb29c47938dd019 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:150
			delete process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12084b60205335ec Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:152
			process.env.CLINE_WRAPPER_PATH = originalWrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab1a197433dd9216 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:155
			delete process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37906e0f306c4255 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:157
			process.env.CLINE_GLOBAL_SETTINGS_PATH = originalGlobalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9dbc6f18aef8e11 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:160
			delete process.env.IS_DEV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5af097d50b6dd08 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:162
			process.env.IS_DEV = originalIsDev;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cea6e4da42f7051 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:165
			delete process.env.CLINE_NO_AUTO_UPDATE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bca64a1076ce1815 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:167
			process.env.CLINE_NO_AUTO_UPDATE = originalNoAutoUpdate;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a59370efa47a3dc Filesystem access.
repo/apps/cli/src/commands/update.test.ts:177
		writeFileSync(settingsPath, JSON.stringify({ autoUpdateEnabled: false }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078b0254eeeaf75c Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:178
		process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdb5db0ddcd05954 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:179
		delete process.env.IS_DEV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #185b105ef74c6688 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:180
		delete process.env.CLINE_NO_AUTO_UPDATE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bd7e70c6c88a51b Filesystem access.
repo/apps/cli/src/commands/update.test.ts:192
		writeFileSync(settingsPath, JSON.stringify({ autoUpdateEnabled: false }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8be297afacee1569 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:193
		process.env.CLINE_GLOBAL_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1243c1736919a84d Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:194
		delete process.env.CLINE_NO_AUTO_UPDATE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #210cd2ed870e41f8 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:209
			delete process.env.CLINE_BUILD_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50e32a246cc5a74d Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:211
			process.env.CLINE_BUILD_ENV = originalBuildEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73344a6b7d56e6ff Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:214
			delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18f4bb12927746a0 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:216
			process.env.CLINE_DATA_DIR = originalDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1acee50cca487e9a Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:219
			delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01bea8832b9224f2 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:221
			process.env.CLINE_HUB_DISCOVERY_PATH = originalHubDiscoveryPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9cd94096e22881f Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:226
		process.env.CLINE_BUILD_ENV = "development";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cd1acd0eb2124f3 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:227
		process.env.CLINE_DATA_DIR = "/tmp/cline-update-test-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a195ef663be63f6 Environment-variable access.
repo/apps/cli/src/commands/update.test.ts:228
		delete process.env.CLINE_HUB_DISCOVERY_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2926bb1248aa5fbc Environment-variable access.
repo/apps/cli/src/commands/update.ts:95
			process.env.CLINE_WRAPPER_PATH || process.argv[1] || "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7749c3278d5507c Environment-variable access.
repo/apps/cli/src/commands/update.ts:360
	if (process.env.IS_DEV === "true") return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ff3cef030031b1b Environment-variable access.
repo/apps/cli/src/commands/update.ts:361
	if (process.env.CLINE_NO_AUTO_UPDATE === "1") return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25195dd24af67e91 Filesystem access.
repo/apps/cli/src/connectors/adapters/discord.test.ts:593
		writeFileSync(
			bindingsPath,
			JSON.stringify({
				"discord:user:1": {
					channelId: "discord:g:c",
					isDM: false,
					participantKey: "discord:user:1",
					serializedThread: JSON.stringify({
						_type: "chat:Thread",
						id: "thread-1",
					}),
					updatedAt: "2026-05-26T00:00:00.000Z",
				},
				duplicate: {
					channelId: "discord:g:c",
					isDM: false,
					serializedThread: JSON.stringify({
						_type: "chat:Thread",
						id: "thread-1",
					}),
					updatedAt: "2026-05-26T00:00:00.000Z",
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03e05e81967d09f1 Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:764
				process.env.CLINE_RPC_ADDRESS?.trim() || resolveDefaultCliRpcAddress(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #669f283a7e11111c Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:814
			Number.parseInt(process.env.PORT ?? "8787", 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1253dc8c723ee2ad Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:818
			process.env.DISCORD_MENTION_ROLE_IDS?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fedfa1c7bcd89cd4 Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:827
				process.env.DISCORD_BOT_USERNAME?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cae59182b9de99f0 Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:832
				process.env.DISCORD_APPLICATION_ID?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f43b1d8e55606a5f Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:837
				process.env.DISCORD_BOT_TOKEN?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfbd76362f1c2325 Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:840
				opts.publicKey?.trim() || process.env.DISCORD_PUBLIC_KEY?.trim() || "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83579327bf380777 Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:843
				process.env.DISCORD_OWNER_USER_ID?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87f77e03f2c756ea Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:848
					process.env.DISCORD_IGNORE_BOT_AUTHORS?.trim() ?? "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b85909ae92daab5 Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:861
				process.env.CLINE_RPC_ADDRESS?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcd9ccccd65c642d Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:865
				process.env.CLINE_CONNECT_HOOK_COMMAND?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d250498f55bed1a Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:867
			host: opts.host?.trim() || process.env.HOST?.trim() || "0.0.0.0",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b14a3b92eb8f10f Environment-variable access.
repo/apps/cli/src/connectors/adapters/discord.ts:870
				process.env.BASE_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45631604cfa1d54e Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:256
				process.env.CLINE_RPC_ADDRESS?.trim() || resolveDefaultCliRpcAddress(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abc3fa389078e47a Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:304
			Number.parseInt(process.env.PORT ?? "8787", 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7f92e9991b6a80a Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:309
				process.env.GOOGLE_CHAT_BOT_USERNAME?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be4ba9ce6461d774 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:321
				process.env.CLINE_RPC_ADDRESS?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4afc61a60de4c96 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:325
				process.env.CLINE_CONNECT_HOOK_COMMAND?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #876b26c6cb6b0765 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:327
			host: opts.host?.trim() || process.env.HOST?.trim() || "0.0.0.0",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7931ffb62db4b02 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:330
				process.env.BASE_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51f9c814b35ba212 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:334
				process.env.GOOGLE_CHAT_PUBSUB_TOPIC?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #184ca19ee44e6408 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:337
				process.env.GOOGLE_CHAT_IMPERSONATE_USER?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1af8fddee5737e2 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:340
				process.env.GOOGLE_CHAT_USE_ADC?.trim().toLowerCase() === "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aa35c745eba7076 Environment-variable access.
repo/apps/cli/src/connectors/adapters/gchat.ts:343
				process.env.GOOGLE_CHAT_CREDENTIALS?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #185864a4e9dfd57e Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:316
				process.env.CLINE_RPC_ADDRESS?.trim() || resolveDefaultCliRpcAddress(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3793332d8d45ae3 Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:358
		const apiKey = opts.apiKey?.trim() || process.env.LINEAR_API_KEY?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61f7cdc4a98d41c6 Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:360
			opts.clientId?.trim() || process.env.LINEAR_CLIENT_ID?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed2e98e46755c21f Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:362
			opts.clientSecret?.trim() || process.env.LINEAR_CLIENT_SECRET?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44dab80d97be72bb Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:364
			opts.accessToken?.trim() || process.env.LINEAR_ACCESS_TOKEN?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #92d8001ebf3cdec8 Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:366
			opts.webhookSecret?.trim() || process.env.LINEAR_WEBHOOK_SECRET?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60cbd881b4ba65ce Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:379
			Number.parseInt(process.env.PORT ?? "8787", 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #faed5a728b6654c9 Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:384
				process.env.LINEAR_BOT_USERNAME?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38a95492ff33333c Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:401
				process.env.CLINE_RPC_ADDRESS?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ce3fb30d3771f00 Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:405
				process.env.CLINE_CONNECT_HOOK_COMMAND?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41d968908b82655b Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:407
			host: opts.host?.trim() || process.env.HOST?.trim() || "0.0.0.0",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d16d1b410230b918 Environment-variable access.
repo/apps/cli/src/connectors/adapters/linear.ts:410
				process.env.BASE_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #532e5ab8133eb8b6 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.test.ts:43
		const previousBaseUrl = process.env.BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31095295a9465b3d Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.test.ts:44
		delete process.env.BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b28571acac02f0ab Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.test.ts:55
				delete process.env.BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #759d7973c802ccf5 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.test.ts:57
				process.env.BASE_URL = previousBaseUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15f92493c323d7b7 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:484
				process.env.CLINE_RPC_ADDRESS?.trim() || resolveDefaultCliRpcAddress(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe93508ef00632c3 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:533
			Number.parseInt(process.env.PORT ?? "8787", 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #753b6a98c4ddcb97 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:535
		const baseUrl = opts.baseUrl?.trim() || process.env.BASE_URL?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #540f2349c20fbce3 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:544
			opts.botToken?.trim() || process.env.SLACK_BOT_TOKEN?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d58d30cefc85cb7 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:546
			? opts.appToken?.trim() || process.env.SLACK_APP_TOKEN?.trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c3d3daf2d431a5a Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:561
				process.env.SLACK_BOT_USERNAME?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd6a07a458a7ebf7 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:568
						process.env.SLACK_SIGNING_SECRET?.trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db2069c69aafcdea Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:573
					? opts.clientId?.trim() || process.env.SLACK_CLIENT_ID?.trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0aab3e2fc9ea34f Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:577
					? opts.clientSecret?.trim() || process.env.SLACK_CLIENT_SECRET?.trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b4eb8c43fc4afb1 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:580
				opts.encryptionKey?.trim() || process.env.SLACK_ENCRYPTION_KEY?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36a676b3aca81c0f Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:583
				process.env.SLACK_INSTALLATION_KEY_PREFIX?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d319632534f97f0f Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:594
				process.env.CLINE_RPC_ADDRESS?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #052f3ad8efbaa890 Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:598
				process.env.CLINE_CONNECT_HOOK_COMMAND?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f69984659ba10ace Environment-variable access.
repo/apps/cli/src/connectors/adapters/slack.ts:600
			host: opts.host?.trim() || process.env.HOST?.trim() || "0.0.0.0",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae5d1d83d6a6f015 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:15
const originalClineDataDir = process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c48410fc989a18bf Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:21
	process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a1c444eb72c9029 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:28
		delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32b04858c3668d00 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:30
		process.env.CLINE_DATA_DIR = originalClineDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7eeec6a0d190dc1e Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:109
		const originalHookCommand = process.env.CLINE_CONNECT_HOOK_COMMAND;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #194e0d98503bac05 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:110
		process.env.CLINE_CONNECT_HOOK_COMMAND = "echo noop";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be80dbb332d7b808 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:124
				delete process.env.CLINE_CONNECT_HOOK_COMMAND;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #298956e640e59c5b Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:126
				process.env.CLINE_CONNECT_HOOK_COMMAND = originalHookCommand;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c98202aae2837be Filesystem access.
repo/apps/cli/src/connectors/adapters/telegram.test.ts:160
		writeFileSync(
			join(connectorDir, "resolved_bot.json"),
			JSON.stringify({
				botUsername: "resolved_bot",
				botId: "123",
				pid: process.pid,
				rpcAddress: "127.0.0.1:54321",
				startedAt: new Date().toISOString(),
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37e9940d9bbd7b6e Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.ts:446
				process.env.CLINE_RPC_ADDRESS?.trim() || resolveDefaultCliRpcAddress(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce788f4d81804052 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.ts:481
				process.env.TELEGRAM_BOT_USERNAME?.trim() ?? "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ceeecb5619597d5 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.ts:484
			opts.botToken?.trim() || process.env.TELEGRAM_BOT_TOKEN?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aca650775490fdbf Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.ts:490
			process.env.CLINE_CONNECT_HOOK_COMMAND?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d97e6ea9c9658994 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.ts:510
				process.env.CLINE_RPC_ADDRESS?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #486a54810dc9d9d2 Environment-variable access.
repo/apps/cli/src/connectors/adapters/telegram.ts:615
			process.env.CLINE_TELEGRAM_CONNECT_CHILD !== "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e03d0b5b6727b3e8 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:299
				process.env.CLINE_RPC_ADDRESS?.trim() || resolveDefaultCliRpcAddress(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06410a078b307ea8 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:342
			Number.parseInt(process.env.PORT ?? "8787", 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0234547210729967 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:347
				process.env.WHATSAPP_BOT_USERNAME?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b31c1c2772560a76 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:351
				process.env.WHATSAPP_PHONE_NUMBER_ID?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c876d9c14b2a9d00 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:353
				opts.accessToken?.trim() || process.env.WHATSAPP_ACCESS_TOKEN?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7a16472dd5c7464 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:355
				opts.appSecret?.trim() || process.env.WHATSAPP_APP_SECRET?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dd4b5dbb943b5e7 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:357
				opts.verifyToken?.trim() || process.env.WHATSAPP_VERIFY_TOKEN?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84a485e6df4a260f Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:369
				process.env.CLINE_RPC_ADDRESS?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f703313feab7a0a9 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:373
				process.env.CLINE_CONNECT_HOOK_COMMAND?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a2388cea0b2bd40 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:375
			host: opts.host?.trim() || process.env.HOST?.trim() || "0.0.0.0",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9842ec713a9d366 Environment-variable access.
repo/apps/cli/src/connectors/adapters/whatsapp.ts:378
				process.env.BASE_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e56c139e552968e5 Environment-variable access.
repo/apps/cli/src/connectors/base.ts:149
		if (input.interactive || process.env[input.childEnvVar] === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #871f72a934ae805d Filesystem access.
repo/apps/cli/src/connectors/common.ts:255
		const raw = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f91983d028ba6d76 Filesystem access.
repo/apps/cli/src/connectors/common.ts:265
	writeFileSync(path, JSON.stringify(value, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eae5c30e93c2dec5 Filesystem access.
repo/apps/cli/src/connectors/connector-host.ts:97
					content: readFileSync(filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fed210e6b3180b20 Environment-variable access.
repo/apps/cli/src/connectors/hooks.ts:28
		const shell = process.env.SHELL?.trim() || "sh";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4d450a4a7b99b94 Environment-variable access.
repo/apps/cli/src/connectors/hooks.ts:81
		const shell = process.env.SHELL?.trim() || "sh";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ad961afab5aaca3 Environment-variable access.
repo/apps/cli/src/connectors/session-runtime.test.ts:74
		delete process.env.OPENROUTER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c9231b71ebfb075 Environment-variable access.
repo/apps/cli/src/connectors/session-runtime.test.ts:87
		process.env.OPENROUTER_API_KEY = "env-openrouter-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1a1299bd10dac0c Environment-variable access.
repo/apps/cli/src/connectors/session-runtime.ts:40
		const value = process.env[envKey]?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec5bd73c6990be22 Filesystem access.
repo/apps/cli/src/connectors/status.ts:49
		const raw = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daa6d5bc673af5ea Filesystem access.
repo/apps/cli/src/connectors/stores/file-state.ts:56
			const raw = readFileSync(this.path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bd9de6dc68ee4a0 Filesystem access.
repo/apps/cli/src/connectors/stores/file-state.ts:116
		writeFileSync(this.path, JSON.stringify(snapshot, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d5ac68b64cf94c5 Environment-variable access.
repo/apps/cli/src/index.ts:15
initVcr(process.env.CLINE_VCR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e817dc0842bb1ef Filesystem access.
repo/apps/cli/src/kanban-migration/notice.test.ts:43
		writeFileSync(
			noticePath,
			`${JSON.stringify(
				{ shown: { "cline-cli-tui-default": true } },
				null,
				2,
			)}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d975f7e0aa67346a Filesystem access.
repo/apps/cli/src/kanban-migration/notice.test.ts:142
		const rawState = readFileSync(resolveCliNoticeStatePath(dataDir), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39d55e032174030d Filesystem access.
repo/apps/cli/src/kanban-migration/notice.ts:31
		const parsed = JSON.parse(readFileSync(filePath, "utf8")) as unknown;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad7c6356c565172a Filesystem access.
repo/apps/cli/src/kanban-migration/notice.ts:116
	writeFileSync(noticePath, `${JSON.stringify(nextState, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e9a468eedc24f3c Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:33
		CLINE_DATA_DIR: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce4a4946292239d4 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:34
		CLINE_LOG_PATH: process.env.CLINE_LOG_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #883d4fb6a67a5bfb Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:35
		CLINE_LOG_LEVEL: process.env.CLINE_LOG_LEVEL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f60a8a38472430b Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:36
		CLINE_LOG_NAME: process.env.CLINE_LOG_NAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ba8e700497e4532 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:37
		CLINE_LOG_ENABLED: process.env.CLINE_LOG_ENABLED,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c72d9854c9bac11b Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:47
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca47b6192cde734e Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:50
		process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d1523a175b56261 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:65
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b66fe8eebf4b9c7 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:66
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f70b08d735490a9c Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:67
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdbe8d2f63e35a74 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:68
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c62c594cd12e08de Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:69
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7a6ef360f5751a7 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:104
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #473bf4005d5d6c73 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:105
		process.env.CLINE_LOG_ENABLED = "0";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dc7495e75c2519e Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:122
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db13e2640677ad51 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:123
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe05718eb61e9fe9 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:124
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d691d16a783ddd3 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:125
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #702e08c83288933c Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:126
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9e322e8f6d67e2f Filesystem access.
repo/apps/cli/src/logging/adapter.test.ts:135
			const log = readFileSync(logPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d96189d6f7c0523 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:148
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4198806d19463ac Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:149
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91d5b932c542bc51 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:150
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbcb1db70ebab36f Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:151
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a48f8598efaa601b Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:152
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d286d8fb590a1a9 Filesystem access.
repo/apps/cli/src/logging/adapter.test.ts:156
			writeFileSync(logPath, "old log contents", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72aedfa1b833d617 Filesystem access.
repo/apps/cli/src/logging/adapter.test.ts:161
			expect(readFileSync(logPath, "utf8")).toBe("");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6d0211957d61f25 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:172
		delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a950e15296fc2826 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:173
		process.env.CLINE_LOG_PATH = unwritablePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #190debf77feb5239 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:174
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7074b3eafbb20e1a Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:175
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #269ecd5d55040bcf Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:176
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95feb7d2eb9a70b0 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:197
		delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6bd4819500f6a53 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:198
		process.env.CLINE_LOG_PATH = unwritablePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18fb83da8239d733 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:199
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #baa0def1eaac4a52 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:200
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea86b8ec357fdf30 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:201
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aec379ab9db4d18e Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:226
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e840de4d2e27316 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:227
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd1cde975a2c893a Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:228
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2d1da8ee57b19eb Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:229
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26051954a7ea75e6 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:230
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1978389103f88f45 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:250
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79ba34a6207c2cdb Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:251
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b29a08bb6504ccaf Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:252
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7472b5a6339b8f4 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:253
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22073273865b0aaf Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:254
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53790a6876b88f82 Filesystem access.
repo/apps/cli/src/logging/adapter.test.ts:267
			expect(readFileSync(logPath, "utf8")).toContain("immediate shutdown");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd868dc5c2f705f3 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:276
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9e0a2335a18684f Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:277
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1461c337af210dd Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:278
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99499a1df44dfeb5 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:279
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f6445c33bc5f202 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:280
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #657209770a82e522 Filesystem access.
repo/apps/cli/src/logging/adapter.test.ts:291
			expect(readFileSync(logPath, "utf8")).toContain("normal logging");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #767a0b76586c5d20 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:300
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5259cfffd8079421 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:301
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a82687fa7ec8aa73 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:302
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bc3cff670945855 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:303
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61e50db28bde7c6a Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:304
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f78aa3f6bedb7227 Filesystem access.
repo/apps/cli/src/logging/adapter.test.ts:316
			expect(readFileSync(logPath, "utf8")).toContain("shutdown logging");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87679ac0b400bce9 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:325
		process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5dec0d18ce099b10 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:326
		delete process.env.CLINE_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23ea0d1798f32b42 Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:327
		delete process.env.CLINE_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b97f0f93284952aa Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:328
		delete process.env.CLINE_LOG_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbf3cec9cb2fb75b Environment-variable access.
repo/apps/cli/src/logging/adapter.test.ts:329
		delete process.env.CLINE_LOG_ENABLED;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b344e7706ccac8b4 Environment-variable access.
repo/apps/cli/src/logging/adapter.ts:68
	const enabledEnv = process.env.CLINE_LOG_ENABLED?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9d461c23b5a4a46 Environment-variable access.
repo/apps/cli/src/logging/adapter.ts:72
	const level = normalizeLogLevel(base?.level ?? process.env.CLINE_LOG_LEVEL);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b8986197fea6582 Environment-variable access.
repo/apps/cli/src/logging/adapter.ts:75
		process.env.CLINE_LOG_PATH?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4aec9c6c4daef18e Environment-variable access.
repo/apps/cli/src/logging/adapter.ts:79
		process.env.CLINE_LOG_NAME?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96f3f9602afab824 Environment-variable access.
repo/apps/cli/src/main.ts:212
				enabled: !!opts.dataDir || process.env.CLINE_SANDBOX?.trim() === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88ead1a31a0cbe76 Environment-variable access.
repo/apps/cli/src/main.ts:786
		process.env.CLINE_HOOK_AGENT_RESUME = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5430d18de00501af Environment-variable access.
repo/apps/cli/src/main.ts:793
		delete process.env.CLINE_HOOK_AGENT_RESUME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fce7a967caf344d Environment-variable access.
repo/apps/cli/src/main.ts:837
		process.env.CLINE_HOOKS_DIR = args.hooksDir.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d29aac3bef6c0606 Environment-variable access.
repo/apps/cli/src/main.ts:913
		!!args.dataDir || process.env.CLINE_SANDBOX?.trim() === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27dc4d1bac0cc7db Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:48
		CLINE_GLOBAL_SETTINGS_PATH: process.env.CLINE_GLOBAL_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64cecc98e532d467 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:49
		CLINE_MCP_SETTINGS_PATH: process.env.CLINE_MCP_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e5c96b55642511e Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:54
			delete process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e25f3172b65071c2 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:56
			process.env.CLINE_GLOBAL_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9da51e7bea61958 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:60
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2894e61d002b5bb Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:62
			process.env.CLINE_MCP_SETTINGS_PATH = envSnapshot.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #560e054c51f518ed Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:74
		await writeFile(
			pluginPath,
			[
				"export default {",
				"  name: 'settings-plugin',",
				"  manifest: { capabilities: ['tools'] },",
				"  setup(api) {",
				"    api.registerTool({",
				"      name: 'settings_plugin_tool',",
				"      description: 'Settings plugin tool',",
				"      inputSchema: { type: 'object', properties: {} },",
				"      execute: async () => 'ok',",
				"    });",
				"  },",
				"};",
			].join("\n"),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb9bf37aacdbeb92 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:98
		await writeFile(
			pluginPath,
			[
				"export default {",
				"  name: 'settings-mcp-plugin',",
				"  manifest: { capabilities: ['mcp'] },",
				"  setup(api) {",
				"    api.registerMcpServer({",
				"      name: 'smoke',",
				"      transport: { type: 'stdio', command: process.execPath, args: ['-e', 'process.exit(0)'] },",
				"    });",
				"  },",
				"};",
			].join("\n"),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2228d183c0f7e0f Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:120
		await writeFile(
			skillPath,
			`---
name: skill-one
---
Use this skill.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18e7b3b2f2b0933a Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:183
		const written = await readFile(skillPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fef56b16f4fa747 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:200
		await writeFile(
			skillPath,
			`---
name: find-skills
---
Find installable skills.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8740616d3b58a58 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:281
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4c89b54102f8bcf Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:286
		await writeFile(pluginToolPath, "export {};\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3f19c099be8577e Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:301
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58c36173bdb850ce Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:301
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7b27698d6e927836 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:311
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #953c2dbab426763d Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:331
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2af262f02cf4b917 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:355
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33d85f25fb3ddb24 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:357
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					mcpServers: {
						smoke: {
							transport: {
								type: "stdio",
								command: process.execPath,
								args: ["-e", "process.exit(0)"],
							},
							metadata: {
								source: "plugin",
								pluginName: "settings-mcp-plugin",
								pluginPath,
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5250d84a5089824d Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:400
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f3debba7c3eb7eb Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:418
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea8ea45decf3e31e Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:426
		await writeFile(
			pluginPath,
			[
				"export default {",
				"  name: 'broken-plugin',",
				"  manifest: { capabilities: ['tools'] },",
				"  setup() {",
				"    throw new Error('setup exploded');",
				"  },",
				"};",
			].join("\n"),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cd3046d0ee72817 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:438
		await writeFile(invalidPluginPath, "export default {};\n", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b268efdfe9aa4145 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:494
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #189370b849ea5362 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:514
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6f8cc1074f74460 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:514
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c3eb523a47194fc Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:523
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66aa2cd8d1e8a993 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:530
		await writeFile(pluginPath, "export default {};\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db63bb0829b2e22b Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:531
		await writeFile(
			process.env.CLINE_GLOBAL_SETTINGS_PATH,
			JSON.stringify({ disabledPlugins: [pluginPath] }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c60662c7d9ada883 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:532
			process.env.CLINE_GLOBAL_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ab3ebd1290639b6 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:549
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f48bb75592b9fa4 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:549
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58116a955a060678 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:562
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb75f585fa0534b7 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:570
		await writeFile(
			join(packageDir, "package.json"),
			JSON.stringify(
				{
					name: "delete-plugin",
					cline: {
						plugins: [{ paths: ["./index.ts"] }],
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #303f2d32ccd815b8 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:583
		await writeFile(pluginPath, "export default {};\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a70335242ca0f5f Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:584
		await writeFile(
			skillPath,
			`---
name: erase
---
Erase stale plugin commands.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7186f833ceacadd7 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:591
		await writeFile(
			process.env.CLINE_GLOBAL_SETTINGS_PATH,
			JSON.stringify({ disabledPlugins: [pluginPath] }, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c4aba0c4928f542 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:592
			process.env.CLINE_GLOBAL_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10bbe1bef809287c Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:648
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51d0136e456bb577 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:648
			await readFile(process.env.CLINE_GLOBAL_SETTINGS_PATH, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a8d3e8144217616 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:651
		await expect(readFile(pluginPath, "utf8")).rejects.toThrow();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50902a0d4caf174d Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:652
		await expect(readFile(skillPath, "utf8")).rejects.toThrow();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef0210cc8aa54742 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:680
		await writeFile(
			join(packageDir, "package.json"),
			JSON.stringify(
				{
					name: "cline-sdk-portable-agents",
					cline: {
						plugins: [{ paths: ["./index.ts"] }],
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08407e1c5c5a69c0 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:693
		await writeFile(pluginPath, "export default {};\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9f050698fc14310 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:720
		await writeFile(
			join(installRoot, "package.json"),
			JSON.stringify(
				{
					name: "cline-installed-plugin-demo",
					cline: {
						plugins: [{ paths: ["./package/index.ts"] }],
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7bf9fb76783fd5d Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:733
		await writeFile(
			join(packageDir, "package.json"),
			JSON.stringify(
				{
					name: "cline-sdk-portable-agents",
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a034865abd08fac8 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:743
		await writeFile(pluginPath, "export default {};\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #296325f64e4156b2 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:744
		await writeFile(
			skillPath,
			`---
name: review
---
Review with the bundled skill.`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c0d4b54a9aa60fc Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:795
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7cd0b2f767b5c2f Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:796
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					otherSetting: true,
					mcpServers: {
						docs: {
							transport: {
								type: "stdio",
								command: "node",
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6240768bcf3c250b Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:823
		const settings = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c75a30215df49fe9 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:839
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8ac50e306f71e3c Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:843
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0d9a4c607ec5ba5 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:845
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					mcpServers: {
						smoke: {
							transport: {
								type: "stdio",
								command: process.execPath,
								args: ["-e", "process.exit(0)"],
							},
							oauth: {
								tokens: {
									access_token: "token",
								},
							},
							metadata: {
								source: "plugin",
								pluginName: "settings-mcp-plugin",
								pluginPath,
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd7a3a1db9d17186 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:886
		let settings = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a491f55c14ee50d0 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:898
		settings = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5865765053bcb3f4 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:917
			process.env.CLINE_GLOBAL_SETTINGS_PATH = globalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36501af8ba9f7280 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:918
			process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2628ee6e4c9d8087 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:920
			await writeFile(
				settingsPath,
				`${JSON.stringify(
					{
						mcpServers: {
							smoke: {
								transport: {
									type: "stdio",
									command: process.execPath,
									args: ["-e", "process.exit(0)"],
								},
								metadata: {
									source: "plugin",
									pluginName: "settings-mcp-plugin",
									pluginPath,
								},
							},
						},
					},
					null,
					2,
				)}\n`,
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c56e0e420cd6fe1 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:963
			await expect(readFile(globalSettingsPath, "utf8")).rejects.toThrow();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72070240c55f7b49 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:964
			const settings = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abeef105d3bcab50 Environment-variable access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:975
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f89895c772a3e2ba Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:976
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					mcpServers: {
						linear: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.linear.app/mcp",
							},
							oauth: {
								lastError: "OAuth authorization failed",
							},
						},
						docs: {
							transport: {
								type: "sse",
								url: "https://mcp.example.com/sse",
							},
							oauth: {
								tokens: {
									access_token: "token",
								},
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e05cfc6337938b2 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:1025
		await writeFile(workflowPath, "Run this workflow.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #410247bb511dc544 Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:1039
		expect(await readFile(workflowPath, "utf8")).toBe("Run this workflow.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ead82cba873590e Filesystem access.
repo/apps/cli/src/runtime/interactive/config-data.test.ts:1047
		await writeFile(hookPath, "{}");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e78243bc3fb63e63 Filesystem access.
repo/apps/cli/src/runtime/prompt.test.ts:11
		writeFileSync(imagePath, Buffer.from("hello"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0833e735bf12308 Filesystem access.
repo/apps/cli/src/runtime/prompt.test.ts:25
		writeFileSync(filePath, "# Notes\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ecd4aad018abe6d Filesystem access.
repo/apps/cli/src/runtime/prompt.test.ts:37
		writeFileSync(filePath, "# Notes\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b634abe7a0097bd Environment-variable access.
repo/apps/cli/src/runtime/run-zen.test.ts:53
		delete process.env.CLINE_SESSION_BACKEND_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcf21dbbf099be01 Environment-variable access.
repo/apps/cli/src/runtime/run-zen.ts:41
		process.env.CLINE_SESSION_BACKEND_MODE?.trim().toLowerCase() === "local"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc7f295a559328e2 Environment-variable access.
repo/apps/cli/src/session/session.test.ts:38
		CLINE_RPC_ADDRESS: process.env.CLINE_RPC_ADDRESS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c30b18d76685afed Environment-variable access.
repo/apps/cli/src/session/session.test.ts:39
		CLINE_SESSION_BACKEND_MODE: process.env.CLINE_SESSION_BACKEND_MODE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #def6d5e7ede6bb03 Environment-variable access.
repo/apps/cli/src/session/session.test.ts:40
		CLINE_VCR: process.env.CLINE_VCR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2d73c63fb09accf Environment-variable access.
repo/apps/cli/src/session/session.test.ts:74
		delete process.env.CLINE_RPC_ADDRESS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #263092a2f73c6054 Environment-variable access.
repo/apps/cli/src/session/session.test.ts:75
		delete process.env.CLINE_SESSION_BACKEND_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d3d0b2584f861c8 Environment-variable access.
repo/apps/cli/src/session/session.test.ts:76
		delete process.env.CLINE_VCR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f6866d0b90420a3 Environment-variable access.
repo/apps/cli/src/session/session.test.ts:82
		process.env.CLINE_RPC_ADDRESS = envSnapshot.CLINE_RPC_ADDRESS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3409fe593864c74e Environment-variable access.
repo/apps/cli/src/session/session.test.ts:83
		process.env.CLINE_SESSION_BACKEND_MODE =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7a7b3ae9346f254 Environment-variable access.
repo/apps/cli/src/session/session.test.ts:85
		process.env.CLINE_VCR = envSnapshot.CLINE_VCR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d26af67f607275c Environment-variable access.
repo/apps/cli/src/session/session.test.ts:89
		process.env.CLINE_RPC_ADDRESS = "127.0.0.1:5001";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c55a6c059c71119c Environment-variable access.
repo/apps/cli/src/session/session.test.ts:186
		process.env.CLINE_SESSION_BACKEND_MODE = "local";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6a7955d704a38b2 Environment-variable access.
repo/apps/cli/src/session/session.test.ts:198
		process.env.CLINE_VCR = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5d870e403cade76 Environment-variable access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:24
		process.env.CLINE_MCP_SETTINGS_PATH ?? "cline_mcp_settings.json",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45ad7bda76644333 Environment-variable access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:28
			process.env.CLINE_MCP_SETTINGS_PATH ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d8312bc13213d98 Filesystem access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:30
		const settings = JSON.parse(readFileSync(filePath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e9ab2b855e5b16e Filesystem access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:42
		writeFileSync(filePath, `${JSON.stringify(settings, null, 2)}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77d95585143ede1e Filesystem access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:51
	return JSON.parse(await readFile(filePath, "utf8")) as TestMcpSettings;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d27592c392f335f1 Environment-variable access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:57
		CLINE_MCP_SETTINGS_PATH: process.env.CLINE_MCP_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfdf0c3dbcf11ee9 Environment-variable access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:62
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae9d89f9749f83b5 Environment-variable access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:64
			process.env.CLINE_MCP_SETTINGS_PATH = envSnapshot.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d9fbd7a123ecd00 Environment-variable access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:79
		process.env.CLINE_MCP_SETTINGS_PATH = currentDefaultPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24374b1d13ab5a0d Filesystem access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:90
		await writeFile(loadedPath, `${JSON.stringify(settings, null, 2)}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d738e2d0f4b2c01 Filesystem access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:91
		await writeFile(
			currentDefaultPath,
			`${JSON.stringify(settings, null, 2)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d3e62d67fa40db80 Filesystem access.
repo/apps/cli/src/tui/components/dialogs/mcp-manager-dialog.test.ts:118
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					mcpServers: {
						docs: {
							transport: {
								type: "stdio",
								command: "node",
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb574c756cd05394 Filesystem access.
repo/apps/cli/src/tui/interactive-config.ts:198
				const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10b9b8c51b11aaab Filesystem access.
repo/apps/cli/src/tui/interactive-config.ts:237
		const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44387719b82b459b Environment-variable access.
repo/apps/cli/src/tui/opentui-env.ts:21
	process.env.OPENTUI_GRAPHICS = "0";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3398ea213fa10f77 Environment-variable access.
repo/apps/cli/src/tui/root.tsx:84
		if (process.env.CLINE_FORCE_ONBOARDING === "1") return "onboarding";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e17cbd89028835d Filesystem access.
repo/apps/cli/src/tui/utils/image-paste.test.ts:16
		writeFileSync(imagePath, Buffer.from("hello"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4af15bf6d64f930b Filesystem access.
repo/apps/cli/src/tui/utils/image-paste.test.ts:57
		writeFileSync(onDiskPath, Buffer.from("hello"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #939ec3236fb7bde5 Filesystem access.
repo/apps/cli/src/tui/utils/image-paste.test.ts:74
		writeFileSync(join(dir, onDiskName), Buffer.from("hello"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17b9c4618fe789e2 Filesystem access.
repo/apps/cli/src/tui/utils/image-paste.ts:174
		const buffer = await readFile(filePath).catch(() => undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0112fc4d0d1c58c Environment-variable access.
repo/apps/cli/src/tui/utils/provider-config-values.test.ts:22
		delete process.env.AWS_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ebcceeb506ef179 Environment-variable access.
repo/apps/cli/src/tui/utils/provider-config-values.test.ts:23
		delete process.env.AWS_DEFAULT_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d9a0697b2fa66a38 Filesystem access.
repo/apps/cli/src/tui/utils/provider-config-values.test.ts:27
			writeFileSync(
				configPath,
				[
					"[default]",
					"region = us-east-1",
					"[profile dev]",
					"region = ap-southeast-2",
				].join("\n"),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3372432b8ea80d9d Environment-variable access.
repo/apps/cli/src/tui/utils/provider-config-values.test.ts:36
			process.env.AWS_CONFIG_FILE = configPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52c0758c24b26274 Environment-variable access.
repo/apps/cli/src/tui/utils/provider-config-values.test.ts:61
		process.env.AWS_REGION = "us-west-2";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7a85ce694d61094 Environment-variable access.
repo/apps/cli/src/utils/approval.ts:57
	const approvalDir = process.env.CLINE_TOOL_APPROVAL_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8a3649e1460a29e Environment-variable access.
repo/apps/cli/src/utils/approval.ts:105
	const mode = process.env.CLINE_TOOL_APPROVAL_MODE?.trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05fd6445cf90b968 Environment-variable access.
repo/apps/cli/src/utils/aws-region.test.ts:15
		process.env.AWS_REGION = "us-east-1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8904764c6b391c35 Environment-variable access.
repo/apps/cli/src/utils/aws-region.test.ts:20
		process.env.AWS_REGION = "eu-west-1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52d990f5a68602dc Environment-variable access.
repo/apps/cli/src/utils/aws-region.test.ts:21
		process.env.AWS_DEFAULT_REGION = "us-east-2";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd869ef8fd888375 Environment-variable access.
repo/apps/cli/src/utils/aws-region.test.ts:26
		delete process.env.AWS_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6267012a60d868fb Environment-variable access.
repo/apps/cli/src/utils/aws-region.test.ts:27
		delete process.env.AWS_DEFAULT_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d19e1c122513e06a Filesystem access.
repo/apps/cli/src/utils/aws-region.test.ts:31
			writeFileSync(
				configPath,
				[
					"[default]",
					"region = us-east-1",
					"[profile dev]",
					"region = ap-southeast-2",
				].join("\n"),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ae05509e88dd290 Environment-variable access.
repo/apps/cli/src/utils/aws-region.test.ts:40
			process.env.AWS_CONFIG_FILE = configPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81c57d53f25b1582 Environment-variable access.
repo/apps/cli/src/utils/aws-region.ts:38
		process.env.AWS_CONFIG_FILE?.trim() || join(homedir(), ".aws", "config");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4899d7d01593a672 Filesystem access.
repo/apps/cli/src/utils/aws-region.ts:42
		const profiles = parseAwsConfigProfiles(readFileSync(configPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9227e2740d6af693 Environment-variable access.
repo/apps/cli/src/utils/aws-region.ts:56
		process.env.AWS_REGION?.trim() || process.env.AWS_DEFAULT_REGION?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #188d7d42a7a9bf95 Environment-variable access.
repo/apps/cli/src/utils/aws-region.ts:60
		input.profile?.trim() || process.env.AWS_PROFILE?.trim() || "default";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c472ef5b55341368 Environment-variable access.
repo/apps/cli/src/utils/feature-flags.ts:46
		const apiKey = process.env.TELEMETRY_SERVICE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0260289c6e207809 Environment-variable access.
repo/apps/cli/src/utils/feature-flags.ts:49
			process.env.IS_TEST !== "true" &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d57cf97328481a67 Environment-variable access.
repo/apps/cli/src/utils/feature-flags.ts:50
			process.env.E2E_TEST !== "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5c2fa6c2b16a5af Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:25
		CLINE_DATA_DIR: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72eebf2c683e1717 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:26
		CLINE_DB_DATA_DIR: process.env.CLINE_DB_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43f550664a0e193f Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:27
		CLINE_HOOKS_LOG_PATH: process.env.CLINE_HOOKS_LOG_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d2be980b3b70bcb Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:28
		CLINE_SESSION_ID: process.env.CLINE_SESSION_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eedcde960d70aba Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:29
		CLINE_SESSION_DATA_DIR: process.env.CLINE_SESSION_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21361447bf619aa1 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:34
	process.env.CLINE_DATA_DIR = snapshot.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26b60182c97fb799 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:35
	process.env.CLINE_DB_DATA_DIR = snapshot.CLINE_DB_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddfdb43db68cc900 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:36
	process.env.CLINE_HOOKS_LOG_PATH = snapshot.CLINE_HOOKS_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5878eaa190dafe6c Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:37
	process.env.CLINE_SESSION_ID = snapshot.CLINE_SESSION_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fab1e926663e9e89 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:38
	process.env.CLINE_SESSION_DATA_DIR = snapshot.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4325524a8670b89c Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:406
		process.env.CLINE_DATA_DIR = tempDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a84116525beace82 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:407
		delete process.env.CLINE_HOOKS_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d88b555818365d6e Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:408
		delete process.env.CLINE_SESSION_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #764656dec07cfd73 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:409
		delete process.env.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a2bae7f8898031a Filesystem access.
repo/apps/cli/src/utils/helpers.test.ts:431
		const content = readFileSync(expectedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ab49b8c3095ce1a Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:440
		process.env.CLINE_HOOKS_LOG_PATH = expectedPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #704e22405578f8dd Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:441
		delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1134988d649e8909 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:442
		delete process.env.CLINE_SESSION_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb90bec619f641c9 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:443
		delete process.env.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a306dee116958abd Filesystem access.
repo/apps/cli/src/utils/helpers.test.ts:468
		const content = readFileSync(expectedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db86757dedd615b2 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:477
			CLINE_SANDBOX: process.env.CLINE_SANDBOX,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #779d18b7b77ac5a3 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:478
			CLINE_SANDBOX_DATA_DIR: process.env.CLINE_SANDBOX_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16256a47f85cfa7d Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:479
			CLINE_DATA_DIR: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10cef6c3e79365e1 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:480
			CLINE_DB_DATA_DIR: process.env.CLINE_DB_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93685be55a3a6160 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:481
			CLINE_SESSION_DATA_DIR: process.env.CLINE_SESSION_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09e4ba2422b65e5e Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:482
			CLINE_TEAM_DATA_DIR: process.env.CLINE_TEAM_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ce7c77cad333b34 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:483
			CLINE_PROVIDER_SETTINGS_PATH: process.env.CLINE_PROVIDER_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3a75f761f156e13 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:484
			CLINE_HOOKS_LOG_PATH: process.env.CLINE_HOOKS_LOG_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbb0fa666ef2a03d Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:493
			expect(process.env.CLINE_SANDBOX).toBe("1");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #930141250c5ea617 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:494
			expect(process.env.CLINE_SANDBOX_DATA_DIR).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7154e95433d44c17 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:497
			expect(process.env.CLINE_DATA_DIR).toBe(path.join(root, "sandbox-state"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5637bcd25fd5516 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:498
			expect(process.env.CLINE_DB_DATA_DIR).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cb74d472b98a63b Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:501
			expect(process.env.CLINE_SESSION_DATA_DIR).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #969208d1474304bf Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:504
			expect(process.env.CLINE_TEAM_DATA_DIR).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4124725d7a53fa07 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:507
			expect(process.env.CLINE_PROVIDER_SETTINGS_PATH).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #525fc74664660b60 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:510
			expect(process.env.CLINE_HOOKS_LOG_PATH).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8838ee402af5646d Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:514
			process.env.CLINE_SANDBOX = previous.CLINE_SANDBOX;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a2221ea0e8b2876 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:515
			process.env.CLINE_SANDBOX_DATA_DIR = previous.CLINE_SANDBOX_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99632f78e0d61542 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:516
			process.env.CLINE_DATA_DIR = previous.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4e6ad9c6711020a Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:517
			process.env.CLINE_DB_DATA_DIR = previous.CLINE_DB_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cfc24018bdf16c0e Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:518
			process.env.CLINE_SESSION_DATA_DIR = previous.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6405cb5d5101443 Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:519
			process.env.CLINE_TEAM_DATA_DIR = previous.CLINE_TEAM_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6103ab30db89cb4e Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:520
			process.env.CLINE_PROVIDER_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fb962f0903ea5ce Environment-variable access.
repo/apps/cli/src/utils/helpers.test.ts:522
			process.env.CLINE_HOOKS_LOG_PATH = previous.CLINE_HOOKS_LOG_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a00d074bda0dc24 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:441
	const envPath = process.env.CLINE_HOOKS_LOG_PATH?.trim() || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #534aa94932175dce Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:533
	const envDir = process.env.CLINE_SANDBOX_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09e99d5c832cd577 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:548
	process.env.CLINE_SANDBOX = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50d503fa57764794 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:549
	process.env.CLINE_SANDBOX_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bdb99dcc4975933 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:550
	process.env.CLINE_DATA_DIR = dataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4bb45f851f8ea54e Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:551
	process.env.CLINE_DB_DATA_DIR = join(dataDir, "db");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ebc05667f0a41d0 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:552
	process.env.CLINE_SESSION_DATA_DIR = join(dataDir, "sessions");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc9373f81cfb7420 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:553
	process.env.CLINE_TEAM_DATA_DIR = join(dataDir, "teams");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cc419beb7b17024 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:554
	process.env.CLINE_PROVIDER_SETTINGS_PATH = join(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27afc36abbb4df08 Environment-variable access.
repo/apps/cli/src/utils/helpers.ts:559
	process.env.CLINE_HOOKS_LOG_PATH = join(dataDir, "logs", "hooks.jsonl");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #66f02a41b705ade4 Environment-variable access.
repo/apps/cli/src/utils/hooks.ts:12
const isDev = process.env.NODE_ENV === "development";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1229352ca3201184 Environment-variable access.
repo/apps/cli/src/utils/hooks.ts:123
		process.env.CLINE_USER_ID?.trim() || process.env.USER?.trim() || "unknown";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2c4070df074c9d3 Environment-variable access.
repo/apps/cli/src/utils/hooks.ts:126
		clineVersion: process.env.CLINE_VERSION?.trim() || "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #924228bf621bdf8c Environment-variable access.
repo/apps/cli/src/utils/hooks.ts:194
				const isResume = process.env.CLINE_HOOK_AGENT_RESUME === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afcebb78c62dc792 Filesystem access.
repo/apps/cli/src/utils/image-attachments.ts:51
		const buffer = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8540ce65448aa808 Filesystem access.
repo/apps/cli/src/utils/input-history.ts:15
		for (const line of readFileSync(path, "utf8").split("\n")) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eb43ff6a2e000fc Filesystem access.
repo/apps/cli/src/utils/input-history.ts:64
		writeFileSync(
			path,
			`${next.map((p) => JSON.stringify({ prompt: p, ts: Date.now() })).join("\n")}\n`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #742f6f251ce92434 Filesystem access.
repo/apps/cli/src/utils/plugin-chat-commands.test.ts:22
		await writeFile(
			join(pluginsDir, "echo.js"),
			[
				"export default {",
				"  name: 'echo-plugin',",
				"  manifest: { capabilities: ['commands'] },",
				"  setup(api) {",
				"    api.registerCommand({",
				"      name: 'echo',",
				"      description: 'Echo input',",
				"      handler: async (input) => 'echo:' + input",
				"    });",
				"  },",
				"};",
			].join("\n"),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63739ae6aa856756 Filesystem access.
repo/apps/cli/src/utils/plugin-chat-commands.test.ts:74
		await writeFile(
			join(pluginsDir, "submit.js"),
			[
				"export default {",
				"  name: 'submit-plugin',",
				"  manifest: { capabilities: ['commands'] },",
				"  setup(api) {",
				"    api.registerCommand({",
				"      name: 'goal',",
				"      description: 'Set a goal and submit it',",
				"      handler: async (input) => ({",
				"        reply: 'goal:' + input,",
				"        submitPrompt: input",
				"      })",
				"    });",
				"  },",
				"};",
			].join("\n"),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c86889ca1fb414a4 Environment-variable access.
repo/apps/cli/src/utils/worktree.test.ts:44
		originalClineDir = process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee55490d3c2ac830 Environment-variable access.
repo/apps/cli/src/utils/worktree.test.ts:45
		process.env.CLINE_DIR = clineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3ee51d45e8da9a8 Filesystem access.
repo/apps/cli/src/utils/worktree.test.ts:48
		await writeFile(path.join(sandboxRoot, ".keep"), "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #987dfd2d60d61b87 Filesystem access.
repo/apps/cli/src/utils/worktree.test.ts:55
		await writeFile(path.join(repoPath, "file.txt"), "hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38ef5051698ba289 Environment-variable access.
repo/apps/cli/src/utils/worktree.test.ts:71
			delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c17f819399a6ce41 Environment-variable access.
repo/apps/cli/src/utils/worktree.test.ts:73
			process.env.CLINE_DIR = originalClineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc7aa30a146593b8 Environment-variable access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:14
	const originalSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #168c1ea468ad5f34 Environment-variable access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:18
		process.env.CLINE_MCP_SETTINGS_PATH = originalSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6da24bdf9faccc69 Environment-variable access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:29
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b61c21fa2ecc06c7 Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:35
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					otherSetting: true,
					mcpServers: {
						existing: { transport: { type: "stdio", command: "node" } },
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02ed06b6385de4ba Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:52
		const parsed = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b345863420382845 Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:65
		const parsed = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #beb4bacfa4ae5e33 Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:79
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					mcpServers: {
						linear: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.linear.app/mcp",
							},
							oauth: {
								tokens: {
									access_token: "oauth-token",
								},
								lastAuthenticatedAt: 123,
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cdcfd1aa59eca4d Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:107
		const parsed = JSON.parse(await readFile(settingsPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e037b3fb415f3b5 Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:119
		await writeFile(
			settingsPath,
			`${JSON.stringify(
				{
					mcpServers: {
						linear: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.linear.app/mcp",
							},
						},
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a8db39d01b150c2 Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:136
		const before = await readFile(settingsPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #435f59b1fde472a9 Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.test.ts:140
		await expect(readFile(settingsPath, "utf8")).resolves.toBe(before);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e720face13666dc Filesystem access.
repo/apps/cli/src/wizards/mcp/settings.ts:34
		const raw = readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78646c58992b5a0a Environment-variable access.
repo/apps/cli/src/wizards/schedule/index.ts:392
	const address = resolveAddress(process.env.CLINE_HUB_ADDRESS);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/vscode/webview-ui

npm first-party
medium telemetry production #4bc0c4b01830f22a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:2
import posthog from "posthog-js"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4192ce0294715f25 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:22
		posthog.init(apiKey, {
			api_host: posthogConfig.host,
			ui_host: posthogConfig.uiHost,
			disable_session_recording: true,
			capture_pageview: false,
			capture_dead_clicks: false,
			// Feature flags should work regardless of telemetry opt-out
			advanced_disable_decide: false,
			// Autocapture should respect telemetry settings
			autocapture: false,
		})

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #7b52f17135b75d02 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:41
		posthog.set_config({
			before_send: (payload) => {
				// Only filter out events if telemetry is disabled, but allow feature flag requests
				if (!isTelemetryEnabled && payload?.event !== "$feature_flag_called") {
					return null
				}

				if (payload?.properties) {
					payload.properties.extension_version = version
					payload.properties.distinct_id = distinctId
				}
				return payload
			},
		})

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #dfd55794027522ed Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:56
		const optedIn = posthog.has_opted_in_capturing()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #07be1fd0c8b1ded0 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:57
		const optedOut = posthog.has_opted_out_capturing()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9ff40ec1f4a10f45 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:62
		posthog.identify(distinctId, args)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e844229794897c3c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:65
			posthog.opt_in_capturing()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #38deee008b3d99db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/CustomPostHogProvider.tsx:68
			posthog.opt_out_capturing()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #23a0cef24681cd0f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/hooks/useFeatureFlag.ts:1
import posthog from "posthog-js"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #249c283b0d3254bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/hooks/useFeatureFlag.ts:24
			setFlagEnabled(posthog.isFeatureEnabled(flagName) === true)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #1d3fbb11065fa2a1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/vscode/webview-ui/src/hooks/useFeatureFlag.ts:28
		return posthog.onFeatureFlags(readFlag)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 21 low-confidence finding(s)
low env_fs production #de38074782dc5ca1 Environment-variable access.
repo/apps/vscode/webview-ui/src/components/chat/task-header/TaskHeader.tsx:18
const IS_DEV = process.env.IS_DEV === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df18dfb2ab3afeb2 Environment-variable access.
repo/apps/vscode/webview-ui/src/components/settings/SettingsView.tsx:34
const IS_DEV = process.env.IS_DEV

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6e9d85118cbacbb7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/vscode/webview-ui/src/components/ui/hooks/useOpenRouterKeyInfo.ts:30
		const response = await fetch(keyEndpoint, {
			headers: {
				Authorization: `Bearer ${apiKey}`,
			},
			signal,
		})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #64cc368ba104edb0 Filesystem access.
repo/apps/vscode/webview-ui/vite.config.ts:20
					writeFileSync(portFilePath, port.toString())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #106a83ed0f35b36c Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:34
const parentEnv = loadEnv(process.env.NODE_ENV || "development", resolve(__dirname, ".."), "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #790e5ac6c37cd447 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:36
	process.env[key] ??= value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a115494329b249e1 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:41
const platform = process.env.PLATFORM || "vscode" // Default to vscode

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab50c95426ab2dc4 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:129
		"process.env.CLINE_ENVIRONMENT": JSON.stringify(process.env.CLINE_ENVIRONMENT ?? "production"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a682c78bfb03018 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:130
		"process.env.IS_DEV": JSON.stringify(process.env.IS_DEV),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60d868d2362e5c54 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:131
		"process.env.IS_TEST": JSON.stringify(process.env.IS_TEST),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bbbd89fcf0c48c66 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:132
		"process.env.CI": JSON.stringify(process.env.CI),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a69c0c6df099db5 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:134
		"process.env.TELEMETRY_SERVICE_API_KEY": JSON.stringify(process.env.TELEMETRY_SERVICE_API_KEY),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a529465b3bddab00 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:135
		"process.env.ERROR_SERVICE_API_KEY": JSON.stringify(process.env.ERROR_SERVICE_API_KEY),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9dd81fe47427806 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:136
		"process.env.ENABLE_ERROR_AUTOCAPTURE": JSON.stringify(process.env.ENABLE_ERROR_AUTOCAPTURE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cee17ac63c0cb5c2 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:138
		"process.env.OTEL_TELEMETRY_ENABLED": JSON.stringify(process.env.OTEL_TELEMETRY_ENABLED),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02641cf2a6569c2e Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:139
		"process.env.OTEL_METRICS_EXPORTER": JSON.stringify(process.env.OTEL_METRICS_EXPORTER),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a01571c17af946 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:140
		"process.env.OTEL_LOGS_EXPORTER": JSON.stringify(process.env.OTEL_LOGS_EXPORTER),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c67523b642dd4085 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:141
		"process.env.OTEL_EXPORTER_OTLP_PROTOCOL": JSON.stringify(process.env.OTEL_EXPORTER_OTLP_PROTOCOL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8616c77ca92654c3 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:142
		"process.env.OTEL_EXPORTER_OTLP_ENDPOINT": JSON.stringify(process.env.OTEL_EXPORTER_OTLP_ENDPOINT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e2c92747df78730 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:143
		"process.env.OTEL_EXPORTER_OTLP_HEADERS": JSON.stringify(process.env.OTEL_EXPORTER_OTLP_HEADERS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f7eca6b3d736909 Environment-variable access.
repo/apps/vscode/webview-ui/vite.config.ts:144
		"process.env.OTEL_METRIC_EXPORT_INTERVAL": JSON.stringify(process.env.OTEL_METRIC_EXPORT_INTERVAL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm)

npm first-party
expand_more 45 low-confidence finding(s)
low env_fs test-only #7e5ef9dee6249f3b Filesystem access.
repo/evals/analysis/src/__tests__/classifier.test.ts:184
			const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4faf8ccdb509aaf5 Filesystem access.
repo/evals/analysis/src/__tests__/classifier.test.ts:188
			fs.writeFileSync(
				tmpFile,
				`version: "1.0"\npatterns:\n  - name: !!js/function 'function(){ return "pwned" }'\n`,
			)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59289a321f1f890b Filesystem access.
repo/evals/analysis/src/classifier.ts:12
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5de2826093c76020 Filesystem access.
repo/evals/analysis/src/classifier.ts:45
		const content = fs.readFileSync(filePath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94b217f75db24add Filesystem access.
repo/evals/analysis/src/cli.ts:13
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fd13e31a08ca1cb Filesystem access.
repo/evals/analysis/src/cli.ts:59
				fs.writeFileSync(options.output, report)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1bbac3ab981c36bf Filesystem access.
repo/evals/analysis/src/cli.ts:66
					fs.writeFileSync(jsonPath, jsonReporter.generate(analysis, true))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8d46921c31357b8 Filesystem access.
repo/evals/analysis/src/cli.ts:104
			const baseline: AnalysisOutputV1 = JSON.parse(fs.readFileSync(baselinePath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b70d33e2b1aba567 Filesystem access.
repo/evals/analysis/src/cli.ts:105
			const current: AnalysisOutputV1 = JSON.parse(fs.readFileSync(currentPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c050cb5812834c5 Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:10
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #342998e0902105ea Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:50
		const config = JSON.parse(fs.readFileSync(configPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f206e0b08af8d636 Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:51
		const result = JSON.parse(fs.readFileSync(resultPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36c350baf2016552 Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:110
		const config = JSON.parse(fs.readFileSync(configPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49338a1542b0816a Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:111
		const result = JSON.parse(fs.readFileSync(resultPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f944c1b0e9a6a4d Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:112
		const reward = fs.readFileSync(rewardPath, "utf-8").trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50bc0c0512a142a7 Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:113
		const logs = fs.existsSync(logsPath) ? fs.readFileSync(logsPath, "utf-8") : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0aeaff41bfb5afb2 Filesystem access.
repo/evals/analysis/src/parsers/harbor.ts:114
		const testOutput = fs.existsSync(testOutputPath) ? fs.readFileSync(testOutputPath, "utf-8") : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37311b47425901de Filesystem access.
repo/evals/e2e/run-cline-bench.ts:26
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2976e22691ff9d3 Environment-variable access.
repo/evals/e2e/run-cline-bench.ts:115
	const apiKey = process.env[apiKeyEnv] || process.env.API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c7d434e3aac31d0 Filesystem access.
repo/evals/e2e/run-cline-bench.ts:172
						const reward = fs.readFileSync(rewardFile, "utf-8").trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e295939928655cdd Filesystem access.
repo/evals/e2e/run-cline-bench.ts:312
		fs.writeFileSync(options.outputFile, JSON.stringify(report, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b8271af58d862abe Filesystem access.
repo/evals/smoke-tests/run-smoke-tests.ts:21
import * as fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a7632fb3c12b4e8 Environment-variable access.
repo/evals/smoke-tests/run-smoke-tests.ts:46
const CLINE_CONFIG_DIR = path.join(process.env.HOME || "", ".cline")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15cbc06674240eb6 Filesystem access.
repo/evals/smoke-tests/run-smoke-tests.ts:117
				const config = JSON.parse(fs.readFileSync(configPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d3325ca593392fc Environment-variable access.
repo/evals/smoke-tests/run-smoke-tests.ts:134
	return requiredEnv.filter((key) => !process.env[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa0a13fa15543d6f Environment-variable access.
repo/evals/smoke-tests/run-smoke-tests.ts:145
	const apiKey = apiKeyEnv ? process.env[apiKeyEnv] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a102d288e49ab44d Environment-variable access.
repo/evals/smoke-tests/run-smoke-tests.ts:146
	const baseUrl = scenario.auth?.baseUrlEnv ? process.env[scenario.auth.baseUrlEnv] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f310a67e48264111 Filesystem access.
repo/evals/smoke-tests/run-smoke-tests.ts:258
				const content = fs.readFileSync(filePath, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e27f367c8fca2354 Filesystem access.
repo/evals/smoke-tests/run-smoke-tests.ts:564
			fs.writeFileSync(path.join(logDir, `trial-${trialNum}.log`), logContent)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18dc3dd0412c2080 Filesystem access.
repo/evals/smoke-tests/run-smoke-tests.ts:644
	fs.writeFileSync(path.join(resultsDir, "report.json"), JSON.stringify(report, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a118fb4258459e55 Filesystem access.
repo/evals/smoke-tests/run-smoke-tests.ts:648
	fs.writeFileSync(path.join(resultsDir, "summary.md"), summaryMd)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b34e4f99dcfe8a9 Filesystem access.
repo/evals/smoke-tests/run-smoke-tests.ts:663
		fs.writeFileSync(outputFile, JSON.stringify(report, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc01d9c60c1cb006 Filesystem access.
repo/sdk/scripts/check-publish.ts:65
			const pkg = JSON.parse(await readFile(pkgPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #837b3517b9c37e4c Filesystem access.
repo/sdk/scripts/check-publish.ts:213
		await writeFile(
			join(testDir, "package.json"),
			JSON.stringify(testPkg, null, 2),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e74e9be0f6060e81 Filesystem access.
repo/sdk/scripts/check-publish.ts:233
			await writeFile(
				testFile,
				[
					`try {`,
					`  await import("${pkg.name}");`,
					`  console.log("  OK ${pkg.name}");`,
					`} catch (e: any) {`,
					`  console.error("  FAIL ${pkg.name}:", e.message);`,
					`  if (e.code) console.error("       code:", e.code);`,
					`  process.exitCode = 1;`,
					`}`,
				].join("\n"),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb2d2d704ee3067c Filesystem access.
repo/sdk/scripts/check-publish.ts:282
			await writeFile(
				testFile,
				[
					`import { readFileSync } from "node:fs";`,
					`import { join } from "node:path";`,
					`try {`,
					`  const root = await import("@cline/core");`,
					`  if (typeof root.ClineCore?.create !== "function") {`,
					`    console.error("  FAIL @cline/core: root export is missing ClineCore.create");`,
					`    process.exit(1);`,
					`  }`,
					`} catch (error) {`,
					`  const message = error instanceof Error ? error.message : String(error);`,
					`  console.error("  FAIL @cline/core: published runtime shape is invalid:", message);`,
					`  process.exit(1);`,
					`}`,
					`console.log("  OK @cline/core publish shape");`,
				].join("\n"),
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efde765e0ad9eebf Filesystem access.
repo/sdk/scripts/ci-node-smoke.ts:91
		await writeFile(
			join(smokeDir, "package.json"),
			`${JSON.stringify(
				{
					name: "cline-node-smoke",
					private: true,
					type: "module",
					dependencies: {
						"@cline/core": `file:${tarballs.core}`,
						"@cline/agents": `file:${tarballs.agents}`,
						"@cline/llms": `file:${tarballs.llms}`,
						"@cline/shared": `file:${tarballs.shared}`,
					},
				},
				null,
				2,
			)}\n`,
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb6fb2530c04d868 Filesystem access.
repo/sdk/scripts/ci-node-smoke.ts:136
		await writeFile(smokeFile, `${smokeSource.trim()}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20683376e0ebb230 Filesystem access.
repo/sdk/scripts/clean.ts:26
	const raw = await readFile(path.join(root, "package.json"), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69f836528e0ae7af Filesystem access.
repo/sdk/scripts/release.ts:182
			const raw = await readFile(
				join(packagesDir, dir.name, "package.json"),
				"utf-8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b969cb146db5411e Filesystem access.
repo/sdk/scripts/release.ts:204
	const raw = await readFile(join(cliDir, "package.json"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7559b60405afed33 Filesystem access.
repo/sdk/scripts/release.ts:368
			const raw = await readFile(
				join(packagesDir, dir.name, "package.json"),
				"utf-8",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f651be974e71807 Filesystem access.
repo/sdk/scripts/version.ts:38
			const raw = await readFile(pkgPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03f044b4e7c33e79 Filesystem access.
repo/sdk/scripts/version.ts:83
		const raw = await readFile(pkgPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c8238ea06e88913 Filesystem access.
repo/sdk/scripts/version.ts:96
			await writeFile(pkgPath, out);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/cline-hub

npm first-party
expand_more 71 low-confidence finding(s)
low env_fs production #4b35f0665ad6b19b Environment-variable access.
repo/apps/cline-hub/src/dev.ts:5
	process.env.CLINE_HUB_WEBVIEW_DEV_HOST?.trim() || "127.0.0.1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda8d6cf9d97cd2e Environment-variable access.
repo/apps/cline-hub/src/dev.ts:6
const webviewPort = process.env.CLINE_HUB_WEBVIEW_DEV_PORT?.trim() || "5173";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af097c42db27a6d3 Environment-variable access.
repo/apps/cline-hub/src/dev.ts:8
	process.env.VITE_DEV_SERVER_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e108158efe78293b Environment-variable access.
repo/apps/cline-hub/src/server/deps.ts:15
	process.env.CLINE_HUB_WEBVIEW_DIST_DIR?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0336dfa41dc07b15 Environment-variable access.
repo/apps/cline-hub/src/server/http.ts:160
		const devServerUrl = process.env.VITE_DEV_SERVER_URL?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2abbcdfdc643b563 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:25
	const originalWrapperPath = process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e9f7b2106e100e7 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:26
	const originalClineDir = process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a91c2275721d0ce Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:27
	const originalHome = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24638062c8e7359a Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:28
	const originalMcpSettingsPath = process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f55687f702c98f1 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:32
			delete process.env.CLINE_WRAPPER_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #352f58a120a4322b Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:34
			process.env.CLINE_WRAPPER_PATH = originalWrapperPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b56edbc906cae2c7 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:37
			delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acab001d12370377 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:39
			process.env.CLINE_DIR = originalClineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27d3c0f271be1945 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:42
			delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b51cc10ec95dab6a Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:44
			process.env.HOME = originalHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b65ec961c791a0d7 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:47
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8421048845e50549 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:49
			process.env.CLINE_MCP_SETTINGS_PATH = originalMcpSettingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2f501d786bf2f05 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:71
		writeFileSync(
			join(installPath, "package.json"),
			JSON.stringify({ name: slug }, null, 2),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4a82412d0ca5c85 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:76
		writeFileSync(
			join(installPath, "package", "index.ts"),
			`export default { name: "${slug}", manifest: { capabilities: ["tools"] } };`,
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5e07779a347bea4 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:138
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2944e94ec977e036 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:143
			writeFileSync(
				join(homeDir, ".agents", "skills", "web-design-guidelines", "SKILL.md"),
				"---\nname: web-design-guidelines\n---\n",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c635816e135c7fb7 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:188
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02b2235566c80bb4 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:192
		writeFileSync(
			join(homeDir, ".agents", "skills", "cline-sdk", "SKILL.md"),
			"---\nname: cline-sdk\n---\n",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #928599023210f39d Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:223
		process.env.CLINE_DIR = clineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e2d135684b92c80 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:227
		writeFileSync(
			join(clineDir, "skills", "cline-sdk", "SKILL.md"),
			"---\nname: cline-sdk\n---\n",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03c9b64f3c599474 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:249
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08807a2ad6ceb38a Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:250
		process.env.CLINE_DIR = clineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a2018e09b087e7f Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:255
			writeFileSync(
				join(clineDir, "skills", "cline-sdk", "SKILL.md"),
				"---\nname: cline-sdk\n---\n",
			);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41d7166fd3402ba0 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:286
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c27c954a4ef3b0c Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:289
		writeFileSync(join(skillDir, "SKILL.md"), "---\nname: cline-sdk\n---\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #848e9295ab80f8bb Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:327
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b19a8ca5c45c3d5 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:356
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12ffb75b76f06f77 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:380
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1bcaf1a7e31ba23 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:425
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07c70a4e12cfebb3 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:427
		writeFileSync(join(homeDir, ".agents", "skills"), "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecedba6296976db9 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:454
		process.env.HOME = homeDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97cb75b57a8b9b35 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:477
		process.env.CLINE_WRAPPER_PATH = "/usr/local/bin/cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1722c494fa94c818 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:505
		process.env.CLINE_WRAPPER_PATH = "/usr/local/bin/cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #139ad3c059120b2d Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:568
		process.env.CLINE_DIR = clineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53c99d2df2fd7be7 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:598
		process.env.CLINE_WRAPPER_PATH = "/usr/local/bin/cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74db3d04606e121c Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:639
		process.env.CLINE_DIR = clineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c918554fa303474 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:680
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ebc9faa8099629f Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:681
		writeFileSync(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						context7: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.context7.com/mcp",
							},
						},
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c50e1eb7ae23432f Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:745
		process.env.CLINE_MCP_SETTINGS_PATH = settingsPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2cff8dc499884e8 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:746
		writeFileSync(
			settingsPath,
			JSON.stringify(
				{
					mcpServers: {
						context7: {
							transport: {
								type: "streamableHttp",
								url: "https://mcp.context7.com/mcp",
							},
						},
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c6a8ef2816063e4 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:774
		expect(readFileSync(settingsPath, "utf8")).not.toContain("context7");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37d21702600dc756 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.test.ts:782
		writeFileSync(skillPath, "---\nname: review\n---\nReview changes.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d18ba5ee800eb91b Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:803
		process.env.CLINE_DIR = clineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddb4d80fc40ae872 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:832
		process.env.CLINE_DIR = mkdtempSync(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e028ba2bf91b9e68 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.test.ts:862
		process.env.CLINE_DIR = clineDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #983af09e964af707 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.ts:88
	process.env.CLINE_MARKETPLACE_CATALOG_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b25e180372b2c016 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.ts:458
	const wrapperPath = process.env.CLINE_WRAPPER_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e5b4eea104ad057 Environment-variable access.
repo/apps/cline-hub/src/server/marketplace.ts:610
		process.env.HOME?.trim() || process.env.USERPROFILE?.trim() || osHomedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69b3f499bcef0f35 Filesystem access.
repo/apps/cline-hub/src/server/marketplace.ts:662
		writeFileSync(probePath, "", { flag: "wx" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb7e2e689086c2b6 Filesystem access.
repo/apps/cline-hub/src/server/mcp.ts:11
	const parsed = JSON.parse(readFileSync(settingsPath, "utf8")) as JsonRecord;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #317a9bb48cd9865e Environment-variable access.
repo/apps/cline-hub/src/server/providers.ts:32
			process.env.CLINE_PROVIDER?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce28d996c3740dfc Environment-variable access.
repo/apps/cline-hub/src/server/providers.ts:36
			process.env.CLINE_MODEL?.trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df5d3d4609480514 Environment-variable access.
repo/apps/cline-hub/src/server/sessions.ts:52
		process.env.CLINE_PROVIDER?.trim() ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30985244848a6933 Environment-variable access.
repo/apps/cline-hub/src/server/sessions.ts:59
		process.env.CLINE_MODEL?.trim() ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6f0d96a90e7a26b Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:10
		CLINE_GLOBAL_SETTINGS_PATH: process.env.CLINE_GLOBAL_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b136c038e8af08c5 Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:11
		CLINE_MCP_SETTINGS_PATH: process.env.CLINE_MCP_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9043cf6ce4c57579 Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:16
			delete process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0c9a13c20544ec0 Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:18
			process.env.CLINE_GLOBAL_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7e386b3dcb1721 Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:22
			delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c269a4ba2e780a2 Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:24
			process.env.CLINE_MCP_SETTINGS_PATH = envSnapshot.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1068ff8d3fc99153 Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:35
		process.env.CLINE_GLOBAL_SETTINGS_PATH = join(tempRoot, "settings.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e83638e77099724 Environment-variable access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:36
		process.env.CLINE_MCP_SETTINGS_PATH = join(tempRoot, "mcp.json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85df2d782365fc73 Filesystem access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:49
		await writeFile(
			join(packageDir, "package.json"),
			JSON.stringify(
				{
					name: "cline-sdk-portable-agents",
					cline: {
						plugins: [{ paths: ["./index.ts"] }],
					},
				},
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad979b4c5e845632 Filesystem access.
repo/apps/cline-hub/src/server/user-instructions.test.ts:62
		await writeFile(pluginPath, "export default {};\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8749d7e7ef99cc2a Filesystem access.
repo/apps/cline-hub/src/server/user-instructions.ts:30
		const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6fba9ac18e3491d Filesystem access.
repo/apps/cline-hub/src/server/user-instructions.ts:117
					const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/cline-hub/src/webview

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #f707e898d9868bce Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/cline-hub/src/webview/src/components/ai-elements/open-in-chat.tsx:65
			const url = new URL("https://cursor.com/link/prompt");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): apps/examples/cli-agent

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #bfa475dddf579ee6 Environment-variable access.
repo/apps/examples/cli-agent/src/index.ts:8
	apiKey: process.env.CLINE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/cline-core-cli-agent

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only #b72dce7d4921cc62 Environment-variable access.
repo/apps/examples/cline-core-cli-agent/src/index.ts:10
const providerId = process.env.CLINE_PROVIDER_ID ?? "cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f6df869620aec8f Environment-variable access.
repo/apps/examples/cline-core-cli-agent/src/index.ts:11
const modelId = process.env.CLINE_MODEL_ID ?? "anthropic/claude-sonnet-4.6";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1a8d16dbad863f3f Environment-variable access.
repo/apps/examples/cline-core-cli-agent/src/index.ts:12
const apiKey = process.env.CLINE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/code-review-bot

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only #f64355cfed837a49 Environment-variable access.
repo/apps/examples/code-review-bot/src/index.ts:9
const PORT = Number(process.env.PORT || 3457);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b7b1263642471661 Environment-variable access.
repo/apps/examples/code-review-bot/src/index.ts:10
const MODEL_ID = process.env.CLINE_MODEL_ID || "anthropic/claude-sonnet-4.6";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84e55fc737b8dbcc Environment-variable access.
repo/apps/examples/code-review-bot/src/index.ts:11
const GITHUB_TOKEN = process.env.GITHUB_TOKEN || process.env.GH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84f4ee87bc657aec Environment-variable access.
repo/apps/examples/code-review-bot/src/index.ts:13
	process.env.ENABLE_GITHUB_REVIEW_POSTING === "1" && Boolean(GITHUB_TOKEN);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1babfed35c3003c Environment-variable access.
repo/apps/examples/code-review-bot/src/index.ts:1289
		apiKey: process.env.CLINE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/desktop-app

npm first-party
expand_more 39 low-confidence finding(s)
low env_fs test-only #a96723a9b53cb8a3 Environment-variable access.
repo/apps/examples/desktop-app/scripts/build-sidecar-bin.ts:4
	const fromEnv = process.env.TAURI_ENV_TARGET_TRIPLE ?? process.env.TARGET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca09e41a94bd18e4 Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:122
		process.env.APPLE_CERTIFICATE || process.env.APPLE_SIGNING_IDENTITY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00c02d901f85f71e Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:125
		process.env.APPLE_ID &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #812f90a48d4f456c Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:126
			process.env.APPLE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d05e690f3ae4e726 Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:127
			process.env.APPLE_TEAM_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0311b15296470c13 Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:130
		(process.env.APPLE_API_KEY || process.env.APPLE_API_KEY_PATH) &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7ebb6a7151a30449 Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:131
			process.env.APPLE_API_KEY_ID &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ec10e28d2549c2f Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:132
			process.env.APPLE_API_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5a013d8cfd5cb7e6 Environment-variable access.
repo/apps/examples/desktop-app/scripts/package-desktop.ts:283
		hasArg("--allow-unsigned-mac") || process.env.ALLOW_UNSIGNED_MAC === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4087e8483a9140e5 Filesystem access.
repo/apps/examples/desktop-app/sidecar/chat-session.ts:40
		const parsed = JSON.parse(readFileSync(path, "utf8").trim()) as

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b66704b48bdf90d5 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/chat-test.ts:110
					apiKey: process.env.CLINE_API_KEY || "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b68ff0fe5e039338 Filesystem access.
repo/apps/examples/desktop-app/sidecar/commands.ts:97
	const parsed = JSON.parse(readFileSync(settingsPath, "utf8")) as JsonRecord;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0dbb814707ba7b40 Filesystem access.
repo/apps/examples/desktop-app/sidecar/commands.ts:555
					const raw = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c308f3d8dff3673b Filesystem access.
repo/apps/examples/desktop-app/sidecar/context.ts:60
	writeFileSync(path, `${JSON.stringify({ ts, stream, chunk })}\n`, {
		flag: "a",
	});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f22a7a88471d3bf Environment-variable access.
repo/apps/examples/desktop-app/sidecar/marketplace.ts:88
	process.env.CLINE_MARKETPLACE_CATALOG_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c7286da6a9e56ef Environment-variable access.
repo/apps/examples/desktop-app/sidecar/marketplace.ts:458
	const wrapperPath = process.env.CLINE_WRAPPER_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c9c09d65e41e6947 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/marketplace.ts:610
		process.env.HOME?.trim() || process.env.USERPROFILE?.trim() || osHomedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #56e9211196377441 Filesystem access.
repo/apps/examples/desktop-app/sidecar/marketplace.ts:662
		writeFileSync(probePath, "", { flag: "wx" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3b957955c34e8d43 Filesystem access.
repo/apps/examples/desktop-app/sidecar/mcp.ts:11
	const parsed = JSON.parse(readFileSync(settingsPath, "utf8")) as JsonRecord;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ceb59edc890dae19 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/paths.ts:39
	return process.env.CLINE_SESSION_DATA_DIR?.trim() || resolveSessionDataDir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5c702bbcd006e9a1 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/paths.ts:63
		process.env.CLINE_TOOL_APPROVAL_DIR?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ed8de486293995b5 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/paths.ts:74
		process.env.CLINE_MCP_SETTINGS_PATH?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #82f28f28678cb226 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/paths.ts:85
		process.env.CLINE_KANBAN_DATA_DIR?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5335c5fab7752150 Filesystem access.
repo/apps/examples/desktop-app/sidecar/paths.ts:143
		return JSON.parse(readFileSync(path, "utf8")) as JsonRecord;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c1cad74bade63005 Filesystem access.
repo/apps/examples/desktop-app/sidecar/paths.ts:155
	writeFileSync(path, `${JSON.stringify(manifest, null, 2)}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8eb95e8643be6e88 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/server.ts:21
const EXTRA_TRUSTED_ORIGINS = (process.env.CLINE_SIDECAR_TRUSTED_ORIGINS ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #64ddae7482c26117 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/session-data/artifacts.ts:8
	const envPath = process.env.CLINE_HOOKS_LOG_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0dcb171b5ddde09c Environment-variable access.
repo/apps/examples/desktop-app/sidecar/session-data/artifacts.ts:11
		process.env.CLINE_DATA_DIR?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #654e55031fbb3ecd Environment-variable access.
repo/apps/examples/desktop-app/sidecar/session-data/artifacts.ts:12
		join(process.env.HOME ?? process.env.USERPROFILE ?? "", ".cline", "data");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f37193058456da82 Filesystem access.
repo/apps/examples/desktop-app/sidecar/session-data/artifacts.ts:24
	const raw = await readFile(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #774e686d573b7fd5 Filesystem access.
repo/apps/examples/desktop-app/sidecar/session-data/messages.ts:130
		const parsed = JSON.parse(readFileSync(path, "utf8")) as

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5cb90fe7f37e439f Filesystem access.
repo/apps/examples/desktop-app/sidecar/session-data/messages.ts:531
	writeFileSync(
		writePath,
		JSON.stringify(
			{
				messages: persistedMessages,
				ts: nowMs(),
			},
			null,
			2,
		),
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #05a3e59accdf75e1 Environment-variable access.
repo/apps/examples/desktop-app/sidecar/types.ts:117
export const SIDECAR_PORT = Number(process.env.CLINE_SIDECAR_PORT) || 3126;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f224b540d03dc69d Environment-variable access.
repo/apps/examples/desktop-app/sidecar/types.ts:121
	process.env.CLINE_SIDECAR_HOST?.trim() || "127.0.0.1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e04b292f47a2a717 Environment-variable access.
repo/apps/examples/desktop-app/webview/app/api/marketplace/catalog/route.ts:2
	process.env.CLINE_MARKETPLACE_CATALOG_URL?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #77feb9b06abe185b User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Non-production path — not application runtime.
repo/apps/examples/desktop-app/webview/app/api/marketplace/catalog/route.ts:21 · flow /tmp/closeopen-epgogze_/repo/apps/examples/desktop-app/webview/app/api/marketplace/catalog/route.ts:2 → /tmp/closeopen-epgogze_/repo/apps/examples/desktop-app/webview/app/api/marketplace/catalog/route.ts:21
		const response = await fetch(MARKETPLACE_CATALOG_URL, {
			headers: { Accept: "application/json" },
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs test-only #9d7e9468c80fa0ca Environment-variable access.
repo/apps/examples/desktop-app/webview/components/views/chat/chat-messages.tsx:91
const IS_DEBUG = process.env.NODE_ENV === "test";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ae4a08200d6f2997 Environment-variable access.
repo/apps/examples/desktop-app/webview/hooks/chat-session/constants.ts:27
	apiKey: process.env.CLINE_API_KEY || "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #cc1fdf3c3ee89a40 Environment-variable access.
repo/apps/examples/desktop-app/webview/lib/desktop-client.ts:70
	const envEndpoint = process.env.NEXT_PUBLIC_SIDECAR_WS_ENDPOINT?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/menubar

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #0c5ab3bc4ddfac4d Environment-variable access.
repo/apps/examples/menubar/scripts/build-sidecar-bin.ts:4
	const fromEnv = process.env.TAURI_ENV_TARGET_TRIPLE ?? process.env.TARGET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #857dfa9faa839d16 Environment-variable access.
repo/apps/examples/menubar/sidecar/index.ts:406
		if (process.env[key]?.trim()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/multi-agent

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #04df7bca7afe60c0 Environment-variable access.
repo/apps/examples/multi-agent/src/index.ts:4
const PORT = Number(process.env.PORT || 3456);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59555a40c0329589 Environment-variable access.
repo/apps/examples/multi-agent/src/index.ts:1055
		apiKey: process.env.CLINE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/quickstart

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only #8df441de65342811 Environment-variable access.
repo/apps/examples/quickstart/src/index.ts:6
	apiKey: process.env.CLINE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/vscode

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only #638976b7187ed8c2 Environment-variable access.
repo/apps/examples/vscode/src/extension.ts:758
		const devServerUrl = process.env.VITE_DEV_SERVER_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8d15824b174aa463 Filesystem access.
repo/apps/examples/vscode/src/extension.ts:799
		const buffer = await vscode.workspace.fs.readFile(
			vscode.Uri.file(indexPath),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/examples/vscode/src/webview

npm first-party
expand_more 1 low-confidence finding(s)
low egress test-only #e21f4077452bbcaa Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/examples/vscode/src/webview/src/components/ai-elements/open-in-chat.tsx:65
			const url = new URL("https://cursor.com/link/prompt");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): apps/vscode/testing-platform

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #21af753104f2c954 Filesystem access.
repo/apps/vscode/testing-platform/harness/utils.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83ee98ffeb09fc0f Filesystem access.
repo/apps/vscode/testing-platform/harness/utils.ts:7
	return JSON.parse(fs.readFileSync(path.resolve(filePath), "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #731cca6494816c5c Filesystem access.
repo/apps/vscode/testing-platform/index.ts:3
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a621e275fc0ff4a9 Environment-variable access.
repo/apps/vscode/testing-platform/index.ts:12
const STANDALONE_GRPC_SERVER_PORT = process.env.STANDALONE_GRPC_SERVER_PORT || "26040"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd0881abc7be45c5 Filesystem access.
repo/apps/vscode/testing-platform/index.ts:33
	fs.writeFileSync(specPath, JSON.stringify(spec, null, 2) + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): sdk/examples

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs test-only #ef45ed58bac96b88 Environment-variable access.
repo/sdk/examples/hooks/PreToolUse_ModifyInput.ts:38
	const home = process.env.HOME || process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #20774c5536542f26 Environment-variable access.
repo/sdk/examples/plugins/automation-events.ts:57
		const intervalMs = Number(process.env.CLINE_LOCAL_EVENT_INTERVAL_MS ?? 0);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bb29d9f93e209ba4 Environment-variable access.
repo/sdk/examples/plugins/background-terminal.ts:59
const DEFAULT_SHELL = process.env.SHELL || "/bin/zsh";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e10e5f5f033062f2 Environment-variable access.
repo/sdk/examples/plugins/background-terminal.ts:61
	process.env.CLINE_DATA_DIR || join(homedir(), ".cline", "data");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7949f570a29e74fa Filesystem access.
repo/sdk/examples/plugins/background-terminal.ts:118
	return existsSync(path) ? readFileSync(path, "utf8") : "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a1e0d0848b44de75 Filesystem access.
repo/sdk/examples/plugins/background-terminal.ts:132
	writeFileSync(
		record.metaPath,
		`${JSON.stringify(record, null, 2)}\n`,
		"utf8",
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8f9d946efccfc6d5 Filesystem access.
repo/sdk/examples/plugins/background-terminal.ts:145
	return /** @type {JobRecord} */ (JSON.parse(readFileSync(path, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7f07fca1a9373a32 Filesystem access.
repo/sdk/examples/plugins/typescript-lsp/index.ts:79
			const content = ts.sys.readFile(fileName);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0dc0fe446ef5cd9c Environment-variable access.
repo/sdk/examples/plugins/web-search.ts:64
	const value = process.env[name]?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only #6f7b0d2e615110df Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/examples/plugins/web-search.ts:218
	const response = await fetch(EXA_SEARCH_ENDPOINT, {
		method: "POST",
		headers: {
			"x-api-key": apiKey,
			"Content-Type": "application/json",
		},
		body: JSON.stringify(body),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): sdk/examples/plugins/agents-squad

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs test-only #0d8608ff8e195ad1 Environment-variable access.
repo/sdk/examples/plugins/agents-squad/index.ts:61
	const explicitDir = process.env.CLINE_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #48923d5cc5e36837 Environment-variable access.
repo/sdk/examples/plugins/agents-squad/index.ts:69
	const explicitDir = process.env.CLINE_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c0fbfe52557291e1 Environment-variable access.
repo/sdk/examples/plugins/agents-squad/index.ts:97
	process.env[key]?.trim() || fallback;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ce59d1b469ce4c7d Filesystem access.
repo/sdk/examples/plugins/agents-squad/index.ts:221
				readFileSync(join(dirPath, entry.name), "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2d83d59c5a4cc5d0 Filesystem access.
repo/sdk/examples/plugins/agents-squad/index.ts:771
						writeFileSync(filePath, input.content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #92282e9cb19c8d71 Filesystem access.
repo/sdk/examples/plugins/agents-squad/index.ts:793
							content: readFileSync(filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): sdk/packages/llms

npm first-party
expand_more 93 low-confidence finding(s)
low env_fs production #46bf8085af9cf576 Filesystem access.
repo/sdk/packages/llms/scripts/fix-esm-imports.ts:59
	const content = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cac43bee4befc0f Filesystem access.
repo/sdk/packages/llms/scripts/fix-esm-imports.ts:83
		writeFileSync(filePath, rewritten, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #027f8178706bb0bd Filesystem access.
repo/sdk/packages/llms/scripts/generate-models.ts:143
	writeFileSync(outputPath, output, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89134e654af8ea1c Environment-variable access.
repo/sdk/packages/llms/src/providers/builtins.test.ts:15
	const originalEnvironment = process.env[CLINE_ENVIRONMENT_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e208a0c94cdee56 Environment-variable access.
repo/sdk/packages/llms/src/providers/builtins.test.ts:18
		delete process.env[CLINE_ENVIRONMENT_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8385a294fb1b34bd Environment-variable access.
repo/sdk/packages/llms/src/providers/builtins.test.ts:23
			delete process.env[CLINE_ENVIRONMENT_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b18b12a7ca79b405 Environment-variable access.
repo/sdk/packages/llms/src/providers/builtins.test.ts:25
			process.env[CLINE_ENVIRONMENT_ENV] = originalEnvironment;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #535bd3d7c95d02f6 Environment-variable access.
repo/sdk/packages/llms/src/providers/builtins.test.ts:36
		process.env[CLINE_ENVIRONMENT_ENV] = "staging";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4615ba52f939cb9e Environment-variable access.
repo/sdk/packages/llms/src/providers/builtins.test.ts:41
		process.env[CLINE_ENVIRONMENT_ENV] = "local";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c66ba43e7e985a0 Environment-variable access.
repo/sdk/packages/llms/src/providers/builtins.test.ts:46
		delete process.env[CLINE_ENVIRONMENT_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bb2a9302b932fef Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:129
const originalOpenRouterApiKey = process.env.OPENROUTER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12b3e7c89e269b43 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:131
	process.env.CLINE_CAPTURE_PROVIDER_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98531e7ab1c0375c Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:132
const originalCaptureWire = process.env.CLINE_CAPTURE_WIRE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4c2a76c0114e893 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:133
const originalCaptureDir = process.env.CLINE_CAPTURE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45d891f03e104c4a Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:134
const originalCaptureDataDir = process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe23c12660322314 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:136
	process.env.CLINE_CAPTURE_MAX_PREVIEW_BYTES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59ec2064cc8f2077 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:137
const originalCaptureCleanup = process.env.CLINE_CAPTURE_CLEANUP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0d8cb4188c643b0 Filesystem access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:145
				JSON.parse(readFileSync(join(dir, file), "utf8")) as Record<

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d231c7039b4acdc Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:183
			delete process.env.OPENROUTER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40e26a99dd531d0d Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:185
			process.env.OPENROUTER_API_KEY = originalOpenRouterApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4a6a4a878367dcfd Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:188
			delete process.env.CLINE_CAPTURE_PROVIDER_REQUEST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5aa975e570deabee Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:190
			process.env.CLINE_CAPTURE_PROVIDER_REQUEST =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3ec009210167f0d Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:194
			delete process.env.CLINE_CAPTURE_WIRE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31b8710e24bf563c Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:196
			process.env.CLINE_CAPTURE_WIRE = originalCaptureWire;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e84ee15bfff6760f Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:199
			delete process.env.CLINE_CAPTURE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #745597c535b76e6d Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:201
			process.env.CLINE_CAPTURE_DIR = originalCaptureDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54d7e86b9f6312e5 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:204
			delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a538b3c473eb266 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:206
			process.env.CLINE_DATA_DIR = originalCaptureDataDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3db2d138fc70208e Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:209
			delete process.env.CLINE_CAPTURE_MAX_PREVIEW_BYTES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba32d295999c9c50 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:211
			process.env.CLINE_CAPTURE_MAX_PREVIEW_BYTES =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f13356221ef056c Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:215
			delete process.env.CLINE_CAPTURE_CLEANUP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c690083671b6565 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:217
			process.env.CLINE_CAPTURE_CLEANUP = originalCaptureCleanup;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f10510c3dbe894b7 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:754
		process.env.OPENROUTER_API_KEY = "env-openrouter-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5ffe996a8bf7027 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3668
		process.env.OPENROUTER_API_KEY = "env-openrouter-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f545fb31ae7f4ffb Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3813
		process.env.CLINE_CAPTURE_PROVIDER_REQUEST = "summary";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62272cbb71771480 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3814
		process.env.CLINE_CAPTURE_DIR = captureDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1e3f8ac8f441ef0f Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3886
		process.env.CLINE_CAPTURE_PROVIDER_REQUEST = "summary";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #340fb4600de91daf Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3887
		process.env.CLINE_CAPTURE_DIR = captureDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170d25b569bbac10 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3916
		process.env.CLINE_CAPTURE_PROVIDER_REQUEST = "full";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42f1ef4e6b20d5b5 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3917
		process.env.CLINE_CAPTURE_DIR = captureDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #871e56ae23efc763 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3918
		process.env.CLINE_CAPTURE_MAX_PREVIEW_BYTES = "24";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b01cbf8cce9a36ea Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3959
		process.env.CLINE_CAPTURE_PROVIDER_REQUEST = "summary";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60fda4791c564802 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3960
		delete process.env.CLINE_CAPTURE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91f326242f446077 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:3961
		delete process.env.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74486f2d134fe21c Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4370
		process.env.CLINE_CAPTURE_PROVIDER_REQUEST = "summary";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c07ac37677f9440 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4371
		process.env.CLINE_CAPTURE_WIRE = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41c62fb4ff2cd435 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4372
		process.env.CLINE_CAPTURE_DIR = captureDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dfa08438bf458b71 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4437
		process.env.CLINE_CAPTURE_PROVIDER_REQUEST = "summary";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5708bf9a50993ac Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4438
		process.env.CLINE_CAPTURE_WIRE = "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a271b2d87ca242f Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4439
		process.env.CLINE_CAPTURE_DIR = captureDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1fe67b4fe6cf2e2 Filesystem access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4494
		writeFileSync(oldFile, "{}\n", { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f14904d15db8f56e Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4497
		process.env.CLINE_CAPTURE_PROVIDER_REQUEST = "summary";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #048edb1c6c0b880e Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4498
		process.env.CLINE_CAPTURE_DIR = captureDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca48ce698079aae Filesystem access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4521
		writeFileSync(keepFile, "{}\n", { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9088584bf252400 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4523
		process.env.CLINE_CAPTURE_DIR = keepDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a00470e18a5bdb00 Environment-variable access.
repo/sdk/packages/llms/src/providers/gateway.test.ts:4524
		process.env.CLINE_CAPTURE_CLEANUP = "off";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a63079d15e1dc005 Environment-variable access.
repo/sdk/packages/llms/src/providers/provider-request-capture.ts:26
	const raw = process.env.CLINE_CAPTURE_PROVIDER_REQUEST?.trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce50afeca1f72c98 Environment-variable access.
repo/sdk/packages/llms/src/providers/provider-request-capture.ts:34
	return process.env.CLINE_CAPTURE_WIRE?.trim().toLowerCase() === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6313afd96bf6850d Environment-variable access.
repo/sdk/packages/llms/src/providers/provider-request-capture.ts:38
	const parsed = Number(process.env.CLINE_CAPTURE_MAX_PREVIEW_BYTES);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a931054163a49f79 Environment-variable access.
repo/sdk/packages/llms/src/providers/provider-request-capture.ts:45
	return process.env.CLINE_CAPTURE_CLEANUP?.trim().toLowerCase() !== "off";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39141f1605fe68e6 Environment-variable access.
repo/sdk/packages/llms/src/providers/provider-request-capture.ts:49
	const explicit = process.env.CLINE_CAPTURE_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b72baf98c287488a Environment-variable access.
repo/sdk/packages/llms/src/providers/provider-request-capture.ts:53
	const dataDir = process.env.CLINE_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #824de784b3d701ee Filesystem access.
repo/sdk/packages/llms/src/providers/provider-request-capture.ts:291
		writeFileSync(tmpPath, `${safeStringify({ ...record, attempt })}\n`, {
			encoding: "utf8",
			mode: 0o600,
		});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e316a961c3abf4e2 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/bedrock.test.ts:79
		process.env.AWS_BEARER_TOKEN_BEDROCK = "env-bearer-token";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f7e734994bbb50c Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/bedrock.test.ts:174
		process.env.AWS_REGION = "us-west-2";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40b5d0957e9aa9ee Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/bedrock.test.ts:175
		process.env.AWS_ACCESS_KEY_ID = "env-access-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #563aab87e9225cba Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/bedrock.test.ts:176
		process.env.AWS_SECRET_ACCESS_KEY = "env-secret-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79db0b005a513472 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/bedrock.ts:147
		const value = readOptionalString(process.env[key]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77b4eea9700bb756 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/bedrock.ts:153
	return readOptionalString(process.env.AWS_BEARER_TOKEN_BEDROCK);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9758d65b96387f5e Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:4
const originalServiceKey = process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7424a2f7e9c25dda Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:17
			delete process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52348924b729f1c5 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:19
			process.env.AICORE_SERVICE_KEY = originalServiceKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9ad740e3c0ce8a8 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:24
		process.env.AICORE_SERVICE_KEY = "existing-service-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbdb8c810c8e7d7a Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:45
		expect(process.env.AICORE_SERVICE_KEY).toBe("existing-service-key");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #257e0b2f13073adc Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:54
		process.env.AICORE_SERVICE_KEY = "existing-service-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #554d15e01a068c2d Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:71
			observedServiceKey = process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #029a93759b3bac71 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:84
		expect(process.env.AICORE_SERVICE_KEY).toBe("existing-service-key");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a949a384c4010807 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:88
		process.env.AICORE_SERVICE_KEY = "existing-service-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3dd3dd2c0c33702 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:125
			firstServiceKey = process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24932f490325c877 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:128
			firstServiceKeyBeforeReturn = process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8add345440bd729e Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:133
			secondServiceKey = process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28c5d72d4f0f6d75 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.test.ts:158
		expect(process.env.AICORE_SERVICE_KEY).toBe("existing-service-key");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3086f066878bf7de Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.ts:201
	const previous = process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdc7b4fe59147fd3 Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.ts:202
	process.env.AICORE_SERVICE_KEY = serviceKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9a1809c555e9dee Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.ts:219
		delete process.env.AICORE_SERVICE_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53fcca3e0ab7247b Environment-variable access.
repo/sdk/packages/llms/src/providers/vendors/community.ts:222
	process.env.AICORE_SERVICE_KEY = previous;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2451460df8b970a9 Environment-variable access.
repo/sdk/packages/llms/src/services/langfuse-telemetry.test.ts:61
		process.env.LANGFUSE_BASE_URL = "https://langfuse.example";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e23ee87c71f14739 Environment-variable access.
repo/sdk/packages/llms/src/services/langfuse-telemetry.test.ts:62
		process.env.LANGFUSE_PUBLIC_KEY = "public-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3e4774bba38171a Environment-variable access.
repo/sdk/packages/llms/src/services/langfuse-telemetry.test.ts:63
		process.env.LANGFUSE_SECRET_KEY = "secret-key";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc56323ecbe792c6 Environment-variable access.
repo/sdk/packages/llms/src/services/langfuse-telemetry.test.ts:67
		delete process.env.LANGFUSE_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c15da82cc6d90ba8 Environment-variable access.
repo/sdk/packages/llms/src/services/langfuse-telemetry.test.ts:68
		delete process.env.LANGFUSE_PUBLIC_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #677507292d0b16fc Environment-variable access.
repo/sdk/packages/llms/src/services/langfuse-telemetry.test.ts:69
		delete process.env.LANGFUSE_SECRET_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2a0fd74b03b331e Environment-variable access.
repo/sdk/packages/llms/src/services/langfuse-telemetry.ts:176
	const raw = process.env[LANGFUSE_DEBUG_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): sdk/packages/shared

npm first-party
expand_more 143 low-confidence finding(s)
low egress production #f6271a01781e891d Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/llms/ai-sdk-format.test.ts:888
					{ type: "image", image: new URL("https://example.com/a.png") },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #27711ca4204b03e0 Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/llms/ai-sdk-format.test.ts:889
					{ type: "image", image: new URL("https://example.com/b.png") },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #686d009580096ab8 Filesystem access.
repo/sdk/packages/shared/src/remote-config/artifact-store.ts:24
				await fs.readFile(this.filePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8216434f8e647fed Filesystem access.
repo/sdk/packages/shared/src/remote-config/artifact-store.ts:36
		await fs.writeFile(this.filePath, JSON.stringify(bundle, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dae500e03450ebdd Filesystem access.
repo/sdk/packages/shared/src/remote-config/artifact-store.ts:49
		await fs.writeFile(filePath, contents, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e06b87d57328ea0d Filesystem access.
repo/sdk/packages/shared/src/remote-config/runtime.test.ts:52
			fs.readFile(prepared.paths.rulesFilePath, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f386f62a6a097004 Filesystem access.
repo/sdk/packages/shared/src/remote-config/runtime.test.ts:55
			fs.readFile(
				path.join(prepared.paths.workflowsPath, "managed-workflow.md"),
				"utf8",
			),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91d0c427b140671a Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:18
	ENV_KEYS.map((key) => [key, process.env[key]]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3016df313925433f Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:24
		delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08ca4fb2db8d0f6b Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:33
			process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #529def4c2130c566 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:35
			delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1d97ebb290af7b1 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:46
		process.env[CLINE_ENVIRONMENT_ENV] = "staging";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db017eb5fd23c4ef Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:49
		process.env[CLINE_ENVIRONMENT_ENV] = "local";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93686e0540b62ff9 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:54
		process.env[CLINE_ENVIRONMENT_OVERRIDE_ENV] = "local";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55431e6a9beda8f5 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:55
		process.env[CLINE_ENVIRONMENT_ENV] = "staging";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b8b3c53d95ae02f Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:61
		process.env[CLINE_ENVIRONMENT_ENV] = "  STAGING  ";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5db4178badc8da63 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:67
		process.env[CLINE_ENVIRONMENT_OVERRIDE_ENV] = "qa";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #138d227b9e49dedb Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:68
		process.env[CLINE_ENVIRONMENT_ENV] = "staging";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #101e6b4260bdc203 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:71
		delete process.env[CLINE_ENVIRONMENT_OVERRIDE_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f9674e9f87e6ef0 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:72
		process.env[CLINE_ENVIRONMENT_ENV] = "qa";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #526185557aa26490 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:99
		process.env[CLINE_ENVIRONMENT_ENV] = "staging";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25565fbec559c8a5 Environment-variable access.
repo/sdk/packages/shared/src/runtime/cline-environment.test.ts:105
		process.env.CLINE_API_BASE_URL = "http://127.0.0.1:3000";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ee81164a0f175602 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:17
			process.env.OTEL_TELEMETRY_ENABLED === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63f5e3d221e8d64d Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:18
			process.env.OTEL_TELEMETRY_ENABLED === "true",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb2554a7319c137c Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:19
		metricsExporter: process.env.OTEL_METRICS_EXPORTER || "otlp",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff30c6e7bbca07b3 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:20
		logsExporter: process.env.OTEL_LOGS_EXPORTER || "otlp",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a58f7d90405e5246 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:21
		tracesExporter: process.env.OTEL_TRACES_EXPORTER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a57d679b4ca79c14 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:22
		otlpProtocol: process.env.OTEL_EXPORTER_OTLP_PROTOCOL || "http/json",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a19d8d8abcee87c0 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:23
		otlpEndpoint: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53d37228c6b83470 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:24
		metricExportInterval: process.env.OTEL_METRIC_EXPORT_INTERVAL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c0a2020e58255f6 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:25
			? Number.parseInt(process.env.OTEL_METRIC_EXPORT_INTERVAL, 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aacf38315ad1ce36 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:27
		otlpHeaders: process.env.OTEL_EXPORTER_OTLP_HEADERS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c32d3168a330dc0 Environment-variable access.
repo/sdk/packages/shared/src/services/telemetry-config.ts:28
			? parseKeyPairsIntoRecord(process.env.OTEL_EXPORTER_OTLP_HEADERS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #864d1305889ec16b Filesystem access.
repo/sdk/packages/shared/src/storage/path-resolution.test.ts:11
		writeFileSync(filePath, "hi");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d27c58e945bc960 Filesystem access.
repo/sdk/packages/shared/src/storage/path-resolution.test.ts:28
		writeFileSync(join(dir, onDisk), "hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8884160d19c3f2d2 Filesystem access.
repo/sdk/packages/shared/src/storage/path-resolution.test.ts:37
		writeFileSync(join(dir, onDisk), "hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0aee7a957a9851f5 Filesystem access.
repo/sdk/packages/shared/src/storage/path-resolution.test.ts:48
		writeFileSync(join(dir, onDisk), "hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2175a226b2296fa Filesystem access.
repo/sdk/packages/shared/src/storage/path-resolution.test.ts:59
		writeFileSync(join(dir, onDisk), "hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c23f8694120325f8 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:14
		HOME: process.env.HOME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea482dc8cbb024cc Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:15
		USERPROFILE: process.env.USERPROFILE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95f3c34ae587b901 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:16
		HOMEDRIVE: process.env.HOMEDRIVE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8caf9415625442a Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:17
		HOMEPATH: process.env.HOMEPATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efc7659929e0c308 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:18
		CLINE_DIR: process.env.CLINE_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93697cc4feededb Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:23
	process.env.HOME = snapshot.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0faa568120d4b7c Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:24
	process.env.USERPROFILE = snapshot.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d79b2c3c060b1999 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:25
	process.env.HOMEDRIVE = snapshot.HOMEDRIVE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecd318470a73b5f9 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:26
	process.env.HOMEPATH = snapshot.HOMEPATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cbab1f69cd3d5d71 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:27
	process.env.CLINE_DIR = snapshot.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #365c8941955994f9 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:40
		delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dde1cc194a70eee8 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:41
		process.env.USERPROFILE = "C:\\Users\\saoud";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36d6faeb66c9555f Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:42
		delete process.env.HOMEDRIVE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf2ffe324a09fa7b Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:43
		delete process.env.HOMEPATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dd93fc5dad827e6 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:44
		delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acf6edeb5cd5155b Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:52
		process.env.HOME = "~";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7afad2cc09ca99a6 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:53
		process.env.USERPROFILE = "C:\\Users\\saoud";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa046ea4b3d818c2 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:54
		delete process.env.HOMEDRIVE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28da1dc84dffae86 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:55
		delete process.env.HOMEPATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #297a3ed718ec9f57 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.home-dir.test.ts:56
		delete process.env.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1570af9bf2cbd431 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:40
		CLINE_DIR: process.env.CLINE_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #649f10cab018907f Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:41
		CLINE_DATA_DIR: process.env.CLINE_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81ba0f37a11103d8 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:42
		CLINE_CONNECTOR_DATA_DIR: process.env.CLINE_CONNECTOR_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c0feb5dc54da5c3 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:43
		CLINE_CONNECTOR_SETTINGS_PATH: process.env.CLINE_CONNECTOR_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ac9491e0a007a72 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:44
		CLINE_DB_DATA_DIR: process.env.CLINE_DB_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b11efbd0317eb917 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:45
		CLINE_GLOBAL_SETTINGS_PATH: process.env.CLINE_GLOBAL_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #489ece1ae2b9c649 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:46
		CLINE_MCP_SETTINGS_PATH: process.env.CLINE_MCP_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a21e80959dc0f7ad Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:47
		CLINE_PROVIDER_SETTINGS_PATH: process.env.CLINE_PROVIDER_SETTINGS_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9cd9a48a47536b4e Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:48
		CLINE_SESSION_DATA_DIR: process.env.CLINE_SESSION_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5d9d4edc9832e0c Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:49
		CLINE_TEAM_DATA_DIR: process.env.CLINE_TEAM_DATA_DIR,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac4ea247dd1b56fd Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:54
	process.env.CLINE_DATA_DIR = snapshot.CLINE_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40a38077a19ec2c2 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:55
	process.env.CLINE_CONNECTOR_DATA_DIR = snapshot.CLINE_CONNECTOR_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5063245dc112ebc1 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:56
	process.env.CLINE_CONNECTOR_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdb1f7dfd0769ade Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:58
	process.env.CLINE_DIR = snapshot.CLINE_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9145b32fc838d96 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:59
	process.env.CLINE_DB_DATA_DIR = snapshot.CLINE_DB_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e6253aa8b4e4d40 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:60
	process.env.CLINE_GLOBAL_SETTINGS_PATH = snapshot.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #259082745c93b784 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:61
	process.env.CLINE_MCP_SETTINGS_PATH = snapshot.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e72f6fc97719e9c4 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:62
	process.env.CLINE_PROVIDER_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c11aa1db2a31338 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:64
	process.env.CLINE_SESSION_DATA_DIR = snapshot.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40f65b839ab9dbd8 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:65
	process.env.CLINE_TEAM_DATA_DIR = snapshot.CLINE_TEAM_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72d4614c89f7e136 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:77
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93c4182b75c81f48 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:84
		delete process.env.CLINE_SESSION_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffb7618a270d3fb1 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:85
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #274fe093ba0dc8d0 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:92
		delete process.env.CLINE_TEAM_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d51ae34095e5d679 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:93
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52dce57d9e74f6e4 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:100
		delete process.env.CLINE_CONNECTOR_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f4188163699da76 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:101
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e5afb50084b8ed7 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:110
		delete process.env.CLINE_CONNECTOR_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67098afaf69a4c7b Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:111
		delete process.env.CLINE_CONNECTOR_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4186d2560e3999da Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:112
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b66b1bb4bdbfa02b Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:121
		process.env.CLINE_CONNECTOR_SETTINGS_PATH =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #353a363cf776b963 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:131
		delete process.env.CLINE_DB_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #533c1fcc85e27946 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:132
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1bbb7642dac1462 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:139
		delete process.env.CLINE_PROVIDER_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b544fe7f42046f32 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:140
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9d3a6e76a35c5be Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:149
		delete process.env.CLINE_GLOBAL_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86567101c84edc8f Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:150
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bfc1bbe7ae626e9 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:159
		delete process.env.CLINE_MCP_SETTINGS_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09393edc47f504d5 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:160
		process.env.CLINE_DATA_DIR = "/tmp/cline-data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e82f765e0f7b5ce Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:169
		process.env.CLINE_DIR = "/tmp/home/.cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41a3a24acce423be Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:178
		process.env.CLINE_DIR = "/tmp/home/.cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a65e4e5df0f64e7 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:179
		process.env.CLINE_DATA_DIR = "/tmp/home/.cline/data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01211c4b48940362 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:193
		process.env.CLINE_DIR = "/tmp/home/.cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #453bde5f5d6d67ee Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:194
		process.env.CLINE_DATA_DIR = "/tmp/home/.cline/data";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85231606e81faf25 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.test.ts:209
		process.env.CLINE_DIR = "/tmp/home/.cline";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12ba3144f9538222 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:100
	const envDir = process.env.CLINE_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12db63dfe06a64e7 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:125
	const explicitDir = process.env.CLINE_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5364cbbc4aaff86b Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:133
	const explicitDir = process.env.CLINE_SESSION_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a0b0f7d969dea9a Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:141
	const explicitDir = process.env.CLINE_TEAM_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d97d9dbce1747eb Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:149
	const explicitDir = process.env.CLINE_CONNECTOR_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12f3a8cb3eadc017 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:157
	const explicitPath = process.env.CLINE_CONNECTOR_SETTINGS_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #532632aff0bc8d45 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:165
	const explicitDir = process.env.CLINE_DB_DATA_DIR?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d1f5ce044667176 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:178
	const explicitPath = process.env.CLINE_CRON_DB_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a68dbde8d2bc7e2 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:280
	const explicitPath = process.env.CLINE_PROVIDER_SETTINGS_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c965817a4be5ee16 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:288
	const explicitPath = process.env.CLINE_GLOBAL_SETTINGS_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c0668b8658f45d2 Environment-variable access.
repo/sdk/packages/shared/src/storage/paths.ts:296
	const explicitPath = process.env.CLINE_MCP_SETTINGS_PATH?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #186f76f8e76d7103 Filesystem access.
repo/sdk/packages/shared/src/storage/paths.ts:442
		const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e40f103d6d5d73b9 Filesystem access.
repo/sdk/packages/shared/src/vcr.test.ts:20
	return JSON.parse(readFileSync(filePath, "utf8")) as VcrRecording[];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88de7c48cfad2d91 Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:35
		process.env.CLINE_VCR_CASSETTE = cassettePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f90d6492d6b57a65 Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:36
		process.env.CLINE_VCR_INCLUDE_REQUEST_BODY = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2aa089ada34bad9c Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/vcr.test.ts:46
		const response = await fetch("https://api.example.test/v1/chat", {
			method: "POST",
			body: JSON.stringify({
				model: "test-model",
				api_key: "secret",
				accessToken: "oauth-secret",
				z: 2,
				a: 1,
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f1433e37e818f409 Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:69
		process.env.CLINE_VCR_CASSETTE = cassettePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb7c9fb99c9ad24e Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:70
		process.env.CLINE_VCR_INCLUDE_REQUEST_BODY = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dc19e3d266476647 Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/vcr.test.ts:80
		const response = await fetch("https://api.example.test/v1/token", {
			method: "POST",
			headers: {
				"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
			},
			body: "access_token=secret&model=test-model&tag=one&tag=two",
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e7357315c3184108 Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:99
		process.env.CLINE_VCR_CASSETTE = cassettePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c342c70a24f10392 Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:100
		process.env.CLINE_VCR_INCLUDE_REQUEST_BODY = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #793eb328d158c15a Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/vcr.test.ts:110
		const response = await fetch("https://api.example.test/v1/upload", {
			method: "POST",
			body: "dGVzdA==",
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #10abc33a07c52589 Filesystem access.
repo/sdk/packages/shared/src/vcr.test.ts:134
		writeFileSync(cassettePath, JSON.stringify([recording], null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc3ea76351a4127e Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:135
		process.env.CLINE_VCR_CASSETTE = cassettePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7d4151f12bebdcb1 Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/vcr.test.ts:139
		const response = await fetch("https://api.example.test/v1/chat", {
			method: "POST",
			body: JSON.stringify({
				model: "test-model",
				api_key: "runtime-secret",
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #2bc6c77588a68c18 Filesystem access.
repo/sdk/packages/shared/src/vcr.test.ts:161
		writeFileSync(cassettePath, JSON.stringify([recording], null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cc0146cb5c0fd23 Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:162
		process.env.CLINE_VCR_CASSETTE = cassettePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f1e2671b468738f5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/vcr.test.ts:166
		const response = await fetch("https://api.example.test/v1/chat", {
			method: "POST",
			body: JSON.stringify({
				model: "changed-model",
				api_key: "runtime-secret",
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bfcc2c471f244135 Filesystem access.
repo/sdk/packages/shared/src/vcr.test.ts:189
		writeFileSync(cassettePath, JSON.stringify([recording], null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bec2a988930e558 Environment-variable access.
repo/sdk/packages/shared/src/vcr.test.ts:190
		process.env.CLINE_VCR_CASSETTE = cassettePath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d9cc0d9c5819aea7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/vcr.test.ts:196
			await fetch("https://api.example.test/v1/chat", {
				method: "POST",
				body: JSON.stringify({
					model: "other-model",
					api_key: "runtime-secret",
				}),
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dd4810ab2b583b1a Hardcoded external endpoint. Review what data is sent to this destination.
repo/sdk/packages/shared/src/vcr.test.ts:219
		const response = await fetch("https://api.example.test/v1/chat", {
			method: "POST",
			body: JSON.stringify({
				model: "test-model",
				api_key: "runtime-secret",
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f55ba8cfa4cd062a Environment-variable access.
repo/sdk/packages/shared/src/vcr.ts:458
	if (!process.env.CLINE_VCR_CASSETTE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #905eb9c60d5a81e4 Environment-variable access.
repo/sdk/packages/shared/src/vcr.ts:472
	const cassettePath = resolve(process.env.CLINE_VCR_CASSETTE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e33cc06f947e79a8 Environment-variable access.
repo/sdk/packages/shared/src/vcr.ts:473
	const filter = process.env.CLINE_VCR_FILTER ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44b5115f0abfcd0b Environment-variable access.
repo/sdk/packages/shared/src/vcr.ts:475
		process.env.CLINE_VCR_INCLUDE_REQUEST_BODY === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f3d7eccd5829fbc Environment-variable access.
repo/sdk/packages/shared/src/vcr.ts:476
		process.env.CLINE_VCR_INCLUDE_REQUEST_BODY === "true";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cea4e023d689688a Filesystem access.
repo/sdk/packages/shared/src/vcr.ts:652
		writeFileSync(cassettePath, JSON.stringify(sanitized, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8844e9736dcf7186 Filesystem access.
repo/sdk/packages/shared/src/vcr.ts:749
		readFileSync(cassettePath, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8efe68e3cebb69c7 Environment-variable access.
repo/sdk/packages/shared/src/vcr.ts:753
		process.env.CLINE_VCR_SSE_DELAY ?? "100",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@modelcontextprotocol/sdk

npm dependency
high pii_flow tooling Excluded from app score unknown #1afc72ee45e426ee User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:245 · flow /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215 → /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:245
        const response = await fetch(endpoint, {
            method: 'POST',
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded'
            },
            body: new URLSearchParams({
                token: token
            }).toString()
        });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow tooling Excluded from app score unknown #8993ed8fd6a47389 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:643 · flow /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621 → /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:643
            const response = await fetch(endpoint, {
                method: 'POST',
                headers: {
                    'Content-Type': 'application/x-www-form-urlencoded'
                },
                body: new URLSearchParams({
                    token: token
                }).toString()
            });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 18 low-confidence finding(s)
low egress tooling Excluded from app score unknown #fa00515712689fa5 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/scripts/fetch-spec-types.ts:16
    const response = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #91eab7602d92ac35 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/fetch-spec-types.ts:77
        writeFileSync(outputPath, fullContent, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9ea2680df023ed9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/client/stdio.ts:71
        const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6fad24507c0ebadd Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:26
const DEFAULT_SERVER_URL = process.env.MCP_SERVER_URL || 'http://localhost:3000/mcp';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #50cccabae8cae60a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:29
    const clientId = process.env.MCP_CLIENT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #52eacab184e9563e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:36
    const privateKeyPem = process.env.MCP_CLIENT_PRIVATE_KEY_PEM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #574b22099a272e58 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:38
        const algorithm = process.env.MCP_CLIENT_ALGORITHM || 'RS256';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #310060b9ae0c8769 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:48
    const clientSecret = process.env.MCP_CLIENT_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2aad63020d496491 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationFormExample.ts:350
    const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a2be2ecf444cd63c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #84772eb957b468f4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:216
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unknown #166baac3a45d96e7 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Same-origin destination — not external exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:681 · flow /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215 → /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:681
app.post('/mcp', authMiddleware, mcpPostHandler);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs tooling Excluded from app score unknown #c01363b35ad325bc Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/honoWebStandardStreamableHttp.ts:69
const PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #131961b718fdead9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8505cf79406be7cc Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:622
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unknown #74d768ade44fc642 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Same-origin destination — not external exfiltration.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:778 · flow /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621 → /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:778
    app.post('/mcp', authMiddleware, mcpPostHandler);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs tooling Excluded from app score unknown #248c14d68abac53f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleTaskInteractive.ts:448
const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 8000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b4c0a1d8e390c10 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/server/auth/router.ts:12
    process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === 'true' || process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

axios

npm dependency
high pii_flow dependency Excluded from app score #64f5c9b1084011ca User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/lib/adapters/http.js:971 · flow /tmp/closeopen-epgogze_/pkgs/npm/[email protected]/lib/adapters/http.js:833 → /tmp/closeopen-epgogze_/pkgs/npm/[email protected]/lib/adapters/http.js:971
      req = transport.request(options, function handleResponse(res) {
        clearConnectPhaseTimer();

        if (req.destroyed) return;

        const streams = [res];

        const responseLength = utils.toFiniteNumber(res.headers['content-length']);

        if (onDownloadProgress || maxDownloadRate) {
          const transformStream = new AxiosTransformStream({
            maxRate: utils.toFiniteNumber(maxDownloadRate),
          });

          onDownloadProgress &&
            transformStream.on(
              'progress',
              flushOnFinish(
                transformStream,
                progressEventDecorator(
                  responseLength,
                  progressEventReducer(asyncDecorator(onDownloadProgress), true, 3)
                )
              )
            );

          streams.push(transformStream);
        }

        // decompress the response body transparently if required
        let responseStream = res;

        // return the last request in case of redirects
        const lastRequest = res.req || req;

        // if decompress disabled we should not decompress
        if (config.decompress !== false && res.headers['content-encoding']) {
          // if no content, but headers still say that it is encoded,
          // remove the header not confuse downstream operations
          if (method === 'HEAD' || res.statusCode === 204) {
            delete res.headers['content-encoding'];
          }

          switch ((res.headers['content-encoding'] || '').toLowerCase()) {
            /*eslint default-case:0*/
            case 'gzip':
            case 'x-gzip':
            case 'compress':
            case 'x-compress':
              // add the unzipper to the body stream processing pipeline
              streams.push(zlib.createUnzip(zlibOptions));

              // remove the content-encoding in order to not confuse downstream operations
              delete res.headers['content-encoding'];
              break;
            case 'deflate':
              streams.push(new ZlibHeaderTransformStream());

              // add the unzipper to the body stream processing pipeline
              streams.push(zlib.createUnzip(zlibOptions));

              // remove the content-encoding in order to not confuse downstream operations
              delete res.headers['content-encoding'];
              break;
            case 'br':
              if (isBrotliSupported) {
                streams.push(zlib.createBrotliDecompress(brotliOptions));
                delete res.headers['content-encoding'];
              }
          }
        }

        responseStream = streams.length > 1 ? stream.pipeline(streams, utils.noop) : streams[0];

        const response = {
          status: res.statusCode,
          statusText: res.statusMessage,
          headers: new AxiosHeaders(res.headers),
          config,
          request: lastRequest,
        };

        if (responseType === 'stream') {
          // Enforce maxContentLength on streamed responses; previously this
          // was applied only to buffered responses.
          if (config.maxContentLength > -1) {
            const limit = config.maxContentLength;
            const source = responseStream;
            async function* enforceMaxContentLength() {
              let totalResponseBytes = 0;
              for await (const chunk of source) {
                totalResponseBytes += chunk.length;
                if (totalResponseBytes > limit) {
                  throw new AxiosError(
                    'maxContentLength size of ' + limit + ' exceeded',
                    AxiosError.ERR_BAD_RESPONSE,
                    config,
                    lastRequest
                  );
                }
                yield chunk;
              }
            }
            responseStream = stream.Readable.from(enforceMaxContentLength(), {
              objectMode: false,
            });
          }
          response.data = responseStream;
          settle(resolve, reject, response);
        } else {
          const responseBuffer = [];
          let totalResponseBytes = 0;

          responseStream.on('data', function handleStreamData(chunk) {
            responseBuffer.push(chunk);
            totalResponseBytes += chunk.length;

            // make sure the content length is not over the maxContentLength if specified
            if (config.maxContentLength > -1 && totalResponseBytes > config.maxContentLength) {
              // stream.destroy() emit aborted event before calling reject() on Node.js v16
              rejected = true;
              responseStream.destroy();
              abort(
                new AxiosError(
                  'maxContentLength size of ' + config.maxContentLength + ' exceeded',
                  AxiosError.ERR_BAD_RESPONSE,
                  config,
                  lastRequest
                )
              );
            }
          });

          responseStream.on('aborted', function handlerStreamAborted() {
            if (rejected) {
              return;
            }

            const err = new AxiosError(
              'stream has been aborted',
              AxiosError.ERR_BAD_RESPONSE,
              config,
              lastRequest,
              response
            );
            responseStream.destroy(err);
            reject(err);
          });

          responseStream.on('error', function handleStreamError(err) {
            if (rejected) return;
            reject(AxiosError.from(err, null, config, lastRequest, response));
          });

          responseStream.on('end', function handleStreamEnd() {
            try {
              let responseData =
                responseBuffer.length === 1 ? responseBuffer[0] : Buffer.concat(responseBuffer);
              if (responseType !== 'arraybuffer') {
                responseData = responseData.toString(responseEncoding);
                if (!responseEncoding || responseEncoding === 'utf8') {
                  responseData = utils.stripBOM(responseData);
                }
              }
              response.data = responseData;
            } catch (err) {
              return reject(AxiosError.from(err, null, config, response.request, response));
            }
            settle(resolve, reject, response);
          });
        }

        abortEmitter.once('abort', (err) => {
          if (!responseStream.destroyed) {
            responseStream.emit('error', err);
            responseStream.destroy();
          }
        });
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow dependency Excluded from app score #34a8aace91a6f161 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]/lib/adapters/http.js:971 · flow /tmp/closeopen-epgogze_/pkgs/npm/[email protected]/lib/adapters/http.js:839 → /tmp/closeopen-epgogze_/pkgs/npm/[email protected]/lib/adapters/http.js:971
      req = transport.request(options, function handleResponse(res) {
        clearConnectPhaseTimer();

        if (req.destroyed) return;

        const streams = [res];

        const responseLength = utils.toFiniteNumber(res.headers['content-length']);

        if (onDownloadProgress || maxDownloadRate) {
          const transformStream = new AxiosTransformStream({
            maxRate: utils.toFiniteNumber(maxDownloadRate),
          });

          onDownloadProgress &&
            transformStream.on(
              'progress',
              flushOnFinish(
                transformStream,
                progressEventDecorator(
                  responseLength,
                  progressEventReducer(asyncDecorator(onDownloadProgress), true, 3)
                )
              )
            );

          streams.push(transformStream);
        }

        // decompress the response body transparently if required
        let responseStream = res;

        // return the last request in case of redirects
        const lastRequest = res.req || req;

        // if decompress disabled we should not decompress
        if (config.decompress !== false && res.headers['content-encoding']) {
          // if no content, but headers still say that it is encoded,
          // remove the header not confuse downstream operations
          if (method === 'HEAD' || res.statusCode === 204) {
            delete res.headers['content-encoding'];
          }

          switch ((res.headers['content-encoding'] || '').toLowerCase()) {
            /*eslint default-case:0*/
            case 'gzip':
            case 'x-gzip':
            case 'compress':
            case 'x-compress':
              // add the unzipper to the body stream processing pipeline
              streams.push(zlib.createUnzip(zlibOptions));

              // remove the content-encoding in order to not confuse downstream operations
              delete res.headers['content-encoding'];
              break;
            case 'deflate':
              streams.push(new ZlibHeaderTransformStream());

              // add the unzipper to the body stream processing pipeline
              streams.push(zlib.createUnzip(zlibOptions));

              // remove the content-encoding in order to not confuse downstream operations
              delete res.headers['content-encoding'];
              break;
            case 'br':
              if (isBrotliSupported) {
                streams.push(zlib.createBrotliDecompress(brotliOptions));
                delete res.headers['content-encoding'];
              }
          }
        }

        responseStream = streams.length > 1 ? stream.pipeline(streams, utils.noop) : streams[0];

        const response = {
          status: res.statusCode,
          statusText: res.statusMessage,
          headers: new AxiosHeaders(res.headers),
          config,
          request: lastRequest,
        };

        if (responseType === 'stream') {
          // Enforce maxContentLength on streamed responses; previously this
          // was applied only to buffered responses.
          if (config.maxContentLength > -1) {
            const limit = config.maxContentLength;
            const source = responseStream;
            async function* enforceMaxContentLength() {
              let totalResponseBytes = 0;
              for await (const chunk of source) {
                totalResponseBytes += chunk.length;
                if (totalResponseBytes > limit) {
                  throw new AxiosError(
                    'maxContentLength size of ' + limit + ' exceeded',
                    AxiosError.ERR_BAD_RESPONSE,
                    config,
                    lastRequest
                  );
                }
                yield chunk;
              }
            }
            responseStream = stream.Readable.from(enforceMaxContentLength(), {
              objectMode: false,
            });
          }
          response.data = responseStream;
          settle(resolve, reject, response);
        } else {
          const responseBuffer = [];
          let totalResponseBytes = 0;

          responseStream.on('data', function handleStreamData(chunk) {
            responseBuffer.push(chunk);
            totalResponseBytes += chunk.length;

            // make sure the content length is not over the maxContentLength if specified
            if (config.maxContentLength > -1 && totalResponseBytes > config.maxContentLength) {
              // stream.destroy() emit aborted event before calling reject() on Node.js v16
              rejected = true;
              responseStream.destroy();
              abort(
                new AxiosError(
                  'maxContentLength size of ' + config.maxContentLength + ' exceeded',
                  AxiosError.ERR_BAD_RESPONSE,
                  config,
                  lastRequest
                )
              );
            }
          });

          responseStream.on('aborted', function handlerStreamAborted() {
            if (rejected) {
              return;
            }

            const err = new AxiosError(
              'stream has been aborted',
              AxiosError.ERR_BAD_RESPONSE,
              config,
              lastRequest,
              response
            );
            responseStream.destroy(err);
            reject(err);
          });

          responseStream.on('error', function handleStreamError(err) {
            if (rejected) return;
            reject(AxiosError.from(err, null, config, lastRequest, response));
          });

          responseStream.on('end', function handleStreamEnd() {
            try {
              let responseData =
                responseBuffer.length === 1 ? responseBuffer[0] : Buffer.concat(responseBuffer);
              if (responseType !== 'arraybuffer') {
                responseData = responseData.toString(responseEncoding);
                if (!responseEncoding || responseEncoding === 'utf8') {
                  responseData = utils.stripBOM(responseData);
                }
              }
              response.data = responseData;
            } catch (err) {
              return reject(AxiosError.from(err, null, config, response.request, response));
            }
            settle(resolve, reject, response);
          });
        }

        abortEmitter.once('abort', (err) => {
          if (!responseStream.destroyed) {
            responseStream.emit('error', err);
            responseStream.destroy();
          }
        });
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7c13d0e0e2bdcf57 Environment-variable access.
pkgs/npm/[email protected]/lib/helpers/shouldBypassProxy.js:136
  const noProxy = (process.env.no_proxy || process.env.NO_PROXY || '').toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@google/genai

npm dependency
high pii_flow dependency Excluded from app score #e7dc28ca25392bbd User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:305 · flow /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:296 → /tmp/closeopen-epgogze_/pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:305
        const response = await fetch(url, {
          method: 'POST',
          headers: {
            'x-goog-api-key': apiKey,
            'content-type': 'application/json',
          },
          body: JSON.stringify(requestBody),
        });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 286 low-confidence finding(s)
low env_fs dependency Excluded from app score #216241fad894c97a Filesystem access.
pkgs/npm/@[email protected]__reposrc/rollup.config.mjs:2
import {readFileSync} from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b39166404c414892 Filesystem access.
pkgs/npm/@[email protected]__reposrc/rollup.config.mjs:6
  readFileSync(new URL('./package.json', import.meta.url), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a4ad905ebc2a353d Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/add_docsite_license_headers.ts:7
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #921df78aa6d2cfe3 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/add_docsite_license_headers.ts:20
  const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #509a69277cdf134e Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/add_docsite_license_headers.ts:24
  fs.writeFileSync(filePath, header + content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #15c96c5b9f38d932 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate_pages.ts:8
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e80d03eed1b1b63e Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate_pages.ts:39
  const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #229c1b9bdf77dbd1 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate_pages.ts:43
  fs.writeFileSync(filePath, HEADER + content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9435089c55eb3030 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate_pages.ts:87
    const manifestContent = fs.readFileSync(manifestPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4aa03292a60f854d Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/ignore_missing_mcp_dep.js:7
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8d332f3a0ed4a2a9 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/ignore_missing_mcp_dep.js:64
    const fileContent = fs.readFileSync(absolutePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #137e99e26a45624c Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/ignore_missing_mcp_dep.js:74
      fs.writeFileSync(absolutePath, newContent, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4e2d36bd9c298e5e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/scripts/prepare.js:22
const isCI = process.env.CI === 'true' || process.env.KOKORO_JOB_TYPE !== undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec0a84fcfdabada7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/abort_signal.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63c52966ffdab886 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/abort_signal.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cede50ceff7b026d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/abort_signal.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe543d2b6373ccc0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/abort_signal.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #917863baa26ae24e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_error.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3ceed2ae05b26e6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_error.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38ee2a5c998aa36d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_error.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ec6798e8c4b9aa Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_error.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #333341b42f790b3d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_version.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50c0120f45582806 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_version.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67a1d31c2327bc57 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_version.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22726a1a094e5f0b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/api_version.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f4326806fc227be Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/batch_embedding_file.ts:10
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d73b0131b0b4412 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/batch_embedding_file.ts:17
  apiKey: process.env.GEMINI_API_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97b262c0d455a6ff Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/batch_embedding_file.ts:28
  if (process.env.GOOGLE_GENAI_USE_VERTEXAI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8389567ed5fe45e1 Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/batch_embedding_file.ts:71
    await fs.writeFile(tempFilePath, jsonlContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e54f71c25958fff5 Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/batch_embedding_file.ts:148
      const contentString = await fs.readFile(tempFilePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111a031dd23e128f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/batch_embedding_inline.ts:14
  apiKey: process.env.GEMINI_API_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58d97f67fc4d70e5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/batch_embedding_inline.ts:25
  if (process.env.GOOGLE_GENAI_USE_VERTEXAI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10772e1a6aec076d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:18
const SKIP_HTTP = process.env.SKIP_HTTP === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d4803504bbeab735 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:26
const MODE = (process.env.MODE || 'live') as 'live' | 'record' | 'mock';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e44c242d5ee3f941 Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:35
  const mockedData = fs.readFileSync(MOCK_FILE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f48b5a9a8728251f Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:92
                fs.writeFileSync(MOCK_FILE, Buffer.concat(buffers));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1457d5ffb244772e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:296
          process.env.GCLOUD_API_KEY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfc58166fffa6b50 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:297
          process.env.GOOGLE_API_KEY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fb42ee5281566d11 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:298
          process.env.GEMINI_API_KEY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #952d84c0943625a9 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:300
        const url = new URL(
          'https://generativelanguage.googleapis.com/v1beta/interactions',
        );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #541f711467f66b33 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:380
  delete process.env.GOOGLE_GEMINI_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b22241d24f4d7e08 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:382
    process.env.GCLOUD_API_KEY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac425f211e70559e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:383
    process.env.GOOGLE_API_KEY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0eefb3e2ad6d9051 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/benchmark_streaming.ts:384
    process.env.GEMINI_API_KEY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #026ecd80cffbd389 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/caches.ts:8
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e466d0489b3d0a4c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/caches.ts:9
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bb26fb175ecec3e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/caches.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f308171c6eb6746d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc.ts:12
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7987e84afcb84564 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc.ts:13
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31639167d3a38142 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc.ts:14
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #777874bd89b2caa1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc.ts:15
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0f569b530cf285a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc_streaming.ts:15
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73880823b1647c2a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc_streaming.ts:16
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #540aac9ce29518ae Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc_streaming.ts:17
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fdd0f971500f6d3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc_streaming.ts:18
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbe0553acfc2f82d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc_streaming_function_call.ts:15
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03f9fa83e2668bbe Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc_streaming_function_call.ts:16
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bafc69abb27359a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chat_afc_streaming_function_call.ts:17
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #056710828bd964f2 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chats.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1fcac30f5eb1381 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chats.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd5487d58bb0b073 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chats.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c637745e0513a25 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/chats.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #811149c349af9e7a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/count_tokens.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #527e36ab00bd527f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/count_tokens.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5d93422eedcfb4a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/count_tokens.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53c9affc9ba1bafc Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/count_tokens.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecfe26ca311134fe Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/direct_url.ts:8
const client = new GoogleGenAI({apiKey: process.env.GEMINI_API_KEY});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d92b7be7d4a87ff9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_content_reference.ts:12
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ac278f255c2a370 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_content_reference.ts:13
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fa25e43bb74835f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_content_reference.ts:14
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6adde5fab12e200b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_control_reference.ts:12
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785ad3abb53bfa3f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_control_reference.ts:13
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #052b3f0734964a04 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_control_reference.ts:14
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19ebcc58aac50548 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_mask_reference.ts:13
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee28c91b2b33a59f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_mask_reference.ts:14
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff50b81dac8a7ab7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_mask_reference.ts:15
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6194b35210290d32 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_style_transfer.ts:8
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28fa3c5066437155 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_style_transfer.ts:9
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04e846972e4b13dd Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_style_transfer.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38061986baf87ed9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_subject_reference.ts:12
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb4f6ddf58c89705 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_subject_reference.ts:13
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61d792544160c3c0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/edit_image_subject_reference.ts:14
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58df8d541dd975af Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/embed_content.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0703c451c7f8ef7f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/embed_content.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #985151482aaf7890 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/embed_content.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d780385e382def46 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/embed_content.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f92fca773620b86 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/file_search_stores.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e26a65cf44a1223 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_afc_streaming.ts:16
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53458e5cb74e6660 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_afc_streaming.ts:17
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #881956ec8b6e2d8e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_afc_streaming.ts:18
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6a51d67bff3fadf Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_afc_streaming.ts:19
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0298713ef67e1ad0 Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming.ts:7
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5279a5503c562d4b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming.ts:9
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dde68bff284e865 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming.ts:10
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8ecc26a2030c59c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming.ts:11
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #880c4323fc57d434 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming.ts:12
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e55f38177098091 Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming.ts:35
      fs.writeFileSync(fileName, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c13d4adf72b852bd Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming.ts:65
      fs.writeFileSync(fileName, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df5d3e927947e227 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming_function_call.ts:12
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fc11ad6624425fa Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming_function_call.ts:13
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30623fb43b8a1eda Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_streaming_function_call.ts:14
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63f905b48dfaa86b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_code_execution.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df0cd08e73ef82d1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_code_execution.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5aae96217e323e2b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_code_execution.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #163e7f17008a147b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_code_execution.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a7890edd17b97bf Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_file_upload.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf4f7d990178e0b4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_file_upload.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f1da7fd944002f5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling.ts:13
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37cb88a531a42fcc Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling.ts:14
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a8c70d9c6635780 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling.ts:15
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d39b392488025ebb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling.ts:16
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0db500069239ef80 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling_accept_json_schema.ts:10
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ea06c7949458f08 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling_accept_json_schema.ts:11
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5c4b54141f160aa Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling_accept_json_schema.ts:12
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b6318065891e229 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_function_calling_accept_json_schema.ts:13
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd86d156e2cabcab Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_latlong.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d73cf15da7a4a7ea Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_latlong.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89e941fcb7f39e6c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_latlong.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c41f398426194530 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_latlong.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #232538644f124852 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_log_prob.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #170c0db7bb1498d7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_log_prob.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acc4082c703edb95 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_log_prob.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #992ed6c667eabe89 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_log_prob.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71a231346a61d865 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_model_configuration.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b704f7cbde305e38 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_model_configuration.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c4c5dcc8f7570ad Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_model_configuration.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c066564cc95ccf4b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_model_configuration.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #140c41b173c08995 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema.ts:8
const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #825bf654857cee00 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d3c3ae226f3152d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c8afaea20e30308 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #557666dec564a72c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema_accept_json_schema.ts:9
const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11e43543f940696d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema_accept_json_schema.ts:10
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4de9c8194b70cb7e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema_accept_json_schema.ts:11
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b78a64ef2988c015 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_response_schema_accept_json_schema.ts:12
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf17c6760541a824 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_safety_settings.ts:13
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cef4a26fe45de34 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_safety_settings.ts:14
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a5cc2ebd8998583b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_safety_settings.ts:15
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0469b42e725387fb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_safety_settings.ts:16
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ec795e5b863e11e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_search_grounding.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e22d76e774f23214 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_search_grounding.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a88132d3fbca8833 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_search_grounding.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51bc79d6bbefe94f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_search_grounding.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6433ab479d2b3f15 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_system_instructions.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c060468167f1528 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_system_instructions.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc42586e16a32c19 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_system_instructions.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf7b1e151549897a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_system_instructions.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d4a09b02b949598 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_text.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5036f853f18614e4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_text.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5edc2d6049c01f5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_text.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9df4fe36a4907bf Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_text.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b91b22c6d861f3e9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_text_vertex_apikey.ts:8
const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #51464397deb27057 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_text_vertex_apikey.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #037b80bdc3057991 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_url_context.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75e563830294537d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_content_with_url_context.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #621970932d95d7f1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_image.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aae076c472205d40 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_image.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #362b81b242b3d169 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_image.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc581af9e452753a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_image.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45e9db779e5a13d6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b0c152dda9371c3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dcf5e721151617b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b61885d2953cbb5b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df2b81b8e0d9670c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_edit_outpaint.ts:8
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f51c982d4c0b5d0c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_edit_outpaint.ts:9
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #435b73c797c14c6a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_edit_outpaint.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ef95e92d3b0b869 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_extension.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0ab2872e0c90375 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_extension.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6abf369ff04af306 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_extension.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #290d1715002bf145 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_extension.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ba5f408672e5eb7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_rai_filtered.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978fd763d01563f0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_rai_filtered.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0edec5c542d939f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_rai_filtered.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89cf317e247a1476 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/generate_videos_rai_filtered.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7c55577e77a976f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/get_model_info.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69ded3d766b55b3d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/get_model_info.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d5579efc96fcb37 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/get_model_info.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6e4cf28fab371e8 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/get_model_info.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f53156a62046739 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_basic.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77f7e72824f9e1b6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_basic.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8e00c9ae776fca Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_function_calling_client_state.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2ba0be5a26223a0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_function_calling_client_state.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddeb3445d7193aed Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_function_calling_server_state.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #999121500a1fb02b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_function_calling_server_state.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f0b97559f475a27 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_get.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35db9aeb9da9ef8f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_get.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad70e3de56258597 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_audio.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d46250251bca1d27 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_audio.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ef38215b3e1a550c Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_audio.ts:19
  const audioResponse = await fetch(audioUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8fca9c444383b50a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_audio_with_generate_content.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c2f34ea7c765ad6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_audio_with_generate_content.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #59441f05cb571ff3 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_audio_with_generate_content.ts:19
  const audioResponse = await fetch(audioUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1b8bb678d40b1807 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_image.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10d87c2d40f63009 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_image.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #519b2c0a697dd978 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_image.ts:19
  const imageResponse = await fetch(imageUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #726a5934b2f789ef Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_image_with_generate_content.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bdd145b5f8d9d218 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_image_with_generate_content.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e187097183aabbc1 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_input_text_and_image_with_generate_content.ts:23
  const imageResponse = await fetch(imageUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a7bf84a32ee3f1c4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_audio.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad064649b7b1fa9d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_audio.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6f27a8eff3704dfa Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_audio_with_generate_content.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1d66c0ffa7ededf Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_audio_with_generate_content.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ae56d75bfb94243 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_image.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b56da1acfcebf029 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_image.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e05ba1ceeb0818e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_image_with_generate_content.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baef7d8970a74208 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_multimodal_response_image_with_generate_content.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c15cda5c4d6a8378 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_stateful.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8af056e993a8200f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_stateful.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b30641179a3cd6c8 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_stateless.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a73acf4d84570a5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_stateless.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6b3b28e7fbe3993 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_streaming.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #735652c8c2929cf9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_streaming.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77402fb62338bf13 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_structured_output_json.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5076bf3b4d922db7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_structured_output_json.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8ebf1e4f6a79884 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_code_execution.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14740dc3b9f962eb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_code_execution.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cd7e265f61f00c2 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_computer_use.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dfe252a493ff4d4e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_computer_use.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64990740a7a0ad10 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_functions.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3800df471233265 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_functions.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d4989e895066e39 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_google_search.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #060f21e4462d35cb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_google_search.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55ee80b3da7f80ab Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_mcp_server.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43d3ba915a235793 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_mcp_server.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #081407e18b2fa6c6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_mime_type.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #92381307c1c6389b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_mime_type.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2cf0ded0b401d69 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_url_context.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c97dcc06d6cd94ed Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_tool_call_with_url_context.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c445f7ba9e838164 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_with_config.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e452b5841a0304a6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/interactions_with_config.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c522dd992c48cca Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/list_models.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #98277ab742a803e3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/list_models.ts:9
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c38dc689bb0c124b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/list_models.ts:10
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d20770a6521fb13c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/list_models.ts:11
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b450fd3f0e0e0a00 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_client_content.ts:13
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf304a51ff802a80 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_client_content.ts:14
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #05dbc3188602423b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_client_content.ts:15
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efe82f990c4d6b76 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_client_content.ts:16
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8268617cb4c31ca Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_client_content.ts:18
  process.env.GOOGLE_GENAI_MLDEV_USE_EPHEMERAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #feef305def39fbb9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_client_content_with_url_context.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cd639966348887a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_client_content_with_url_context.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57a13d96767814f1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_ephemeral.ts:13
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0cc97f7d1e04c90 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_ephemeral.ts:14
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7fde5f4a071ab28 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_music.ts:8
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad85ec41ad021504 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_music.ts:9
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3152d52202297b Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:9
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2063664b9d237887 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:26
  const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6890cf4bd85d250 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:27
  const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f23c891302386570 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:28
  const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f19dd2db235c4fbc Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:29
  const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #693025571e4dd958 Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:55
    const voiceSampleAudio = fs.readFileSync(voiceSamplePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e0dea4f1308c3ad Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:59
      consentAudio = fs.readFileSync(voiceConsentPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3619ca68ab02ddd5 Filesystem access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_prompt.ts:166
  fs.writeFileSync(filename, fileBuffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a0d9b6ce8f0b9f3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_server.ts:25
const GOOGLE_API_KEY = process.env.GOOGLE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d79b57c252f8fbbe Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_server.ts:26
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #691ed33041514ef4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_server.ts:27
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a2e04d7787f06c2 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/live_server.ts:28
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b392061d4fb2869 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client.ts:12
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #852207e37c21e6a6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client.ts:13
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d7f9ef3bf87601a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client.ts:14
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03edfed23855a6a5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client.ts:15
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65554010fe4af667 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client_stream.ts:12
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2c36ddf729103d5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client_stream.ts:13
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d7520352908fef4d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client_stream.ts:14
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f062267c50f6acf Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/mcp_client_stream.ts:15
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2483cdca4eddc675 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/recontext_image_virtual_try_on.ts:8
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed448ce4a8621747 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/recontext_image_virtual_try_on.ts:9
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #155605037e3ba734 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/recontext_image_virtual_try_on.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a713c76ca247907 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/register_files.ts:9
const GEMINI_API_KEY = process.env.GEMINI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad2c1784f94793fa Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/register_files.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e652d169361e24e8 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/segment_image.ts:8
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #856c9cefd59b3762 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/segment_image.ts:9
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c8ad6d1a0f741d7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/segment_image.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f8806411e534c6a7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/tunings.ts:8
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b7b0267ca4da558 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/tunings.ts:9
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc68742d5c593fd7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/tunings.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50d62150b7848600 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/upscale_image.ts:8
const GOOGLE_CLOUD_PROJECT = process.env.GOOGLE_CLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e904fefc3944f71 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/upscale_image.ts:9
const GOOGLE_CLOUD_LOCATION = process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad2014c82f7f0bf5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/sdk-samples/upscale_image.ts:10
const GOOGLE_GENAI_USE_VERTEXAI = process.env.GOOGLE_GENAI_USE_VERTEXAI;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #874496318dc470b6 Filesystem access.
pkgs/npm/@[email protected]__reposrc/src/node/_node_downloader.ts:7
import {createWriteStream} from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a7d15909fd833b9c Filesystem access.
pkgs/npm/@[email protected]__reposrc/src/node/_node_downloader.ts:8
import {writeFile} from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #802a9c11dfa01a86 Filesystem access.
pkgs/npm/@[email protected]__reposrc/src/node/_node_downloader.ts:39
          await writeFile(params.downloadPath, response as string, {
            encoding: 'base64',
          });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd090509a6719d47 Filesystem access.
pkgs/npm/@[email protected]__reposrc/src/node/_node_tokenizer_platform.ts:8
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eec96958eb0fb980 Filesystem access.
pkgs/npm/@[email protected]__reposrc/src/node/_node_tokenizer_platform.ts:34
      const data = await fs.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #861945fe01dffd58 Filesystem access.
pkgs/npm/@[email protected]__reposrc/src/node/_node_tokenizer_platform.ts:55
      await fs.writeFile(tmpPath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa3a0fafa2778a70 Filesystem access.
pkgs/npm/@[email protected]__reposrc/src/node/_node_uploader.ts:6
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai

npm dependency
high pii_flow dependency Excluded from app score #385b9ca67a1b63a4 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 · flow /tmp/closeopen-epgogze_/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → /tmp/closeopen-epgogze_/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
      const response = await fetch(this.api.token, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ sessionConfig: this.sessionConfig }),
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

@agentclientprotocol/sdk

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #28fc557d9d2b4c18 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:9
import * as fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9636e7fb4b9033d0 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:61
  const metadata = JSON.parse(await fs.readFile("./schema/meta.json", "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #15e58935c9f74c2d Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:63
  const schemaSrc = await fs.readFile("./schema/schema.json", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #24eb628ed72e94ef Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:112
  const zodSrc = await fs.readFile(zodPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c1e737f5505b8e49 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:142
  await fs.writeFile(zodPath, zod);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3777390b94963079 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:145
  const tsSrc = await fs.readFile(tsPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #70cfd844aec867e5 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:155
  await fs.writeFile(tsPath, ts);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e51c7b43d175bd0e Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:161
  await fs.writeFile(`${stagingDir}/guards.gen.ts`, guards);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0019509ae9110134 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:172
  const indexSrc = await fs.readFile(indexPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a418ac1d8643afb9 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:173
  await fs.writeFile(
    indexPath,
    await formatStable(`${indexSrc.replace(/\s*ClientOptions,/, "")}\n${meta}`),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5efd33b281d618b1 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:225
  await fs.writeFile(outputPath, response.body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #54c0cff34bd37620 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/http-client.ts:32
const serverUrl = process.env.ACP_HTTP_URL ?? "http://127.0.0.1:7331/acp";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1f1cfd77fd213201 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/http-server.ts:130
const port = Number.parseInt(process.env.PORT ?? "7331", 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f5a4ee2ac38434de Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/ws-client.ts:35
const serverUrl = process.env.ACP_WS_URL ?? "ws://127.0.0.1:7331/acp";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/google-vertex

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #494a1c03fd6c6beb Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/edge/google-vertex-auth-edge.ts:139
    const response = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: withUserAgentSuffix(
        { 'Content-Type': 'application/x-www-form-urlencoded' },
        `ai-sdk/google-vertex/${VERSION}`,
        getRuntimeEnvironmentUserAgent(),
      ),
      body: new URLSearchParams({
        grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        assertion: jwt,
      }),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@anthropic-ai/sdk

npm dependency
expand_more 44 low-confidence finding(s)
low env_fs dependency Excluded from app score #c78c5b6973e714e8 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:110
        configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd1c7f815a619222 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:210
        raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #964bcb33dffbd217 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:308
        return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #673fc48b2f5ac216 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:73
        configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35915c2a5dcdaa1b Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:172
        raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #053295d5eabbb2fc Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:268
        return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90671e7c41163596 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/credential-chain.js:203
            const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6530357112bf4d Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/credential-chain.mjs:166
            const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c25e32cb726f89f9 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/identity-token.js:51
            content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a8eaf4371ebf883 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/identity-token.mjs:14
            content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b9726298ec2d200 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/types.js:195
            await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76ce706219ca38f0 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/types.mjs:154
            await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1926a2352d50e632 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/user-oauth.js:56
            raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7756272fb786870c Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/user-oauth.mjs:20
            raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a211d462f3781129 Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:154
    configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b0988d92eaae3dd Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:258
    raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #058efc4186fa8c53 Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:372
    return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f759226ff461d5d0 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/credential-chain.ts:250
      const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0838fdcbc41af925 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/identity-token.ts:17
      content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eb5be0e75c2df71 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/types.ts:222
      await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dcfbf7fcac6bb54 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/user-oauth.ts:45
      raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5b3cef4638f61531 Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/fs-util.ts:112
    await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6167106d8663c0bc Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:457
        data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d03584fd64663347 Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:533
        data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ce43a2e6d8be5dad Environment-variable access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:806
  const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d3b9af8d6265b09b Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:4
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #18bd4ed09803fc4b Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:52
    await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #cbd94cba122ae607 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:101
    return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #40e5f7bda8d7c9f9 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:256
      await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #41317ddeeaf6c674 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/fs-util.js:115
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #66385e4f6e4ec884 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/fs-util.mjs:107
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #016920f8753a6f43 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:390
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5fac7ff55b8fa5ff Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:469
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #448033f4008db43b Environment-variable access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:755
    const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9039594acef6cba7 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:375
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #cef496ac78f32331 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:454
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1b64572b56a02449 Environment-variable access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:740
    const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c329ded9ad259359 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:43
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7afd5588f501c325 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:91
        return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #51060801c889c857 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:213
            await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5d0d85a0e1a01236 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:2
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #56e1595146fdd406 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:38
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #16f4058987d61fb4 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:86
        return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #32e3428caffd7fe9 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:208
            await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@aws-sdk/credential-providers

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #0587e94293133240 Environment-variable access.
pkgs/npm/@[email protected]/dist-cjs/index.js:246
    return fromTemporaryCredentials$1(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2bcb26a42adbaefb Environment-variable access.
pkgs/npm/@[email protected]/dist-es/fromTemporaryCredentials.js:5
    return fromTemporaryCredentialsBase(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@bufbuild/protobuf

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #fbf30da1b76f6207 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/bootstrap-inject.mjs:55
    const fileContent = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9f785ced3ea6ead8 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/bootstrap-inject.mjs:70
      writeFileSync(filePath, newContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #95112733fcbf2735 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/bootstrap-inject.mjs:402
      [path]: readFileSync(joinPath(wktInclude.dir, path), "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd0e9c48beaf3b16 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/proto-int64.ts:140
      process.env.BUF_BIGINT_DISABLE !== "1");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@gramio/format

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #f836d5d2c1294e5a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/scripts/generate-changelog.ts:29
if (process.env.GITHUB_OUTPUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #76935f72dfed3362 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/scripts/generate-changelog.ts:31
		process.env.GITHUB_OUTPUT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f1f396d57f1459aa Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.ts:352
await fs.writeFile(
	OUTPUT,
	await prettier.format(source, {
		parser: "typescript",
		useTabs: true,
		tabWidth: 4,
		endOfLine: "auto",
	}),
);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a1b86642e10cac9b Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/release-jsr.ts:8
const jsrConfig = JSON.parse(String(fs.readFileSync("deno.json")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1db2d3a7913ba2c6 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/release-jsr.ts:12
fs.writeFileSync("deno.json", JSON.stringify(jsrConfig, null, 4));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@grpc/grpc-js

npm dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #8858481cd7aa2245 Filesystem access.
pkgs/npm/@[email protected]/src/certificate-provider.ts:18
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9f99809eb97612d Environment-variable access.
pkgs/npm/@[email protected]/src/environment.ts:19
  (process.env.GRPC_NODE_USE_ALTERNATIVE_RESOLVER ?? 'false') === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1a8512e26177e0f Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:51
  if (process.env.grpc_proxy) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f7bbe61107e3332 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:53
    proxyEnv = process.env.grpc_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c6d5abd0943327a Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:54
  } else if (process.env.https_proxy) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32ea6933dcb46438 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:56
    proxyEnv = process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b726cc5efc38e59 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:57
  } else if (process.env.http_proxy) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c53d6f85a890c22 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:59
    proxyEnv = process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a2aec6821efd31a Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:108
  let noProxyStr: string | undefined = process.env.no_grpc_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c3262c7e4122c58 Environment-variable access.
pkgs/npm/@[email protected]/src/http_proxy.ts:111
    noProxyStr = process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0786a0852aea2556 Environment-variable access.
pkgs/npm/@[email protected]/src/load-balancer-outlier-detection.ts:57
  (process.env.GRPC_EXPERIMENTAL_ENABLE_OUTLIER_DETECTION ?? 'true') === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2280d0c57a25644 Environment-variable access.
pkgs/npm/@[email protected]/src/logging.ts:39
  process.env.GRPC_NODE_VERBOSITY ?? process.env.GRPC_VERBOSITY ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2db6ccf65baa00ba Environment-variable access.
pkgs/npm/@[email protected]/src/logging.ts:97
  process.env.GRPC_NODE_TRACE ?? process.env.GRPC_TRACE ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e245275a5a48e9f1 Filesystem access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:18
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47a493482da199ab Environment-variable access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:21
  process.env.GRPC_SSL_CIPHER_SUITES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f27c90e4fd5f8410 Environment-variable access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:23
const DEFAULT_ROOTS_FILE_PATH = process.env.GRPC_DEFAULT_SSL_ROOTS_FILE_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #575708a1cca6fb58 Filesystem access.
pkgs/npm/@[email protected]/src/tls-helpers.ts:30
      defaultRootsData = fs.readFileSync(DEFAULT_ROOTS_FILE_PATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@jerome-benoit/sap-ai-provider

npm dependency
expand_more 23 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #897d0f2162787f6f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-chat-completion-tool.ts:126
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #be6208c376c9a04a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-data-masking.ts:31
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5b69828889eeaded Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-document-grounding.ts:40
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #85e9d4033053ff04 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-document-grounding.ts:46
  const VECTOR_STORE_ID = process.env.VECTOR_STORE_ID ?? "vector-store-1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #14ca252edffdceab Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-embeddings.ts:37
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #97067c4e7e89ff30 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-foundation-models.ts:42
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4410c415bb51e26a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-generate-text.ts:31
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5225a0a6f86864d0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-image-recognition.ts:31
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #9016766647a6d735 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/examples/example-image-recognition.ts:52
              image: new URL(
                "https://upload.wikimedia.org/wikipedia/commons/thumb/4/47/PNG_transparency_demonstration_1.png/280px-PNG_transparency_demonstration_1.png",
              ),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #46bca35520d7965d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/examples/example-image-recognition.ts:110
              image: new URL(
                "https://upload.wikimedia.org/wikipedia/commons/thumb/4/47/PNG_transparency_demonstration_1.png/280px-PNG_transparency_demonstration_1.png",
              ),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #bf55a7b011fabcf6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-simple-chat-completion.ts:31
    if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c9405f8a873b6d70 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-streaming-chat.ts:32
    if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #454ce4c0320b82ff Environment-variable access.
pkgs/npm/@[email protected]__reposrc/examples/example-translation.ts:42
  if (!process.env.AICORE_SERVICE_KEY && !process.env.VCAP_SERVICES) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #09663e3c4a49fd36 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/check-toc.ts:346
  const content = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ae0d8ff19176363b Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/prepare-v2-package.ts:40
  return JSON.parse(readFileSync(path, "utf-8")) as T;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b2592b1f9464b44 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/prepare-v2-package.ts:91
  writeFileSync(path, JSON.stringify(data, null, 2) + "\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #20eeac19a0712293 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/convert-to-sap-messages.test.ts:639
              data: new URL("https://example.com/image.jpg"),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a0aa52867ca896fd Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/convert-to-sap-messages.test.ts:794
              data: new URL("https://example.com/document.pdf"),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #07aefcd13dc9f38e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/sap-ai-provider-v2.ts:137
  if (!process.env.SAP_CLOUD_SDK_LOG_LEVEL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82622f41bbd6a585 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/sap-ai-provider.test.ts:137
      delete process.env.SAP_CLOUD_SDK_LOG_LEVEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62e3994f00d1e446 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/sap-ai-provider.test.ts:153
      process.env.SAP_CLOUD_SDK_LOG_LEVEL = "info";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84b1897de0946194 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/sap-ai-provider.ts:144
  if (!process.env.SAP_CLOUD_SDK_LOG_LEVEL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c734fc6fd3ff576e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/test-quick.ts:22
  if (!process.env.AICORE_SERVICE_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/core

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs dependency Excluded from app score #cd85490a3801771b Filesystem access.
pkgs/npm/@[email protected]/index-zhsxkp8y.js:10
import { existsSync, readFileSync, realpathSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23d0d90cf017adeb Filesystem access.
pkgs/npm/@[email protected]/index-zhsxkp8y.js:84
        const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #302b5d2e7c4b1b53 Filesystem access.
pkgs/npm/@[email protected]/index-zhsxkp8y.js:319
        const contents = readFileSync(normalizedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #61d90fc619188a2b Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:6
import { mkdir as mkdir2 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a81e10623106fba3 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:10
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8708aa21b2321169 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:36
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b7617695bb2a3c69 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:50
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0d4897728c6e528 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:62
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22a9ae6b0571ee2d Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:80
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85afc1f92bf3c5f6 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:89
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d67f1d08e3f812b Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:90
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/react

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #ee04209c287ef528 Environment-variable access.
pkgs/npm/@[email protected]/chunk-msc8jt9j.js:528
if (process.env["DEV"] === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@vscode/codicons

npm dependency
expand_more 20 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #8b2357ce5f7ca8bd Filesystem access.
pkgs/npm/@[email protected]/scripts/check-metadata.js:8
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #bd2476a94a4f3cf9 Filesystem access.
pkgs/npm/@[email protected]/scripts/check-metadata.js:25
const mapping = JSON.parse(fs.readFileSync(mappingPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #90869ce376696451 Filesystem access.
pkgs/npm/@[email protected]/scripts/check-metadata.js:26
const metadata = JSON.parse(fs.readFileSync(metadataPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2fdb27c0d401cb2e Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-metadata.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1c6d6e61298e3641 Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-metadata.js:12
const metadata = fs.readFileSync(metadataPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f0fe8cec383e51e5 Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-metadata.js:13
let html = fs.readFileSync(htmlPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0fbc7d223b0a7ed9 Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-metadata.js:21
    fs.writeFileSync(htmlPath, html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5a6b6c0d5cbd1102 Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-svg-data.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a81bb63cd4071c64 Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-svg-data.js:18
    const content = fs.readFileSync(path.join(iconsDir, file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #edc8cd4b28bf660e Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-svg-data.js:22
let html = fs.readFileSync(htmlPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #040e8d37384531da Filesystem access.
pkgs/npm/@[email protected]/scripts/embed-svg-data.js:27
    fs.writeFileSync(htmlPath, html);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ef78d3f985592307 Filesystem access.
pkgs/npm/@[email protected]/scripts/export-to-ts.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #79fb41eb5ba433c3 Filesystem access.
pkgs/npm/@[email protected]/scripts/export-to-ts.js:10
fs.readFile(opts.f, 'utf8', (err, data) => {
    if (err) {
        console.error('Error reading file:', err);
        return;
    }

    try {
        const mapping = JSON.parse(data);

        console.log("/*---------------------------------------------------------------------------------------------");
        console.log(" *  Copyright (c) Microsoft Corporation. All rights reserved.");
        console.log(" *  Licensed under the MIT License. See License.txt in the project root for license information.");
        console.log(" *--------------------------------------------------------------------------------------------*/");
        console.log("import { register } from './codiconsUtil.js';");
        console.log("");
        console.log("");
        console.log("// This file is automatically generated by (microsoft/vscode-codicons)/scripts/export-to-ts.js");
        console.log("// Please don't edit it, as your changes will be overwritten.");
        console.log("// Instead, add mappings to codiconsDerived in codicons.ts.");
        console.log("export const codiconsLibrary = {");

        // New format: mapping is { "code": ["alias1", "alias2", ...] }
        Object.entries(mapping).forEach(([code, aliases]) => {
            const codeValue = parseInt(code);
            const hexValue = decimalToHex(codeValue);
            
            // Register each alias with the same code
            aliases.forEach((name) => {
                console.log(`\t${toCamelCase(name)}: register('${name}', ${hexValue}),`);
            });
        });

        console.log("} as const;");

    } catch (error) {
        console.error('Error parsing JSON:', error);
    }
});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #cb4bae66070cd7c1 Filesystem access.
pkgs/npm/@[email protected]/scripts/reset.js:1
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d00c6a033986d85d Filesystem access.
pkgs/npm/@[email protected]/scripts/svg-sprite.js:3
const fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f8a50117bbf9ed4f Filesystem access.
pkgs/npm/@[email protected]/scripts/svg-sprite.js:90
        fs.readFileSync(file, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d7ddb49dc34ab593 Filesystem access.
pkgs/npm/@[email protected]/scripts/svg-sprite.js:118
    fs.writeFileSync(result.symbol.sprite.path, result.symbol.sprite.contents);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0358e0925ac9cf8e Filesystem access.
pkgs/npm/@[email protected]/scripts/version-bump.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5423ae299f0230c8 Filesystem access.
pkgs/npm/@[email protected]/scripts/version-bump.js:13
  const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #55f0bd07c24cb912 Filesystem access.
pkgs/npm/@[email protected]/scripts/version-bump.js:84
  fs.writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai-sdk-provider-claude-code

npm dependency
expand_more 48 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #8c15bc42aa5883cc Filesystem access.
pkgs/npm/[email protected]__reposrc/examples/images.ts:24
  const data = readFileSync(filePath).toString('base64');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5bfe2a49566b4536 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:196
  const realConfigDir = process.env.CLAUDE_CONFIG_DIR ?? join(homedir(), '.claude');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #63972a057d1237d8 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:219
  const previousConfigDir = process.env.CLAUDE_CONFIG_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #273ca2c7fa947883 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:220
  const previousSecureStorageDir = process.env.CLAUDE_SECURESTORAGE_CONFIG_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #01e8884596d29aeb Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:221
  process.env.CLAUDE_CONFIG_DIR = tempConfigDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1e411eb8aaf3a03f Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:222
  process.env.CLAUDE_SECURESTORAGE_CONFIG_DIR = previousSecureStorageDir ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #56e21e1ccfbcfad4 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:275
      delete process.env.CLAUDE_CONFIG_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c35da826795adb22 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:277
      process.env.CLAUDE_CONFIG_DIR = previousConfigDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dc06aa9beb468f54 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:280
      delete process.env.CLAUDE_SECURESTORAGE_CONFIG_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #62a892bb0694d7e0 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:282
      process.env.CLAUDE_SECURESTORAGE_CONFIG_DIR = previousSecureStorageDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9c5fdb50102db340 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/integration-test.ts:346
const TIMEOUT_MS = Number(process.env.CLAUDE_IT_TIMEOUT_MS ?? '180000');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #fb20e3ed8d2dfbdb Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/mcp-exa.ts:23
  const endpoint = new URL(process.env.EXA_MCP_URL ?? DEFAULT_EXA_ENDPOINT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b5c6514654eeb3ae Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/mcp-exa.ts:30
  const apiKey = process.env.EXA_API_KEY ?? process.env.EXA_MCP_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3127bfa15527bc07 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/mcp-exa.ts:47
  const verboseLogs = process.env.CLAUDE_EXAMPLE_VERBOSE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8d08557c9629f9c6 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/mcp-filesystem.ts:22
  const verboseLogs = process.env.CLAUDE_EXAMPLE_VERBOSE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8288061c4d548a2b Filesystem access.
pkgs/npm/[email protected]__reposrc/examples/skills-option.ts:97
  await writeFile(join(skillDir, 'SKILL.md'), SKILL_MD);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d49e898f991e41d Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:385
      const originalMerge = process.env.C2_TEST_MERGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #212925910c18e69f Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:386
      const originalOverride = process.env.C2_TEST_OVERRIDE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ccee09eee48bcd64 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:387
      const originalClaudeConfigDir = process.env.CLAUDE_CONFIG_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a10aa8c4353a520 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:389
        process.env.C2_TEST_MERGE = 'from-process';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca813fb62ccce256 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:390
        process.env.C2_TEST_OVERRIDE = 'original';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9010c6d9994815ad Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:391
        process.env.CLAUDE_CONFIG_DIR = 'from-process';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2d502f82b01a330 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:435
          delete process.env.C2_TEST_MERGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c6092d0db0074c0 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:437
          process.env.C2_TEST_MERGE = originalMerge;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97ba5d74b03e9dfb Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:440
          delete process.env.C2_TEST_OVERRIDE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27e483ca06f61b5d Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:442
          process.env.C2_TEST_OVERRIDE = originalOverride;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f30c23f261251735 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:445
          delete process.env.CLAUDE_CONFIG_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a95ce17e3a3d84f Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:447
          process.env.CLAUDE_CONFIG_DIR = originalClaudeConfigDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8fe9258dc3043737 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:480
      if (process.env.PATH !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24841bd69989ce75 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:481
        expect(call.options.env.PATH).toBe(process.env.PATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fc138820dada4be Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:499
      for (const key of testKeys) original[key] = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd9ff059223f360d Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:501
        for (const key of testKeys) process.env[key] = `value-${key}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e59abc6235c7227f Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:543
            delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c18452201add59fe Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:545
            process.env[key] = original[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a9fc95e343b3281 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:552
      const originalClientApp = process.env.CLAUDE_AGENT_SDK_CLIENT_APP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20e9c1273e8bcbaa Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:554
        delete process.env.CLAUDE_AGENT_SDK_CLIENT_APP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8e0e56db6579acc1 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:577
          readFileSync(new URL('../package.json', import.meta.url), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9515612de419805 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:598
        process.env.CLAUDE_AGENT_SDK_CLIENT_APP = 'from-process/2.0.0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94a76e962815422a Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:608
          delete process.env.CLAUDE_AGENT_SDK_CLIENT_APP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3ef53a873331594 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:610
          process.env.CLAUDE_AGENT_SDK_CLIENT_APP = originalClientApp;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fdb2b7ee013fe1a Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:1973
        process.env.C2_ENV_PROCESS = 'from-process';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #666345c0e8dd96d4 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:1974
        process.env.C2_ENV_OVERRIDE = 'process';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3bfa6030f38d2805 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.test.ts:1975
        process.env.CLAUDE_CONFIG_DIR = 'from-process';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94248cf37ac6f676 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/claude-code-language-model.ts:289
    const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1ef5c77f00455dff Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/convert-to-claude-code-messages.images.test.ts:187
            data: { type: 'url', url: new URL('https://example.com/image.png') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #08abc0d0b79b9fbb Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/convert-to-claude-code-messages.test.ts:349
                  data: { type: 'url', url: new URL('https://example.com/rows.csv') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #53bbe045a6f9081d Filesystem access.
pkgs/npm/[email protected]__reposrc/src/validation.test.ts:9
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f45d9668ddc62c8 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/validation.ts:2
import { existsSync } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai-sdk-provider-codex-cli

npm dependency
expand_more 34 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #02675f666f494238 Filesystem access.
pkgs/npm/[email protected]__reposrc/examples/app-server/image-support.mjs:53
    const contents = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2828baf03d553dc6 Filesystem access.
pkgs/npm/[email protected]__reposrc/examples/app-server/image-support.mjs:134
    const imageBuffer = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a76c3e2b4369531e Filesystem access.
pkgs/npm/[email protected]__reposrc/examples/exec/image-support.mjs:48
  const contents = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d62151676da921ed Filesystem access.
pkgs/npm/[email protected]__reposrc/examples/exec/image-support.mjs:123
  const imageBuffer = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d119cbf236fe81f4 Filesystem access.
pkgs/npm/[email protected]__reposrc/scripts/validate-app-server-examples.mjs:14
const expectations = JSON.parse(readFileSync(expectationsPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #681c80e353c05a07 Environment-variable access.
pkgs/npm/[email protected]__reposrc/scripts/validate-app-server-examples.mjs:25
const defaultTimeoutMs = Number(process.env.EXAMPLES_TIMEOUT_MS ?? defaults.timeoutMs ?? 180000);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a3929af43a7308d9 Filesystem access.
pkgs/npm/[email protected]__reposrc/scripts/validate-doc-snippets.mjs:35
  const content = readFileSync(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #15eb240dd0ff4b47 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/ai-sdk-v7-integration.test.ts:76
        writeFileSync(lastMessagePath, 'Fallback last message\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #12f5834ae2d5fc77 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/ai-sdk-v7-integration.test.ts:124
      capture.schemaFileAtSpawn = readFileSync(schemaPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dd762407f4bedbfb Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/ai-sdk-v7-integration.test.ts:130
        capture.imageFilesAtSpawn.push(readFileSync(value));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #028630e9ac7a4bb9 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/__tests__/app-server-integration.smoke.test.ts:5
const runIntegration = process.env.CODEX_APP_SERVER_INTEGRATION === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #eb4f412ac7f58f1e Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/__tests__/app-server-integration.smoke.test.ts:13
      const codexPath = process.env.CODEX_APP_SERVER_INTEGRATION_CODEX_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #71331bae891a9a1b Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/__tests__/app-server-integration.smoke.test.ts:14
      const modelId = process.env.CODEX_APP_SERVER_INTEGRATION_MODEL ?? 'gpt-5.3-codex';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9f9343b6eff05f3d Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/app-server-protocol-compat.test.ts:16
    .map((name) => JSON.parse(readFileSync(join(folder, name), 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8c43bfc35d0e32ab Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/codex-cli-language-model.test.ts:28
        writeFileSync(args[idx + 1]!, 'Fallback last message\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e5e8fb7d59c8e8b1 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/codex-cli-language-model.test.ts:392
    expect(readFileSync(filePath, 'utf8')).toContain('Fallback last message');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d93374f2cf9bc745 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/exec-language-model.test.ts:30
        writeFileSync(args[idx + 1]!, 'Fallback last message\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3f6eb002961461e4 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/exec-language-model.test.ts:600
    expect(readFileSync(filePath, 'utf8')).toContain('Fallback last message');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #657759c420be1764 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/image-converter.test.ts:36
      data: { type: 'url', url: new URL('https://example.com/cat.png') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #73eff45dedbc430e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/image-converter.test.ts:184
      data: { type: 'url', url: new URL('https://example.com/file.pdf') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #8fcb1859f2313d58 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/image-utils.test.ts:132
        data: { type: 'url', url: new URL('https://example.com/image.png') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #a9f79ec3758c7d8e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/image-utils.test.ts:224
      const url = new URL('https://example.com/image.png');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #a52a47069172ac73 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/image-utils.test.ts:379
    const content = readFileSync(tempPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #78e22c59d8e6698c Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/prompt-converter.test.ts:100
              data: { type: 'url', url: new URL('https://example.com/cat.webp') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #91e6cb7163a842d9 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/prompt-converter.test.ts:313
              data: { type: 'url', url: new URL('https://example.com/a.png') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #baf786ec1dcb369c Filesystem access.
pkgs/npm/[email protected]__reposrc/src/__tests__/schema-sanitizer.test.ts:53
    const sanitized = JSON.parse(readFileSync(schemaPath!, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #a3f81b7a43d40d45 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/tool-result-converter.test.ts:28
          data: { type: 'url', url: new URL('https://example.com/a.png') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #a51e5b68ab691db5 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/tool-result-converter.test.ts:39
          data: { type: 'url', url: new URL('https://example.com/a.pdf') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #038b148cb5758930 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/src/__tests__/tool-result-converter.test.ts:82
          data: { type: 'url', url: new URL('https://example.com/pic.bin') },

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b58fd282d56ec321 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/app-server/rpc/client.ts:456
        RUST_LOG: process.env.RUST_LOG || 'error',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c48473b9e1b57e7 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/exec-language-model.ts:321
        writeFileSync(schemaPath, JSON.stringify(schemaWithAdditional, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c845c84e1ba5940c Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/exec-language-model.ts:341
      RUST_LOG: process.env.RUST_LOG || 'error',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3dda958b055c4b11 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/exec-language-model.ts:1165
              const fileText = readFileSync(lastMessagePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #94c214a336dde93b Filesystem access.
pkgs/npm/[email protected]__reposrc/src/image-utils.ts:241
  writeFileSync(filePath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai-sdk-provider-opencode-sdk

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #e58004f0229098c0 Environment-variable access.
pkgs/npm/[email protected]__reposrc/examples/client-options.ts:5
const MODEL = process.env.OPENCODE_MODEL ?? "openai/gpt-5.3-codex-spark";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #555bac169622f42f Filesystem access.
pkgs/npm/[email protected]__reposrc/examples/image-input.ts:24
  const contents = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

archiver

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #92df7acbe56ddc0e Filesystem access.
pkgs/npm/[email protected]/lib/core.js:1
import { createReadStream, lstat, readlinkSync, Stats } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

better-sqlite3

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #05429dd4cbe4db34 Filesystem access.
pkgs/npm/[email protected]/deps/copy.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9303fd3a1ec732f5 Filesystem access.
pkgs/npm/[email protected]/lib/database.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10bdde51aead29be Filesystem access.
pkgs/npm/[email protected]/lib/methods/backup.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chat

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #a184d2dfb71f979a Filesystem access.
pkgs/npm/[email protected]__reposrc/src/adapters/index.test.ts:68
  readFileSync(ADAPTERS_JSON_PATH, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b87844c2e5f41207 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/adapters/index.test.ts:115
    const source = stripComments(readFileSync(filePath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd494f29cbeed97f Filesystem access.
pkgs/npm/[email protected]__reposrc/src/adapters/index.test.ts:131
    readFileSync(join(PACKAGES_DIR, packageDir, "package.json"), "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #062994c55e7f0830 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/adapters/index.test.ts:265
      const entrypoint = readFileSync(
        join(PACKAGES_DIR, packageDir, "src/index.ts"),
        "utf-8"
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chokidar

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c0a0cd16cb1b0bea Environment-variable access.
pkgs/npm/[email protected]/index.js:284
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e73eb8e552de99a Environment-variable access.
pkgs/npm/[email protected]/index.js:294
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chrome-launcher

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #eff0015e5622df4f Filesystem access.
pkgs/npm/[email protected]/compiled-check.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

commander

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #988da54f75dfaf30 Environment-variable access.
pkgs/npm/[email protected]/lib/command.js:1992
            this.emit(`optionEnv:${option.name()}`, process.env[option.envVar]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #470e007991b97bae Environment-variable access.
pkgs/npm/[email protected]/lib/command.js:2782
    process.env.NO_COLOR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #364fa611670d4628 Environment-variable access.
pkgs/npm/[email protected]/lib/command.js:2783
    process.env.FORCE_COLOR === '0' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28379d494d731eb8 Environment-variable access.
pkgs/npm/[email protected]/lib/command.js:2784
    process.env.FORCE_COLOR === 'false'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4171b0ee55f90f2c Environment-variable access.
pkgs/npm/[email protected]/lib/command.js:2787
  if (process.env.FORCE_COLOR || process.env.CLICOLOR_FORCE !== undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

exceljs

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #f2e4e02e7c8cf163 Filesystem access.
pkgs/npm/[email protected]/lib/csv/csv.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49f9d0f900d5f383 Filesystem access.
pkgs/npm/[email protected]/lib/stream/xlsx/workbook-reader.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fcc6c580f7fb5bc Filesystem access.
pkgs/npm/[email protected]/lib/stream/xlsx/workbook-writer.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e476f70fb9a51c0b Filesystem access.
pkgs/npm/[email protected]/lib/utils/utils.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #004e31146c253149 Filesystem access.
pkgs/npm/[email protected]/lib/xlsx/xlsx.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aab9e5ee2c9d6421 Filesystem access.
pkgs/npm/[email protected]/lib/xlsx/xlsx.js:29
    fs.readFile(filename, options, (error, data) => {
      if (error) {
        reject(error);
      } else {
        resolve(data);
      }
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

execa

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #16d7d57b5adbf4e3 Filesystem access.
pkgs/npm/[email protected]/lib/io/output-sync.js:132
			writeFileSync(path, serializedResult);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c4a197be61096c0 Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:41
		fileUrl: ({value}) => ({contents: [bufferToUint8Array(readFileSync(value))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef109099bd158f31 Filesystem access.
pkgs/npm/[email protected]/lib/stdio/handle-sync.js:42
		filePath: ({value: {file}}) => ({contents: [bufferToUint8Array(readFileSync(file))]}),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1eadb43a499fc308 Filesystem access.
pkgs/npm/[email protected]/lib/stdio/native.js:59
	return {type: 'uint8Array', value: bufferToUint8Array(readFileSync(targetFdNumber)), optionName};

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

globby

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #859a9a879bf3011c Environment-variable access.
pkgs/npm/[email protected]/ignore.js:677
const getXdgConfigHome = () => process.env.XDG_CONFIG_HOME || path.join(os.homedir(), '.config');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58971d08cdf60051 Environment-variable access.
pkgs/npm/[email protected]/ignore.js:687
		const value = process.env.GIT_CONFIG_GLOBAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jiti

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #41976b4bfd951517 Environment-variable access.
pkgs/npm/[email protected]/lib/jiti-cli.mjs:15
if (nodeModule.enableCompileCache && !process.env.NODE_DISABLE_COMPILE_CACHE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #857e87c44d12f0df Filesystem access.
pkgs/npm/[email protected]/lib/jiti-hooks.mjs:45
  const rawSource = await readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #96e38215e3b1c3c8 Filesystem access.
pkgs/npm/[email protected]/lib/jiti-hooks.mjs:121
    return JSON.parse(await readFile(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

js-yaml

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #b2fecfcb51f5e2dd Filesystem access.
pkgs/npm/[email protected]/bin/js-yaml.mjs:7
const pkg = JSON.parse(readFileSync(new URL('../package.json', import.meta.url)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d324429f7a51f89 Filesystem access.
pkgs/npm/[email protected]/bin/js-yaml.mjs:60
  input = readFileSync(options.file === '-' ? 0 : options.file, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

json5

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #dc21651bf4fc6f02 Filesystem access.
pkgs/npm/[email protected]/lib/cli.js:3
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #111ff524a06f02c2 Filesystem access.
pkgs/npm/[email protected]/lib/register.js:1
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77e6bb4dacc3520b Filesystem access.
pkgs/npm/[email protected]/lib/register.js:6
    const content = fs.readFileSync(filename, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jsonrepair

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #2863c52524c77a58 Filesystem access.
pkgs/npm/[email protected]/bin/cli.js:122
  const pkg = JSON.parse(String(readFileSync(file, 'utf-8')))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

mammoth

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #a53d5b3a2f7a70c2 Filesystem access.
pkgs/npm/[email protected]/lib/docx/files.js:1
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #86de8361b5f60d8d Filesystem access.
pkgs/npm/[email protected]/lib/main.js:3
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #077b3927819d846b Filesystem access.
pkgs/npm/[email protected]/lib/unzip.js:1
var fs = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nanoid

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #96ebacadab74c393 Filesystem access.
pkgs/npm/[email protected]/bin/nanoid.js:18
  let json = readFileSync(join(import.meta.dirname, '..', 'package.json'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

node-machine-id

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #c06db2b9671c866b Environment-variable access.
pkgs/npm/[email protected]/index.js:25
    if( process.arch === 'ia32' && process.env.hasOwnProperty('PROCESSOR_ARCHITEW6432') ) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f0db72373e6bfa8 Filesystem access.
pkgs/npm/[email protected]/webpack.config.babel.js:1
import fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

npm dependency
expand_more 9 low-confidence finding(s)
low egress dependency Excluded from app score #6730c2f08e2df2a6 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.js:50
            const url = new URL(AZURE_IMDS_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #577992d3ed19fe8b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.js:97
            const url = new URL(`http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f69a589e0bd7db0b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.mjs:44
            const url = new URL(AZURE_IMDS_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5db829b5cc5a1fc2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/auth/subject-token-providers.mjs:91
            const url = new URL(`http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c0e6fe89def96784 Environment-variable access.
pkgs/npm/[email protected]/azure.js:44
                endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df5378652b36486d Environment-variable access.
pkgs/npm/[email protected]/azure.mjs:40
                endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #02c8f194d5eda8fe Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/src/auth/subject-token-providers.ts:81
      const url = new URL(AZURE_IMDS_BASE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #32737e6d2d5371f7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/src/auth/subject-token-providers.ts:145
      const url = new URL(
        `http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/identity`,
      );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a52e627c206727a3 Environment-variable access.
pkgs/npm/[email protected]/src/azure.ts:101
        endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

os-name

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #1db74772d39888a2 Filesystem access.
pkgs/npm/[email protected]/index.js:8
		const osRelease = fs.readFileSync('/etc/os-release', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pdf-parse

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #8886f2dab8a27265 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:27
	const pkg = JSON.parse(await readFile(new URL('../package.json', import.meta.url)));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #181a71723803640e Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:103
		const data = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a8061461be9b81f Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:156
		await writeFile(options.output, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df0723813fada108 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:167
		await writeFile(options.output, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74f818f5050f7573 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:179
		await writeFile(options.output, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d1b20f04b613f5b7 Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:208
				await writeFile(filepath, image.data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50ce40ee6ae4b07b Filesystem access.
pkgs/npm/[email protected]/bin/cli.mjs:278
			await writeFile(filepath, page.data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a0e025a9b56b20b Filesystem access.
pkgs/npm/[email protected]/bin/cli.test.mjs:59
	await fs.writeFile(dummyFile, 'dummy content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e651ad8a2260d585 Filesystem access.
pkgs/npm/[email protected]/bin/cli.test.mjs:90
	await fs.writeFile(dummyFile, 'dummy content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

puppeteer-chromium-resolver

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #57eaf2579d69a003 Filesystem access.
pkgs/npm/[email protected]/lib/detect.js:1
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cd9b5721ead67cda Filesystem access.
pkgs/npm/[email protected]/lib/index.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c01f512d9c1e98c Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:18
        const defaultHosts = process.env.PUPPETEER_DEFAULT_HOST || 'https://storage.googleapis.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #270d1ae41e3fae25 Environment-variable access.
pkgs/npm/[email protected]/lib/index.js:134
    let revision = options.revision || process.env.PUPPETEER_REVISION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5e4a8c3f944c9d40 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:201
        fs.writeFileSync(statsPath, JSON.stringify(stats, null, 4));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c634d4ed11d0f2f8 Filesystem access.
pkgs/npm/[email protected]/lib/index.js:213
        stats = JSON.parse(fs.readFileSync(statsPath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

puppeteer-core

npm dependency
expand_more 43 low-confidence finding(s)
low env_fs dependency Excluded from app score #19ea7acff5dea245 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:3407
          await fileHandle.writeFile(value);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66e2be7e1ab97977 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:9481
          content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d8f8dbe1a5344805 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:9536
          content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #49e3c17af7b36d96 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:11665
        await environment.value.fs.promises.writeFile(path, typedArray);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #356dca9c4b22e8d3 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23671
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #02abe751233ede73 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23677
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #beae33210f029221 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23687
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #076bef9798142202 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23693
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #66bcd42f2ebeff43 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23735
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d5b43bb628558617 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23741
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #35cd3bfb230caeea Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23748
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e73fe23b850b5ed3 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23765
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #aaff3ef28bf5bb1a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23775
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #670261ab8092dbf7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23781
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8f19b96599cff730 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:27077
        const fileContent = await environment.value.fs.promises.readFile(portPath, 'ascii');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d842c75ed6c4d66a Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/api/Frame.js:659
                content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6be53e6c6f9b297c Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/api/Frame.js:698
                content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31ba2f3eb70d4458 Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/api/Page.js:835
            await environment.value.fs.promises.writeFile(path, typedArray);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1492f0d66e04c2b Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/bidi/Connection.js:57
        if (process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fd6b17cb7a0d18d Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/common/BrowserConnector.js:97
            const fileContent = await environment.value.fs.promises.readFile(portPath, 'ascii');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79bcc5d308a69830 Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/common/util.js:163
                await fileHandle.writeFile(value);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea58a12d46568bf0 Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/node/BrowserLauncher.js:241
        const bidiOnly = process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #255ad6d8d8148574 Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/node/ChromeLauncher.js:121
        const turnOnExperimentalFeaturesForTesting = process.env['PUPPETEER_TEST_EXPERIMENTAL_CHROME_FEATURES'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #385535f73f799108 Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/node/ChromeLauncher.js:191
        if (process.env['PUPPETEER_DANGEROUS_NO_SANDBOX'] === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #95336fa67a883e14 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:294
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ce8cbd1138d7d463 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:300
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2ee3997ab88d6154 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:310
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cb874459d8a9e43a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:316
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f674bfc48a9995b8 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:358
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e9fc1d256a4b3bde Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:364
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #62eb1c03f9deea76 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:371
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2309a403e24273e8 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:388
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4bbdf6247ed2a378 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:398
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #69343d85c553ac63 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:404
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #2daa4a8d9a342220 Filesystem access.
pkgs/npm/[email protected]/src/api/Frame.ts:934
      content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #458ebc5ad66826b6 Filesystem access.
pkgs/npm/[email protected]/src/api/Frame.ts:1014
      content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ac15c1b411e16e9 Filesystem access.
pkgs/npm/[email protected]/src/api/Page.ts:2462
    await environment.value.fs.promises.writeFile(path, typedArray);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #942e42136254a4de Environment-variable access.
pkgs/npm/[email protected]/src/bidi/Connection.ts:110
    if (process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43bec7736b85d8d1 Filesystem access.
pkgs/npm/[email protected]/src/common/BrowserConnector.ts:143
      const fileContent = await environment.value.fs.promises.readFile(
        portPath,
        'ascii',
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #459b59cf65cfe097 Filesystem access.
pkgs/npm/[email protected]/src/common/util.ts:220
        await fileHandle.writeFile(value);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #108602a35a1bcc7b Environment-variable access.
pkgs/npm/[email protected]/src/node/BrowserLauncher.ts:440
    const bidiOnly = process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8d4a3c90eb779a6 Environment-variable access.
pkgs/npm/[email protected]/src/node/ChromeLauncher.ts:180
      process.env['PUPPETEER_TEST_EXPERIMENTAL_CHROME_FEATURES'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7eb7759e491733a1 Environment-variable access.
pkgs/npm/[email protected]/src/node/ChromeLauncher.ts:262
      process.env['PUPPETEER_DANGEROUS_NO_SANDBOX'] === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tailwindcss

npm dependency
expand_more 16 low-confidence finding(s)
low env_fs dependency Excluded from app score #1867995a7b596ffd Environment-variable access.
pkgs/npm/[email protected]__reposrc/playwright.config.ts:17
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df899b58c5363ba8 Environment-variable access.
pkgs/npm/[email protected]__reposrc/playwright.config.ts:19
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e544bfbfa596a99b Environment-variable access.
pkgs/npm/[email protected]__reposrc/playwright.config.ts:21
  workers: process.env.CI ? 1 : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee6e3614bdfcebd9 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/candidate.bench.ts:8
const root = process.env.FOLDER || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e092937d78f6763 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/canonicalize-candidates.test.ts:13
const defaultTheme = fs.readFileSync(path.resolve(__dirname, '../theme.css'), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81d7dd9248d1f676 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/css-functions.test.ts:1165
        let defaultTheme = await fs.readFile(path.join(__dirname, '..', 'theme.css'), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cf6960af0198e2f8 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/css-parser.bench.ts:8
const cssFile = readFileSync(currentFolder + './preflight.css', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3357d295c7592285 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/index.bench.ts:6
const root = process.env.FOLDER || process.cwd()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9015b3dde7925c5d Filesystem access.
pkgs/npm/[email protected]__reposrc/src/index.test.ts:110
    let defaultTheme = fs.readFileSync(path.resolve(__dirname, '..', 'theme.css'), 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bda3d001640734e3 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/index.test.ts:136
              content: fs.readFileSync(
                path.resolve(__dirname, '..', id === 'tailwindcss' ? 'index.css' : id),
                'utf-8',
              ),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5288b1bcca44df80 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/index.ts:722
  if (process.env.NODE_ENV !== 'test') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62cc8713e220ad8f Filesystem access.
pkgs/npm/[email protected]__reposrc/src/source-maps/line-table.bench.ts:8
const cssFile = readFileSync(currentFolder + '../preflight.css', 'utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65dc8504abe3e2b5 Filesystem access.
pkgs/npm/[email protected]__reposrc/src/source-maps/source-map.test.ts:33
        content: await fs.readFile(resolvedPath, 'utf-8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce4446aabbadeda5 Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/utilities.ts:251
  if (process.env.NODE_ENV === 'test') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d91a0f0a46abdf2 Environment-variable access.
pkgs/npm/[email protected]__reposrc/tsup.config.ts:16
      'process.env.FEATURES_ENV': JSON.stringify(process.env.FEATURES_ENV ?? 'insiders'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #783c5c0bee4d45ba Environment-variable access.
pkgs/npm/[email protected]__reposrc/tsup.config.ts:31
      'process.env.FEATURES_ENV': JSON.stringify(process.env.FEATURES_ENV ?? 'insiders'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ulid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #9508b10b687a893b Environment-variable access.
pkgs/npm/[email protected]__reposrc/rollup.config.js:8
const ENV = process.env.ENV ? process.env.ENV : "node";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47f21f0c75bf0b75 Environment-variable access.
pkgs/npm/[email protected]__reposrc/rollup.config.js:9
const FMT = process.env.FMT ? process.env.FMT : "esm";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

undici

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #d2d9348da5ea0087 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/client-h1.js:67
  const llhttpWasmData = process.env.JEST_WORKER_ID ? require('../llhttp/llhttp-wasm.js') : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0aad8f9f0e7f3d4d Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/client-h1.js:74
  if (process.env.UNDICI_NO_WASM_SIMD === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #422d0f949dd1fb26 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/client-h1.js:76
  } else if (process.env.UNDICI_NO_WASM_SIMD === '0') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b711ccf3fbdac68e Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:26
    const HTTP_PROXY = httpProxy ?? process.env.http_proxy ?? process.env.HTTP_PROXY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f2e4d370830ab2d3 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:33
    const HTTPS_PROXY = httpsProxy ?? process.env.https_proxy ?? process.env.HTTPS_PROXY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f58300eb84f3623 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:142
    return process.env.no_proxy ?? process.env.NO_PROXY ?? ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2df7cb84abfa11a6 Environment-variable access.
pkgs/npm/[email protected]/lib/mock/pending-interceptors-formatter.js:23
        colors: !disableColors && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #830f614f91eccce0 Filesystem access.
pkgs/npm/[email protected]/lib/mock/snapshot-recorder.js:424
      const data = await readFile(resolve(path), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be568387c0864881 Filesystem access.
pkgs/npm/[email protected]/lib/mock/snapshot-recorder.js:470
    await writeFile(resolvedPath, JSON.stringify(data, null, 2), { flush: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4c53aef28d22d20e Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:7
  ? transcode(readFileSync('./undici-fetch.js'), 'utf8', 'latin1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #43a5a9a33d094885 Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:8
  : readFileSync('./undici-fetch.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3fba06374fcf12c0 Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:10
writeFileSync('./undici-fetch.js', buffer.toString('latin1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ws

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #39d8087146274cd2 Environment-variable access.
pkgs/npm/[email protected]/lib/buffer-util.js:115
if (!process.env.WS_NO_BUFFER_UTIL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e07c4e7615296771 Environment-variable access.
pkgs/npm/[email protected]/lib/validation.js:142
} /* istanbul ignore else  */ else if (!process.env.WS_NO_UTF_8_VALIDATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

zod-to-json-schema

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #8474fc835e362b3a Filesystem access.
pkgs/npm/[email protected]/createIndex.ts:1
import { readdirSync, writeFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #910e367f7d6b9698 Filesystem access.
pkgs/npm/[email protected]/createIndex.ts:32
writeFileSync("./src/index.ts", lines.join(";\n"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa1f47c8e07ed731 Filesystem access.
pkgs/npm/[email protected]/postcjs.ts:1
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #859135b1bf6330ba Filesystem access.
pkgs/npm/[email protected]/postcjs.ts:3
writeFileSync("./dist/cjs/package.json", '{"type":"commonjs"}', "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a9974d8afe513d1 Filesystem access.
pkgs/npm/[email protected]/postesm.ts:1
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e54b207c2351ed26 Filesystem access.
pkgs/npm/[email protected]/postesm.ts:3
writeFileSync("./dist/esm/package.json", '{"type":"module","main":"index.js"}', "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @cline/shared prod — dist-only: no readable source
  • @cline/llms prod — dist-only: no readable source
  • @cline/agents prod — dist-only: no readable source
  • @cline/core prod — dist-only: no readable source
  • @types/uuid prod — no javascript source
  • @chat-adapter/discord prod — dist-only: no readable source
  • @chat-adapter/gchat prod — dist-only: no readable source
  • @chat-adapter/linear prod — dist-only: no readable source
  • @chat-adapter/slack prod — dist-only: no readable source
  • @chat-adapter/telegram prod — dist-only: no readable source
  • @chat-adapter/whatsapp prod — dist-only: no readable source
  • @clack/prompts prod — dist-only: no readable source
  • @cline/cline-hub prod — registry 404
  • opentui-spinner prod — scan budget exceeded
  • pino prod — scan budget exceeded
  • react prod — scan budget exceeded
  • react-devtools-core prod — scan budget exceeded
  • react-reconciler prod — scan budget exceeded
  • @floating-ui/react prod — scan budget exceeded
  • @fontsource/azeret-mono prod — scan budget exceeded
  • @heroui/react prod — scan budget exceeded
  • @heroui/theme prod — scan budget exceeded
  • @paper-design/shaders-react prod — scan budget exceeded
  • @radix-ui/react-dialog prod — scan budget exceeded
  • @radix-ui/react-hover-card prod — scan budget exceeded
  • @radix-ui/react-label prod — scan budget exceeded
  • @radix-ui/react-popover prod — scan budget exceeded
  • @radix-ui/react-progress prod — scan budget exceeded
  • @radix-ui/react-select prod — scan budget exceeded
  • @radix-ui/react-separator prod — scan budget exceeded
  • @radix-ui/react-slider prod — scan budget exceeded
  • @radix-ui/react-slot prod — scan budget exceeded
  • @radix-ui/react-switch prod — scan budget exceeded
  • @radix-ui/react-tooltip prod — scan budget exceeded
  • @vscode/webview-ui-toolkit prod — scan budget exceeded
  • class-variance-authority prod — scan budget exceeded
  • clsx prod — scan budget exceeded
  • debounce prod — scan budget exceeded
  • dompurify prod — scan budget exceeded
  • firebase prod — scan budget exceeded
  • framer-motion prod — scan budget exceeded
  • fuse.js prod — scan budget exceeded
  • lucide-react prod — scan budget exceeded
  • magic-string prod — scan budget exceeded
  • mermaid prod — scan budget exceeded
  • posthog-js prod — scan budget exceeded
  • pretty-bytes prod — scan budget exceeded
  • react-dom prod — scan budget exceeded
  • react-markdown prod — scan budget exceeded
  • react-remark prod — scan budget exceeded
  • react-textarea-autosize prod — scan budget exceeded
  • react-use prod — scan budget exceeded
  • react-virtuoso prod — scan budget exceeded
  • rehype-highlight prod — scan budget exceeded
  • rehype-parse prod — scan budget exceeded
  • rehype-remark prod — scan budget exceeded
  • remark-gfm prod — scan budget exceeded
  • remark-stringify prod — scan budget exceeded
  • styled-components prod — scan budget exceeded
  • tailwind-merge prod — scan budget exceeded
  • tailwindcss-animate prod — scan budget exceeded
  • unified prod — scan budget exceeded
  • unist-util-visit prod — scan budget exceeded
  • jest-diff prod — scan budget exceeded
  • @base-ui/react prod — scan budget exceeded
  • @fontsource-variable/schibsted-grotesk prod — scan budget exceeded
  • @radix-ui/react-use-controllable-state prod — scan budget exceeded
  • @rive-app/react-webgl2 prod — scan budget exceeded
  • @shikijs/langs prod — scan budget exceeded
  • @shikijs/themes prod — scan budget exceeded
  • @streamdown/cjk prod — scan budget exceeded
  • @xyflow/react prod — scan budget exceeded
  • ansi-to-react prod — scan budget exceeded
  • cmdk prod — scan budget exceeded
  • embla-carousel-react prod — scan budget exceeded
  • media-chrome prod — scan budget exceeded
  • motion prod — scan budget exceeded
  • next-themes prod — scan budget exceeded
  • react-jsx-parser prod — scan budget exceeded
  • recharts prod — scan budget exceeded
  • shadcn prod — scan budget exceeded
  • shiki prod — scan budget exceeded
  • sonner prod — scan budget exceeded
  • streamdown prod — scan budget exceeded
  • tokenlens prod — scan budget exceeded
  • use-stick-to-bottom prod — scan budget exceeded