Close Open Privacy Scan

bolt Snapshot: commit 0736dde
science engine v1.21
schedule 2026-07-17T20:11:47.318906+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code. Dependency data flows are listed separately and do not affect this verdict.

smart_toy AI deps detected: anthropic, chromadb, langchain-anthropic, langchain-core +4 more — detected in dependencies, not a safety judgment.

App Privacy Score

82 /100
Low privacy risk

Low risk · 1158 finding(s)

Dependency score: 0 (High risk)

bar_chart Score Breakdown

egress −15
env_fs −3

list Scan Summary

0 high 79 medium 1079 low
First-party packages: 21
Dependency packages: 39
Ecosystem: python

swap_horiz Application data flows

No application data flows were found. See dependency data flows below.

hub Dependency data flows (1)
medium langsmith dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/langsmith/sandbox/_models.py:222 pkgs/python/[email protected]/langsmith/sandbox/_models.py:223

</> First-Party Code

first-party (python): libs/core

python first-party
expand_more 23 low-confidence finding(s)
low env_fs production #b3669d173c4524dd Environment-variable access.
repo/libs/core/langchain_core/_security/_policy.py:238
    if os.environ.get("LANGCHAIN_ENV", "").startswith("local"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aaa2efb6bacc6607 Environment-variable access.
repo/libs/core/langchain_core/_security/_ssrf_protection.py:70
        os.environ.get("LANGCHAIN_ENV") == "local_test"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4cb481c67a76a59 Filesystem access.
repo/libs/core/langchain_core/documents/base.py:168
            return Path(self.path).read_text(encoding=self.encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c84fb0a500f85b66 Filesystem access.
repo/libs/core/langchain_core/documents/base.py:190
            return Path(self.path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91f5a1c38208cbbb Environment-variable access.
repo/libs/core/langchain_core/load/load.py:481
            if self.secrets_from_env and key in os.environ and os.environ[key]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63de0f244fe30355 Environment-variable access.
repo/libs/core/langchain_core/load/load.py:482
                return os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #732724ea603df953 Filesystem access.
repo/libs/core/langchain_core/prompts/chat.py:553
        template = Path(template_file).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d7974b427084361 Filesystem access.
repo/libs/core/langchain_core/prompts/loading.py:105
            template = resolved_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed1a48c74d33876c Filesystem access.
repo/libs/core/langchain_core/prompts/prompt.py:253
        template = Path(template_file).read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0053cc238787a640 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/core/langchain_core/runnables/graph_mermaid.py:461
            response = requests.get(image_url, timeout=10, proxies=proxies)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #052e3a1b528101f8 Environment-variable access.
repo/libs/core/langchain_core/utils/env.py:18
    return env_var in os.environ and os.environ[env_var] not in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bc629df9ca71b3b Environment-variable access.
repo/libs/core/langchain_core/utils/env.py:77
    if env_value := os.getenv(env_key):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf06f6b735fb29de Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:405
                if k in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de97f5340215098d Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:406
                    return os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c25212e305381216 Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:407
        if isinstance(key, str) and key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9f94ddaeaf49b49 Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:408
            return os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73aa964e339c8a72 Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:475
                if k in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2b6fdc628b822b4 Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:476
                    return SecretStr(os.environ[k])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8008a3d701d43b6a Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:477
        if isinstance(key, str) and key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6c3c371dedc3da5 Environment-variable access.
repo/libs/core/langchain_core/utils/utils.py:478
            return SecretStr(os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7523fa1a3abf2c23 Filesystem access.
repo/libs/core/scripts/check_version.py:21
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #37ca0cc6f13c32e5 Filesystem access.
repo/libs/core/scripts/check_version.py:28
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #33a6eba2efac2759 Filesystem access.
repo/libs/core/scripts/check_version.py:41
        content = snapshot_path.read_text(encoding="utf-8", errors="replace")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/langchain

python first-party
expand_more 2 low-confidence finding(s)
low egress production #76479dfb2a0b7359 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/langchain/langchain_classic/chains/openai_functions/openapi.py:207
        return requests.request(method, url, **_kwargs, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #ab43f6ee3f4488ff Filesystem access.
repo/libs/langchain/langchain_classic/storage/file_system.py:118
                value = full_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/langchain_v1

python first-party
expand_more 4 low-confidence finding(s)
low env_fs production #e4c7e4899ab2657b Environment-variable access.
repo/libs/langchain_v1/langchain/agents/middleware/_execution.py:322
        host_env = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af91c0c977d1c528 Filesystem access.
repo/libs/langchain_v1/langchain/agents/middleware/file_search.py:387
                    content = file_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0ca8958efda0b2ca Filesystem access.
repo/libs/langchain_v1/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9c0a2b4daad7ca5a Filesystem access.
repo/libs/langchain_v1/scripts/check_version.py:22
    content = init_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/model-profiles

python first-party
expand_more 2 low-confidence finding(s)
low env_fs production #1940deb00e570a23 Filesystem access.
repo/libs/model-profiles/langchain_model_profiles/_summary.py:470
                new_source = new_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #16daf3e50c2887e2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/libs/model-profiles/langchain_model_profiles/cli.py:281
        response = httpx.get(api_url, timeout=30)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (python): libs/partners/anthropic

python first-party
expand_more 10 low-confidence finding(s)
low env_fs production #3ab2f6d9a34f3e37 Environment-variable access.
repo/libs/partners/anthropic/langchain_anthropic/_client_utils.py:55
        or os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95053e8ea19928ab Environment-variable access.
repo/libs/partners/anthropic/langchain_anthropic/_client_utils.py:74
        or os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #594cf4d6caaae747 Filesystem access.
repo/libs/partners/anthropic/langchain_anthropic/middleware/anthropic_tools.py:900
            content = full_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01d7a19a30a650e3 Filesystem access.
repo/libs/partners/anthropic/langchain_anthropic/middleware/anthropic_tools.py:936
        full_path.write_text(file_text + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec4adb8557e16fa3 Filesystem access.
repo/libs/partners/anthropic/langchain_anthropic/middleware/anthropic_tools.py:963
        content = full_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18d7576f3808485b Filesystem access.
repo/libs/partners/anthropic/langchain_anthropic/middleware/anthropic_tools.py:973
        full_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9077fb38bb091f4 Filesystem access.
repo/libs/partners/anthropic/langchain_anthropic/middleware/anthropic_tools.py:1000
        content = full_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0cf40faecf093b02 Filesystem access.
repo/libs/partners/anthropic/langchain_anthropic/middleware/anthropic_tools.py:1018
        full_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1d42305728ddb3f1 Filesystem access.
repo/libs/partners/anthropic/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ea202ab1dc21581e Filesystem access.
repo/libs/partners/anthropic/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/chroma

python first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only Excluded from app score #af4db71f40af518c Filesystem access.
repo/libs/partners/chroma/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d4e3d097813d8153 Filesystem access.
repo/libs/partners/chroma/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/deepseek

python first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only Excluded from app score #179c8ef7a39e00b1 Filesystem access.
repo/libs/partners/deepseek/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5a38ffa764cdbbe2 Filesystem access.
repo/libs/partners/deepseek/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/exa

python first-party
expand_more 3 low-confidence finding(s)
low env_fs production #740035f9d9531865 Environment-variable access.
repo/libs/partners/exa/langchain_exa/_utilities.py:9
    exa_api_key = values.get("exa_api_key") or os.environ.get("EXA_API_KEY") or ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d0abf357df02e7d4 Filesystem access.
repo/libs/partners/exa/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fa6bb278e22579b2 Filesystem access.
repo/libs/partners/exa/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/fireworks

python first-party
expand_more 3 low-confidence finding(s)
low egress production #cda8f13066425d11 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/partners/fireworks/langchain_fireworks/llms.py:219
            session.post(
                self.base_url,
                json=payload,
                headers=headers,
                timeout=ClientTimeout(total=self.timeout),
            ) as response,

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #63321e213f58fc2c Filesystem access.
repo/libs/partners/fireworks/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d0f575aef3035d4b Filesystem access.
repo/libs/partners/fireworks/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/groq

python first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only Excluded from app score #6d23fe45d31f43c1 Filesystem access.
repo/libs/partners/groq/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #086199244196a661 Filesystem access.
repo/libs/partners/groq/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/huggingface

python first-party
expand_more 5 low-confidence finding(s)
low env_fs production #11bd2cb08c7ff938 Environment-variable access.
repo/libs/partners/huggingface/langchain_huggingface/embeddings/huggingface_endpoint.py:74
        huggingfacehub_api_token = self.huggingfacehub_api_token or os.getenv(
            "HF_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83046606d339a88c Environment-variable access.
repo/libs/partners/huggingface/langchain_huggingface/llms/huggingface_endpoint.py:244
            model or endpoint_url or repo_id or os.environ.get("HF_INFERENCE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #272c8b9600fb59ea Environment-variable access.
repo/libs/partners/huggingface/langchain_huggingface/llms/huggingface_endpoint.py:263
        huggingfacehub_api_token = self.huggingfacehub_api_token or os.getenv(
            "HF_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b815040d9ace120 Filesystem access.
repo/libs/partners/huggingface/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5c4a334f6b289bf1 Filesystem access.
repo/libs/partners/huggingface/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/mistralai

python first-party
expand_more 3 low-confidence finding(s)
low env_fs production #85bfe7d424274a72 Environment-variable access.
repo/libs/partners/mistralai/langchain_mistralai/chat_models.py:724
            or os.environ.get("MISTRAL_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #60eb2a2093cd893d Filesystem access.
repo/libs/partners/mistralai/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6aa53dee41b3ea19 Filesystem access.
repo/libs/partners/mistralai/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/nomic

python first-party
expand_more 3 low-confidence finding(s)
low env_fs production #9dd127025840bd6f Environment-variable access.
repo/libs/partners/nomic/langchain_nomic/embeddings.py:88
        _api_key = nomic_api_key or os.environ.get("NOMIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b2fe1026fa985e40 Filesystem access.
repo/libs/partners/nomic/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b4608bc467a1195 Filesystem access.
repo/libs/partners/nomic/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/ollama

python first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only Excluded from app score #4c5e94473340b4d2 Filesystem access.
repo/libs/partners/ollama/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6fda13b4feffe34c Filesystem access.
repo/libs/partners/ollama/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/openai

python first-party
expand_more 22 low-confidence finding(s)
low env_fs production #04a0f1e64cae1270 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:61
    raw = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6a37deb9b201689 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:92
    raw = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4e9f0fc2ded70b7 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:179
    if os.environ.get("LANGCHAIN_OPENAI_TCP_KEEPALIVE", "1") == "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8205f7c9d470cfd Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:224
    if any(os.environ.get(name) for name in _PROXY_ENV_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75bddc87b1b212da Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:259
    if os.environ.get("LANGCHAIN_OPENAI_TCP_KEEPALIVE", "1") == "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4f4eeba65ed04b3 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:280
    active = [name for name in _PROXY_ENV_VARS if os.environ.get(name)]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #623e5b1f21be1429 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:315
    active = [name for name in _PROXY_ENV_VARS if os.environ.get(name)]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #781d1b67f953e67a Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:394
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ad61fdc3d141ab0 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/_client_utils.py:415
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fefb45fc36b8326 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/azure.py:619
            or os.getenv("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63eab0ca65b7c5f3 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/azure.py:620
            or os.getenv("OPENAI_ORGANIZATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3112e3eaa4c5bb20 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/base.py:1212
            or os.getenv("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45e3087147dcca5d Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/base.py:1213
            or os.getenv("OPENAI_ORGANIZATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85b926bfe35353e9 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/base.py:1215
        self.openai_api_base = self.openai_api_base or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98910e74356e8ea7 Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/base.py:1234
            and "OPENAI_BASE_URL" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1aebe9f143c47f4b Environment-variable access.
repo/libs/partners/openai/langchain_openai/chat_models/codex.py:81
    return os.environ.get(ORIGINATOR_ENV_VAR) or ORIGINATOR_VALUE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9e83c56f5f1bf44f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/partners/openai/langchain_openai/chatgpt_oauth.py:405
        resp = client.post(
            url,
            data=data,
            headers={"Accept": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6bdd6fc42a8a305f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/partners/openai/langchain_openai/chatgpt_oauth.py:425
        resp = client.post(
            url,
            data=data,
            headers={"Accept": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1676031d7f3e180c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/partners/openai/langchain_openai/chatgpt_oauth.py:447
        resp = await client.post(
            url,
            data=data,
            headers={"Accept": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8173181a04c5efba Filesystem access.
repo/libs/partners/openai/langchain_openai/chatgpt_oauth.py:503
            raw_text = self.path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7e990a3dd3d54eb6 Filesystem access.
repo/libs/partners/openai/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #80d9805a5b7d9c53 Filesystem access.
repo/libs/partners/openai/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/openrouter

python first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only Excluded from app score #7abb136b3097604e Filesystem access.
repo/libs/partners/openrouter/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #17b254973caa312e Filesystem access.
repo/libs/partners/openrouter/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/perplexity

python first-party
expand_more 4 low-confidence finding(s)
low env_fs production #86e807e1fb1562dc Environment-variable access.
repo/libs/partners/perplexity/langchain_perplexity/_utils.py:12
        or os.environ.get("PPLX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90f33063aea21ed2 Environment-variable access.
repo/libs/partners/perplexity/langchain_perplexity/_utils.py:13
        or os.environ.get("PERPLEXITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #20fb7c6497a38c69 Filesystem access.
repo/libs/partners/perplexity/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #57be7b3e0932f539 Filesystem access.
repo/libs/partners/perplexity/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/qdrant

python first-party
expand_more 3 low-confidence finding(s)
low env_fs production #834112513bf6634a Environment-variable access.
repo/libs/partners/qdrant/langchain_qdrant/vectorstores.py:2295
            api_key = os.getenv("QDRANT_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #52ef8bdc628cf3be Filesystem access.
repo/libs/partners/qdrant/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0891214347a14817 Filesystem access.
repo/libs/partners/qdrant/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/partners/xai

python first-party
expand_more 2 low-confidence finding(s)
low env_fs test-only Excluded from app score #da6569bc3507b0b7 Filesystem access.
repo/libs/partners/xai/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d395c9a00158a9f1 Filesystem access.
repo/libs/partners/xai/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/standard-tests

python first-party
expand_more 15 low-confidence finding(s)
low env_fs production #035ae24efd0c7d98 Environment-variable access.
repo/libs/standard-tests/langchain_tests/_langsmith_plugin.py:34
    return os.environ.get("GITHUB_ACTIONS") == "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa8d58c3b5e6ffd1 Environment-variable access.
repo/libs/standard-tests/langchain_tests/_langsmith_plugin.py:72
    tags = _parse_tags(os.environ.get("LANGSMITH_TAGS", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fa43e3552a538bb Environment-variable access.
repo/libs/standard-tests/langchain_tests/_langsmith_plugin.py:73
    metadata = _parse_metadata(os.environ.get("LANGSMITH_METADATA", ""))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f580712566430b2 Filesystem access.
repo/libs/standard-tests/langchain_tests/conftest.py:100
        data = cassette_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fad7a6108ab711da Environment-variable access.
repo/libs/standard-tests/langchain_tests/integration_tests/chat_models.py:165
    user_agent = os.environ.get("LANGCHAIN_TESTS_USER_AGENT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #179e4121719adb8f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/standard-tests/langchain_tests/integration_tests/chat_models.py:175
    httpx_response = httpx.get(url, headers=headers, timeout=10.0).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #50ecc90115c78d24 Hardcoded external endpoint. Review what data is sent to this destination.
repo/libs/standard-tests/langchain_tests/integration_tests/chat_models.py:2714
        pdf_data = base64.b64encode(httpx.get(url, timeout=10.0).content).decode(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1f9871664c7c4f33 Hardcoded external endpoint. Review what data is sent to this destination.
repo/libs/standard-tests/langchain_tests/integration_tests/chat_models.py:2915
            httpx.get(image_url, timeout=10.0).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d7f958249036f57e Hardcoded external endpoint. Review what data is sent to this destination.
repo/libs/standard-tests/langchain_tests/integration_tests/chat_models.py:3023
            httpx.get(image_url, timeout=10.0).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e829ba4b72351def Hardcoded external endpoint. Review what data is sent to this destination.
repo/libs/standard-tests/langchain_tests/integration_tests/chat_models.py:3123
        pdf_data = base64.b64encode(httpx.get(url, timeout=10.0).content).decode(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f277896f9c2fd28f Hardcoded external endpoint. Review what data is sent to this destination.
repo/libs/standard-tests/langchain_tests/integration_tests/chat_models.py:3262
                httpx.get(image_url, timeout=10.0).content

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #aed0b26c918d8f6d Environment-variable access.
repo/libs/standard-tests/langchain_tests/unit_tests/chat_models.py:962
            with mock.patch.dict(os.environ, env_params):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a52f6c616abbc2a Environment-variable access.
repo/libs/standard-tests/langchain_tests/unit_tests/chat_models.py:1149
            with mock.patch.dict(os.environ, env_params):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d09af50b2e12e05 Environment-variable access.
repo/libs/standard-tests/langchain_tests/unit_tests/embeddings.py:130
            with mock.patch.dict(os.environ, env_params):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #739d1bef80547952 Environment-variable access.
repo/libs/standard-tests/langchain_tests/unit_tests/tools.py:89
            with mock.patch.dict(os.environ, env_params):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (python): libs/text-splitters

python first-party
expand_more 2 low-confidence finding(s)
low egress production #52737d982567c77c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/libs/text-splitters/langchain_text_splitters/html.py:230
            response = client.get(url, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a1f5e061bf117698 Filesystem access.
repo/libs/text-splitters/langchain_text_splitters/html.py:247
            html_content = pathlib.Path(file).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

langsmith

python dependency
medium telemetry dependency Excluded from app score #50d36a07e3819cfb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/_background_thread.py:32
    from opentelemetry.context.context import Context  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #157d3839f8e94a64 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_attribute_utils.py:10
    from opentelemetry.trace import Span  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5e6bf6ae9b460dd6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:9
        from opentelemetry.sdk.trace import TracerProvider  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b791d69a6913878f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:19
        from opentelemetry.exporter.otlp.proto.http.trace_exporter import (  # type: ignore[import]
            OTLPSpanExporter,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ad891b793d0b64d3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:22
        from opentelemetry.sdk.resources import (  # type: ignore[import]
            SERVICE_NAME,
            Resource,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b2c9a1e4286a0a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:26
        from opentelemetry.sdk.trace import TracerProvider  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6f1c0c8c1c949c09 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:27
        from opentelemetry.sdk.trace.export import (  # type: ignore[import]
            BatchSpanProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0dd96ead8fb4117c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_exporter.py:16
        from opentelemetry.context.context import Context  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ebf4cab4b06c2f70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_exporter.py:17
        from opentelemetry.trace import Span  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cb90b56238afbe4e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_exporter.py:37
        from opentelemetry import trace  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #256da70b1eade1f7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_exporter.py:38
        from opentelemetry.context.context import Context  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4fc02d26feb961f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_exporter.py:39
        from opentelemetry.trace import (  # type: ignore[import]
            NonRecordingSpan,
            Span,
            SpanContext,
            TraceFlags,
            TraceState,
            set_span_in_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ca534a404422f807 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/otel/_span_utils.py:15
from opentelemetry.sdk.trace import Event, ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d83b57272aef106b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/voice/base_span_processor.py:28
from opentelemetry.context import Context

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3dff1f0d357ca63e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/voice/base_span_processor.py:29
from opentelemetry.sdk.trace import ReadableSpan, Span, SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ebfab86e42ceb43 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/voice/base_span_processor.py:30
from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #81e7a184481562be Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/_internal/voice/translated_span.py:17
from opentelemetry.sdk.trace import Event, ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1b6ccc513cc147b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/client.py:233
        from opentelemetry import trace as otel_trace  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84e8b0479db75d32 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/client.py:234
        from opentelemetry.trace import set_span_in_context  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a482d7aac57571da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/client.py:257
    from opentelemetry.sdk.trace import TracerProvider  # type: ignore[import-not-found]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a64144ebdb8aa9e9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/client.py:284
        from opentelemetry import trace as otel_trace  # type: ignore[import]

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #4dc395c0032ae78c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/livekit/__init__.py:68
        from opentelemetry import trace as otel_trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6eb5dc30f5e03bbf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/livekit/__init__.py:69
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6b3b4749d7ddb50b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/livekit/processor.py:18
from opentelemetry.sdk.trace import SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84073b862a8d87c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/otel/__init__.py:15
    from opentelemetry.trace import Span, SpanContext

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7f5f30c00be07d6e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/otel/__init__.py:82
    from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c7513f18d73f0cb9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/otel/__init__.py:181
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9088c3b607b2a8db Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/otel/__init__.py:182
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #5c8504148368e5e5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/otel/__init__.py:183
        from opentelemetry.trace import NoOpTracer, ProxyTracer, ProxyTracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b4657ff70e4faf95 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/otel/processor.py:12
    from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f461fc22b329455a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/otel/processor.py:13
    from opentelemetry.sdk.trace.export import BatchSpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b277f787ff8a005a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/pipecat/__init__.py:67
        from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d583a4bc08da9ec2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/pipecat/__init__.py:68
        from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c6a6dd0d0d1f04ce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/pipecat/processor.py:45
from opentelemetry.sdk.trace import SpanProcessor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1c2e42b4c9e6af6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/strands_agents/exporter.py:19
from opentelemetry.exporter.otlp.proto.http.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #b047f43425ca893c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/strands_agents/exporter.py:20
from opentelemetry.sdk.trace import ReadableSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8a30ef7cebc940f8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/integrations/strands_agents/exporter.py:21
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,
    ConsoleSpanExporter,
    SimpleSpanProcessor,
    SpanExporter,
    SpanExportResult,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #df4265101246fcec Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/run_helpers.py:2223
            import opentelemetry.trace  # noqa: F401

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f8d28f7236e4827b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langsmith/run_helpers.py:2245
    from opentelemetry.trace import (  # type: ignore[import]
        NonRecordingSpan,
        SpanContext,
        TraceFlags,
        TraceState,
        use_span,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow dependency Excluded from app score #3a9af231365334cf A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/python/[email protected]/langsmith/sandbox/_models.py:223 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/langsmith/sandbox/_models.py:222 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/langsmith/sandbox/_models.py:223
        return httpx.request(method, url, headers=headers, **kwargs)

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 103 low-confidence finding(s)
low env_fs dependency Excluded from app score #1f8107e1e810632e Environment-variable access.
pkgs/python/[email protected]/bench/create_run_tree.py:6
os.environ["LANGSMITH_API_KEY"] = "fake"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a886f54cb8885ae Environment-variable access.
pkgs/python/[email protected]/bench/tracing_client_via_pyo3.py:28
    if os.environ.get("LANGSMITH_USE_PYO3_CLIENT") is None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a53b3d81ab70054 Environment-variable access.
pkgs/python/[email protected]/bench/tracing_client_via_pyo3.py:34
    api_key = os.environ["LANGSMITH_API_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac167ee73a5c45c5 Filesystem access.
pkgs/python/[email protected]/bench/upload_example_with_large_file_attachment.py:24
    with open(filepath, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56dc69b8fe54d0df Environment-variable access.
pkgs/python/[email protected]/conftest.py:95
    shard_total_raw = os.getenv("PYTEST_SHARD_TOTAL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #85569cbec6afa23e Environment-variable access.
pkgs/python/[email protected]/conftest.py:96
    shard_index_raw = os.getenv("PYTEST_SHARD_INDEX")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ba3ae49eb74f9f28 Filesystem access.
pkgs/python/[email protected]/docs/_extensions/gallery_directive.py:82
            yaml_string = path_data.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #641a5d36f79a5561 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:256
html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #53e8f1e4c9d79e12 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:259
if os.environ.get("READTHEDOCS", "") == "True":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #67e366bf326cb3b7 Filesystem access.
pkgs/python/[email protected]/docs/create_api_rst.py:368
        with open(package_dir.parent / "pyproject.toml") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #2745cbb3b8361106 Filesystem access.
pkgs/python/[email protected]/docs/create_api_rst.py:410
    with open(HERE / "reference.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0ffbcd9f3fa9921f Filesystem access.
pkgs/python/[email protected]/docs/create_api_rst.py:423
    with open(HERE / "index.md", "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #d8a4d253c4a2288d Filesystem access.
pkgs/python/[email protected]/docs/create_api_rst.py:433
        with open(HERE / name, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #475822e385ed1d21 Filesystem access.
pkgs/python/[email protected]/docs/scripts/custom_formatter.py:39
        with open(fn) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b021bfd391fd6ebe Filesystem access.
pkgs/python/[email protected]/docs/scripts/custom_formatter.py:42
        with open(fn, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c05cf674eee349f Filesystem access.
pkgs/python/[email protected]/langsmith/_internal/_oauth_refresh_lock.py:45
    with open(meta, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81f12108082876c0 Filesystem access.
pkgs/python/[email protected]/langsmith/_internal/_oauth_refresh_lock.py:52
        with open(os.path.join(lock_dir, _LOCK_METADATA_FILE), encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #191f5cfa14d042f5 Filesystem access.
pkgs/python/[email protected]/langsmith/_internal/_operations.py:359
                    file = open(data_or_path, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33aff2a8c6853af3 Environment-variable access.
pkgs/python/[email protected]/langsmith/_internal/_profiles.py:69
    if config_file := os.environ.get("LANGSMITH_CONFIG_FILE"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2ba0440f6fbfe12 Filesystem access.
pkgs/python/[email protected]/langsmith/_internal/_profiles.py:82
        raw = json.loads(path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #54ba0f200eacda71 Environment-variable access.
pkgs/python/[email protected]/langsmith/_internal/_profiles.py:90
    profile_name = os.environ.get("LANGSMITH_PROFILE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #396e50b0103902ef Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/_internal/_profiles.py:172
        response = requests.post(
            f"{refresh_url}/oauth/token",
            data={
                "grant_type": "refresh_token",
                "client_id": _OAUTH_CLIENT_ID,
                "refresh_token": refresh_token,
            },
            headers={"Content-Type": "application/x-www-form-urlencoded"},
            timeout=timeout,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7e0a034dd6f22684 Filesystem access.
pkgs/python/[email protected]/langsmith/_internal/_profiles.py:217
        temp_path.write_text(json.dumps(config, indent=2) + "\n", encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38f5623b3270108e Filesystem access.
pkgs/python/[email protected]/langsmith/_internal/_profiles.py:301
            raw = json.loads(self._state.path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6075c580deab705a Environment-variable access.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:77
    endpoint = os.environ.get("OTEL_EXPORTER_OTLP_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1582213479e556e1 Environment-variable access.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:84
    headers_env = os.environ.get("OTEL_EXPORTER_OTLP_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e282abe57664909 Environment-variable access.
pkgs/python/[email protected]/langsmith/_internal/otel/_otel_client.py:100
    service_name = os.environ.get("OTEL_SERVICE_NAME", "langsmith")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #6ba14deb28f0ae5b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/_openapi_client/_base_client.py:306
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #79965c4e5b2278bf Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:97
            api_key = os.environ.get("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1df367b8850997c8 Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:101
            tenant_id = os.environ.get("LANGSMITH_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f67230ad89973b44 Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:105
            base_url = os.environ.get("LANGCHAIN_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0e1bc0eec7bfae2 Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:109
        custom_headers_env = os.environ.get("LANGCHAIN_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9af4f72054edc27a Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:353
            api_key = os.environ.get("LANGSMITH_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f14ba1918bef2cef Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:357
            tenant_id = os.environ.get("LANGSMITH_TENANT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a24b1a1775863f0a Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:361
            base_url = os.environ.get("LANGCHAIN_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30a5a7c6338ddfb1 Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_client.py:365
        custom_headers_env = os.environ.get("LANGCHAIN_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #311d4cf995868082 Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #810a1d674963aa73 Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #473a2a46cbc2482f Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baba51ec85f7dbfc Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #230638dab1460555 Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4a28b8d27e65ad1 Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_response.py:497
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f1f20b0147c1e69 Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_response.py:539
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4c93cd636e9e977 Environment-variable access.
pkgs/python/[email protected]/langsmith/_openapi_client/_utils/_logs.py:17
    env = os.environ.get("LANGCHAIN_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ee29497c864d3b Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b01689573d3e7e3e Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #098367df9fab74b3 Filesystem access.
pkgs/python/[email protected]/langsmith/_openapi_client/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d7a01f6403382edf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/async_client.py:439
                    response = await self._client.request(method, endpoint, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d5b72387bce6b777 Environment-variable access.
pkgs/python/[email protected]/langsmith/client.py:627
        value = os.environ.get(f"{namespace}_{name}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f5be80260585b08 Environment-variable access.
pkgs/python/[email protected]/langsmith/client.py:1145
            os.getenv("LANGSMITH_ENDPOINT") or os.getenv("LANGCHAIN_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ca45f42dc11c2e5d Environment-variable access.
pkgs/python/[email protected]/langsmith/client.py:1146
        ) and os.getenv("LANGSMITH_RUNS_ENDPOINTS"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db7882664e2d23c9 Filesystem access.
pkgs/python/[email protected]/langsmith/client.py:1607
            temp_path.write_text(json.dumps(envelope))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ead803ecf89c9f10 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/client.py:1863
                        response = self.session.request(
                            method,
                            _construct_url(self.api_url, pathname),
                            stream=False,
                            **request_kwargs,
                        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #99beb0047263d0bd Filesystem access.
pkgs/python/[email protected]/langsmith/client.py:2221
            with open(csv_file, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8eab6f6981845165 Filesystem access.
pkgs/python/[email protected]/langsmith/client.py:6139
                                file = open(attachment_data, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f65cf676d5c3b225 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/client.py:7314
            response = self.session.request(
                "POST",
                full_url,
                headers={**self._headers, "Content-Type": "application/json"},
                data=_dumps_json(body),
                timeout=self._timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #63c606c9e7263e77 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/client.py:11231
                response = requests.get(full_url, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #24ec975b15a4134a Filesystem access.
pkgs/python/[email protected]/langsmith/integrations/claude_agent_sdk/_usage.py:116
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1d8c13c90c32dbb9 Filesystem access.
pkgs/python/[email protected]/langsmith/integrations/claude_agent_sdk/_usage.py:174
        with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3ce88b0777c9cd1 Environment-variable access.
pkgs/python/[email protected]/langsmith/integrations/google_adk/_client.py:55
    use_vertexai = os.environ.get("GOOGLE_GENAI_USE_VERTEXAI", "0").lower() in (

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1dde72036f2311db Filesystem access.
pkgs/python/[email protected]/langsmith/integrations/livekit/processor.py:520
            audio_bytes = audio_path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd3b49f80b395e23 Filesystem access.
pkgs/python/[email protected]/langsmith/prompt_cache.py:229
            with open(temp_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a93ea0dcac03f24 Filesystem access.
pkgs/python/[email protected]/langsmith/prompt_cache.py:260
            with open(path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #41f9e794974de5fa Environment-variable access.
pkgs/python/[email protected]/langsmith/pytest_plugin.py:306
        if os.environ.get("PYTEST_XDIST_TESTRUNUID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57528cbf7363a569 Environment-variable access.
pkgs/python/[email protected]/langsmith/run_trees.py:1275
    if parsed and (os.getenv("LANGSMITH_ENDPOINT") or os.getenv("LANGCHAIN_ENDPOINT")):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f29003520bc16f34 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:452
            response = await self._http.post(
                url,
                json=payload,
                timeout=http_timeout,
                headers=self._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6862dd69002ba021 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:486
            response = await self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0d8b3c11277432d1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:510
            response = await self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5edda5c11e9415ca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:638
            response = await self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5a6596d109421015 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:692
            response = await self._http.post(
                url, json=payload, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #65dae75918968b3f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:778
            response = await self._http.post(
                url, json={}, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c8d45ec9a16f4508 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:804
            response = await self._http.post(
                url, json={}, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f5a806b6dc1677ce Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:859
            response = await self._http.post(
                url, json=payload, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3ee9814b9979eb10 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:1002
            response = await self._http.post(
                url, json=payload, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b0515dce097e00eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:1037
            response = await self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #de15f7a30259b74f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_client.py:1089
            response = await self._http.get(
                url,
                params=params or None,
                headers=self._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d7670265ba966171 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_sandbox.py:448
            response = await self._client._http.post(
                url,
                json=payload,
                timeout=timeout + 10,
                headers=self._client._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a29f25c0dde8ccb6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_sandbox.py:551
            response = await self._client._http.post(
                url,
                params={"path": path},
                files=files,
                timeout=timeout,
                headers=self._client._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9af09603901a833a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_async_sandbox.py:587
            response = await self._client._http.get(
                url,
                params={"path": path},
                timeout=timeout,
                headers=self._client._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #898cc465190687c2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:555
            response = self._http.post(
                url,
                json=payload,
                timeout=http_timeout,
                headers=self._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f502c715d6e0a66c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:585
            response = self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #fe7d9dcacae87e64 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:605
            response = self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bdbf93f1a716812e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:727
            response = self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #cd2129195225affe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:780
            response = self._http.post(
                url, json=payload, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b213775fda343352 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:866
            response = self._http.post(
                url, json={}, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #25ec29bf6f51aa90 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:892
            response = self._http.post(
                url, json={}, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #697dd3933c344adf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:947
            response = self._http.post(
                url, json=payload, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9dafe445e35f6aac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:1091
            response = self._http.post(
                url, json=payload, headers=self._request_headers(headers)
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ae99214526121137 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:1124
            response = self._http.get(url, headers=self._request_headers(headers))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #89d56316f207b0a8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_client.py:1176
            response = self._http.get(
                url,
                params=params or None,
                headers=self._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #33cc357958bea46e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_models.py:223
        return httpx.request(method, url, headers=headers, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d8528b0dece7741e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_models.py:382
            return await client.request(method, url, headers=headers, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bf1150badc9560b8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_sandbox.py:446
            response = self._client._http.post(
                url,
                json=payload,
                timeout=timeout + 10,
                headers=self._client._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e8cabbc73e3c57c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_sandbox.py:549
            response = self._client._http.post(
                url,
                params={"path": path},
                files=files,
                timeout=timeout,
                headers=self._client._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a450c9f999b9fe05 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langsmith/sandbox/_sandbox.py:585
            response = self._client._http.get(
                url,
                params={"path": path},
                timeout=timeout,
                headers=self._client._request_headers(headers),
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0c9ace999e0fa091 Environment-variable access.
pkgs/python/[email protected]/langsmith/testing/_internal.py:427
    if os.environ.get("PYTEST_XDIST_TESTRUNUID") and importlib.util.find_spec("xdist"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecf38c479c264b5e Environment-variable access.
pkgs/python/[email protected]/langsmith/testing/_internal.py:428
        id_name = test_suite_name + os.environ["PYTEST_XDIST_TESTRUNUID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d112a04c1ed836f1 Environment-variable access.
pkgs/python/[email protected]/langsmith/testing/_internal.py:433
    if os.environ.get("LANGSMITH_EXPERIMENT"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c793815c1f6bb297 Environment-variable access.
pkgs/python/[email protected]/langsmith/testing/_internal.py:434
        prefix = os.environ["LANGSMITH_EXPERIMENT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4e6d346c60f3685 Environment-variable access.
pkgs/python/[email protected]/langsmith/testing/_internal.py:942
        env_val = os.environ.get("LANGSMITH_EXPERIMENT_METADATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20c7f76b301790b2 Environment-variable access.
pkgs/python/[email protected]/langsmith/utils.py:439
        value = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c59408d5272e1297 Environment-variable access.
pkgs/python/[email protected]/langsmith/utils.py:448
    return os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cc539f078370889 Environment-variable access.
pkgs/python/[email protected]/langsmith/utils.py:448
    return os.environ.get(
        # Hosted LangServe projects get precedence over all other defaults.
        # This is to make sure that we always use the associated project
        # for a hosted langserve deployment even if the customer sets some
        # other project name in their environment.
        "HOSTED_LANGSERVE_PROJECT_NAME",
        get_env_var(
            "PROJECT",
            # This is the legacy name for a LANGCHAIN_PROJECT, so it
            # has lower precedence than LANGCHAIN_PROJECT
            default=get_env_var(
                "SESSION", default="default" if return_default_value else None
            ),
        ),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chromadb

python dependency
medium telemetry dependency Excluded from app score #f8c9efbde09e9349 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:226
        self.product_telemetry_client.capture(
            ClientCreateCollectionEvent(
                collection_uuid=str(id),
                # embedding_function=embedding_function.__class__.__name__,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #d3074d7a5651a695 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:429
        self.product_telemetry_client.capture(
            CollectionGetEvent(
                collection_uuid=str(collection_id),
                ids_count=ids_amount,
                limit=limit if limit else 0,
                include_metadata=ids_amount if "metadatas" in include else 0,
                include_documents=ids_amount if "documents" in include else 0,
                include_uris=ids_amount if "uris" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #6bb3dd457d3b5441 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:474
        self.product_telemetry_client.capture(
            CollectionAddEvent(
                collection_uuid=str(collection_id),
                add_amount=len(ids),
                with_metadata=len(ids) if metadatas is not None else 0,
                with_documents=len(ids) if documents is not None else 0,
                with_uris=len(ids) if uris is not None else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #a7c25c436954885a Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:507
        self.product_telemetry_client.capture(
            CollectionUpdateEvent(
                collection_uuid=str(collection_id),
                update_amount=len(ids),
                with_embeddings=len(embeddings) if embeddings else 0,
                with_metadata=len(metadatas) if metadatas else 0,
                with_documents=len(documents) if documents else 0,
                with_uris=len(uris) if uris else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #985d3165d525ae4d Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:567
        self.product_telemetry_client.capture(
            CollectionQueryEvent(
                collection_uuid=str(collection_id),
                query_amount=query_amount,
                filtered_ids_amount=filtered_ids_amount,
                n_results=n_results,
                with_metadata_filter=query_amount if where is not None else 0,
                with_document_filter=query_amount if where_document is not None else 0,
                include_metadatas=query_amount if "metadatas" in include else 0,
                include_documents=query_amount if "documents" in include else 0,
                include_uris=query_amount if "uris" in include else 0,
                include_distances=query_amount if "distances" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fe75599be793512b Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/rust.py:626
        self.product_telemetry_client.capture(
            CollectionDeleteEvent(
                collection_uuid=str(collection_id),
                delete_amount=deleted,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #3e4a0b83383da234 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:285
        self._product_telemetry_client.capture(
            ClientCreateCollectionEvent(
                collection_uuid=str(id),
                # embedding_function=embedding_function.__class__.__name__,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e2909a66751263a2 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:552
        self._product_telemetry_client.capture(
            CollectionAddEvent(
                collection_uuid=str(collection_id),
                add_amount=len(ids),
                with_metadata=len(ids) if metadatas is not None else 0,
                with_documents=len(ids) if documents is not None else 0,
                with_uris=len(ids) if uris is not None else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce8975e42f80c508 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:607
        self._product_telemetry_client.capture(
            CollectionUpdateEvent(
                collection_uuid=str(collection_id),
                update_amount=len(ids),
                with_embeddings=len(embeddings) if embeddings else 0,
                with_metadata=len(metadatas) if metadatas else 0,
                with_documents=len(documents) if documents else 0,
                with_uris=len(uris) if uris else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ea7a8c98a94794c3 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:714
        self._product_telemetry_client.capture(
            CollectionGetEvent(
                collection_uuid=str(collection_id),
                ids_count=ids_amount,
                limit=limit if limit else 0,
                include_metadata=ids_amount if "metadatas" in include else 0,
                include_documents=ids_amount if "documents" in include else 0,
                include_uris=ids_amount if "uris" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #10ee3a2a641a39d0 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:825
        self._product_telemetry_client.capture(
            CollectionDeleteEvent(
                collection_uuid=str(collection_id), delete_amount=deleted_count
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #0da498e6b6022b23 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/segment.py:890
        self._product_telemetry_client.capture(
            CollectionQueryEvent(
                collection_uuid=str(collection_id),
                query_amount=query_amount,
                filtered_ids_amount=ids_amount,
                n_results=n_results,
                with_metadata_filter=query_amount if where is not None else 0,
                with_document_filter=query_amount if where_document is not None else 0,
                include_metadatas=query_amount if "metadatas" in include else 0,
                include_documents=query_amount if "documents" in include else 0,
                include_uris=query_amount if "uris" in include else 0,
                include_distances=query_amount if "distances" in include else 0,
            )
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1ef9d584030e0c57 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/api/shared_system_client.py:137
        telemetry_client.capture(ClientStartEvent())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #525647066a5ee431 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/execution/executor/distributed.py:22
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #740f2fc9bb68d278 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/proto/utils.py:4
from opentelemetry.trace import Span

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #03d37635230992fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/server/fastapi/__init__.py:77
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #29b8bacc467adb68 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
pkgs/python/[email protected]/chromadb/server/fastapi/__init__.py:245
        telemetry_client.capture(ServerStartEvent())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9e4c18e3602a8d0e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:7
from opentelemetry import trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #f1858e14bf2eb341 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:8
from opentelemetry.sdk.resources import SERVICE_NAME, Resource

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #e765c3fdc7f31efa Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:9
from opentelemetry.sdk.trace import TracerProvider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2909e6f74560a383 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:10
from opentelemetry.sdk.trace.export import (
    BatchSpanProcessor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #faad51841fb9996f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:13
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #44537b8922d20748 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/fastapi.py:3
from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #7f9abf5927d8ab41 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/grpc.py:5
from opentelemetry.trace import StatusCode, SpanKind

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 67 low-confidence finding(s)
low env_fs dependency Excluded from app score #dd55c3b05188a322 Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:407
            arg.value = arg.value or os.environ.get(arg.env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #91981d3a7c288cc7 Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:420
    tenant = tenant or os.environ.get("CHROMA_TENANT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1427aeb9a6268bfe Environment-variable access.
pkgs/python/[email protected]/chromadb/__init__.py:423
    database = database or os.environ.get("CHROMA_DATABASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #596f44b4707eb777 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/api/async_fastapi.py:167
        response = await self._get_client().request(method, url, **cast(Any, kwargs))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a6eafb7ddf3660f5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/api/fastapi.py:131
        response = self._session.request(method, url, **cast(Any, kwargs))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #6eac56755fd1a2e9 Filesystem access.
pkgs/python/[email protected]/chromadb/auth/__init__.py:124
            with open(_creds_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7037865c421c2863 Filesystem access.
pkgs/python/[email protected]/chromadb/auth/__init__.py:235
            with open(_config_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e78f22730000f24e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/cli/cli.py:25
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #063da5e836f3da9c Filesystem access.
pkgs/python/[email protected]/chromadb/cli/utils.py:12
    with open(f"{log_config_path}", "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe0b573d7deca00d Filesystem access.
pkgs/python/[email protected]/chromadb/db/migrations.py:256
    sql = file["path"].read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9b75a5638ef4478 Filesystem access.
pkgs/python/[email protected]/chromadb/segment/impl/vector/local_persistent_hnsw.py:74
        with open(filename, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1b6f2d1b356e3dc Filesystem access.
pkgs/python/[email protected]/chromadb/segment/impl/vector/local_persistent_hnsw.py:255
        with open(self._get_metadata_file(), "wb") as metadata_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28a9035a6209a7bf Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:139
                        {"pod_name": os.environ.get("HOSTNAME")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70a85ee512dd437f Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/opentelemetry/__init__.py:155
                        {"pod_name": os.environ.get("HOSTNAME")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e08e73bec2755d95 Filesystem access.
pkgs/python/[email protected]/chromadb/telemetry/product/__init__.py:88
                with open(self.USER_ID_PATH, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cc23057fc289023 Filesystem access.
pkgs/python/[email protected]/chromadb/telemetry/product/__init__.py:93
                with open(self.USER_ID_PATH, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #32699224b75fd7e2 Environment-variable access.
pkgs/python/[email protected]/chromadb/telemetry/product/events.py:20
        self.is_cli = os.environ.get("CHROMA_CLI", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75c18edad016f51b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/baseten_embedding_function.py:39
        if os.getenv("BASETEN_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f23e79d81fb8e76 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/baseten_embedding_function.py:45
        resolved_api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23136b9ffa8a4dd7 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_qwen_embedding_function.py:61
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4f846536626a02be Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_qwen_embedding_function.py:127
        response = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bef52ac75aafb3eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_qwen_embedding_function.py:149
        response = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e0fa96919e818e8c Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_splade_embedding_function.py:42
        self.api_key = os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #18ddbde8149427fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/chroma_cloud_splade_embedding_function.py:99
            response = self._session.post(self._api_url, json=payload, timeout=60)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d331791254ab9068 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:57
        if os.getenv("CLOUDFLARE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e0db46f6232bace Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:62
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0a513a32644c30b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cloudflare_workers_ai_embedding_function.py:99
        resp = self._session.post(self._api_url, json=payload).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e25b9fb2ee9383b2 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cohere_embedding_function.py:46
        if os.getenv("COHERE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e48616a25bc01e9 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/cohere_embedding_function.py:51
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ece75ab793cd28f7 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:57
        self.api_key = os.getenv(self.api_key_env_var) if self.api_key_env_var else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ba37a275981aa7a Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:251
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89c941054e3ea89b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:256
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8b7aba7d6f7be2d1 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:401
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #264fd5afe49ad5b8 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:406
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ba5d35b968d8905 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:529
        if os.getenv("GOOGLE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cceb24f7f0e3f90 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/google_embedding_function.py:534
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdbe41138df91c87 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:43
        if os.getenv("HUGGINGFACE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1a2ed6866b9de2d Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:48
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #033e5608d63a0e3a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:76
        response = self._session.post(
            self._api_url,
            json={"inputs": input, "options": {"wait_for_model": True}},
        ).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ab5c93f953f71c94 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:169
        if os.getenv("HUGGINGFACE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #056d68ac12d7879a Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:173
            self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #449c99bf58f3a113 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/huggingface_embedding_function.py:199
        response = self._session.post(self._api_url, json={"inputs": input}).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9b6042d44ee509da Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:84
        if os.getenv("JINA_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e77acb82655fa6db Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:89
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4cc857321e12d2e8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:202
        resp = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d12ae7260ba7131a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/jina_embedding_function.py:210
        resp = self._session.post(self._api_url, json=payload, timeout=60).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7bcf6a0e138a18f8 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/mistral_embedding_function.py:29
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5641c9fad8f02f1 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/morph_embedding_function.py:49
        self.api_key = api_key or os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #231e51791d3c9b3d Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/nomic_embedding_function.py:50
        self.api_key = os.getenv(api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7388897b1a913218 Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/onnx_mini_lm_l6_v2.py:24
    with open(fname, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6262a59c57c0a70d Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/onnx_mini_lm_l6_v2.py:109
            with open(fname, "wb") as file, self.tqdm(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b600f52660dcd885 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/openai_embedding_function.py:60
        if os.getenv("OPENAI_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b51140dfc8111e73 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/openai_embedding_function.py:65
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28ad55734f7e4a2b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/perplexity_embedding_function.py:52
        if os.getenv("PERPLEXITY_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #798762f1f9fa1bb8 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/perplexity_embedding_function.py:57
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c5ad3c440b8104a8 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:48
        if os.getenv("ROBOFLOW_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #07fa9428391e06ce Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:53
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #91563836a4cd3bad Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:97
                res = self._httpx.post(
                    f"{self.api_url}/clip/embed_image?api_key={self.api_key}",
                    json=infer_clip_payload_image,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #47e6de3a2e17c239 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/roboflow_embedding_function.py:110
                res = self._httpx.post(
                    f"{self.api_url}/clip/embed_text?api_key={self.api_key}",
                    json=infer_clip_payload_text,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0926c1a7929c182a Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/schemas/registry.py:38
        with open(schema_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38313cd601dd17dc Filesystem access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/schemas/schema_utils.py:36
    with open(schema_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cbf74ce617a74c4d Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:52
        if os.getenv("TOGETHER_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbfd14df8307f40a Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:57
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f157b321c4d1e27b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/together_ai_embedding_function.py:89
        response = self._session.post(
            ENDPOINT,
            json={"model": self.model_name, "input": input},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d8df4a52ec2b4058 Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/utils.py:11
    return (os.environ.get("CHROMA_EMBED_URL") or DEFAULT_CHROMA_EMBED_URL).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2d0820c92ce7fdc Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/voyageai_embedding_function.py:50
        if os.getenv("VOYAGE_API_KEY") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1361eb74cc6f004b Environment-variable access.
pkgs/python/[email protected]/chromadb/utils/embedding_functions/voyageai_embedding_function.py:55
        self.api_key = api_key or os.getenv(self.api_key_env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-azure-ai

python dependency
medium telemetry dependency Excluded from app score #6b66572b0074e750 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/auto_instrument.py:22
    from opentelemetry.instrumentation.instrumentor import (  # type: ignore[attr-defined]
        BaseInstrumentor,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #2908ef914a2e6b76 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/auto_instrument.py:25
    from opentelemetry.instrumentation.utils import unwrap

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c01e3c9162b8f7b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:83
    from opentelemetry import metrics as otel_metrics

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #54f06e65d3c46d13 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:84
    from opentelemetry import trace as otel_trace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #ce236552ef6ec69d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:85
    from opentelemetry.context import attach, detach

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #1944e9304104b222 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:86
    from opentelemetry.propagate import extract

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #9f6bd577ebf1a472 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:87
    from opentelemetry.semconv._incubating.attributes.gen_ai_attributes import (
        GEN_AI_AGENT_DESCRIPTION,
        GEN_AI_AGENT_ID,
        GEN_AI_AGENT_NAME,
        GEN_AI_CONVERSATION_ID,
        GEN_AI_DATA_SOURCE_ID,
        GEN_AI_INPUT_MESSAGES,
        GEN_AI_OPERATION_NAME,
        GEN_AI_OUTPUT_MESSAGES,
        GEN_AI_OUTPUT_TYPE,
        GEN_AI_PROVIDER_NAME,
        GEN_AI_REQUEST_CHOICE_COUNT,
        GEN_AI_REQUEST_ENCODING_FORMATS,
        GEN_AI_REQUEST_FREQUENCY_PENALTY,
        GEN_AI_REQUEST_MAX_TOKENS,
        GEN_AI_REQUEST_MODEL,
        GEN_AI_REQUEST_PRESENCE_PENALTY,
        GEN_AI_REQUEST_SEED,
        GEN_AI_REQUEST_STOP_SEQUENCES,
        GEN_AI_REQUEST_TEMPERATURE,
        GEN_AI_REQUEST_TOP_K,
        GEN_AI_REQUEST_TOP_P,
        GEN_AI_RESPONSE_FINISH_REASONS,
        GEN_AI_RESPONSE_ID,
        GEN_AI_RESPONSE_MODEL,
        GEN_AI_SYSTEM_INSTRUCTIONS,
        GEN_AI_TOKEN_TYPE,
        GEN_AI_TOOL_CALL_ARGUMENTS,
        GEN_AI_TOOL_CALL_ID,
        GEN_AI_TOOL_CALL_RESULT,
        GEN_AI_TOOL_DEFINITIONS,
        GEN_AI_TOOL_DESCRIPTION,
        GEN_AI_TOOL_NAME,
        GEN_AI_TOOL_TYPE,
        GEN_AI_USAGE_INPUT_TOKENS,
        GEN_AI_USAGE_OUTPUT_TOKENS,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #751edf3d75f67365 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:124
    from opentelemetry.semconv.schemas import Schemas

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #84133c7295742d96 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:125
    from opentelemetry.trace import (
        Span,
        SpanKind,
        Status,
        StatusCode,
        get_current_span,
        set_span_in_context,

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #c68fb8f9accf3ed6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:2980
                        from opentelemetry.trace import NonRecordingSpan

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #326c9c44ae1952c8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:3221
            import opentelemetry.trace as _otrace

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #35135d07a19b164c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:3222
            from opentelemetry import context as _otel_ctx

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #fe59f70222c329c9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:3223
            from opentelemetry._logs import get_logger_provider

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #cfb45abf6f04e9dc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:3229
                from opentelemetry.sdk._logs import LoggerProvider as _SdkLP

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry dependency Excluded from app score #8c70746dbf590da1 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
pkgs/python/[email protected]/langchain_azure_ai/evaluation/foundry.py:253
            from opentelemetry.propagate import inject

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 38 low-confidence finding(s)
low env_fs dependency Excluded from app score #c50f7ada3b3d6e2f Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/_resources.py:253
        ai_openai_ep = os.environ.get("AZURE_AI_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c45a4adf51152f35 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/_resources.py:259
        azure_openai_ep = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f844711f61800dd3 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/_resources.py:265
        deployment_name = os.environ.get("AZURE_OPENAI_DEPLOYMENT_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a720641122fade9 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/_resources.py:271
        api_version = os.environ.get("AZURE_OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #704c91614e9813ce Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/_user_agent.py:62
    return os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8dbfe6520b59ef9a Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/_user_agent.py:62
    return os.environ.get(
        USER_AGENT_TELEMETRY_DISABLED_ENV_VAR, "false"
    ).lower() not in ("true", "1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #808ae4d7e1eff98c Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/_user_agent.py:97
    if os.environ.get(_FOUNDRY_HOSTING_ENV_VAR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #695e30a253f4fb9f Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/agents/_v1/prebuilt/declarative.py:420
                    with open(f"{target_dir}/{file_name}", "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4a2d8776cd85df48 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/agents/hosting/__init__.py:115
os.environ.setdefault("AZURE_HTTP_USER_AGENT", HOSTING_USER_AGENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e4cfee89c98f853 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/agents/middleware/content_safety/_base.py:199
            endpoint = os.environ.get("AZURE_CONTENT_SAFETY_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47c1631a2248f4df Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/auto_instrument.py:166
    val = os.getenv(key, "").strip().lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e60fdf1446d2b898 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/auto_instrument.py:368
            resolved_connection_string = connection_string or os.getenv(
                _ENV_CONNECTION_STRING
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11e766ede68fa198 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/auto_instrument.py:381
                or _normalize_provider_name(os.getenv(_ENV_PROVIDER_NAME))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5237b283179715c9 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/auto_instrument.py:384
            resolved_agent_id = agent_id or os.getenv(_ENV_AGENT_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #836ebb2f9d2a8d52 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/auto_instrument.py:399
            resolved_name = resolved_agent_id or os.getenv("OTEL_SERVICE_NAME")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dae09231a3f07865 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:137
_DEBUG_THREAD_STACK = os.getenv("AZURE_TRACING_DEBUG_THREAD_STACK", "").lower() in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0c397123c8f63f8 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:1374
            env_keys = os.getenv("OTEL_MESSAGE_KEYS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10e3f6e7b42a6699 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:1385
            env_paths = os.getenv("OTEL_MESSAGE_PATHS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac352be10c48c3d7 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:1398
            env_val = os.getenv("OTEL_TRACE_LANGGRAPH_STATE", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1837f95e075e955e Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:1405
            env_max = os.getenv("OTEL_MAX_STATE_SIZE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bd49290038937816 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:1418
            env_val = os.getenv("OTEL_AUTO_CONFIGURE_AZURE_MONITOR", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15644488058d9490 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:1427
                connection_string = os.getenv("APPLICATION_INSIGHTS_CONNECTION_STRING")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79126f77f5ac7e23 Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/callbacks/tracers/inference_tracing.py:3305
            os.environ.setdefault("OTEL_TRACES_SAMPLER", "always_on")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fd44f8c5177a3b0 Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/document_loaders/content_understanding.py:369
                    with open(self._file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9949cb95e8947f9 Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/document_loaders/content_understanding.py:396
            with open(self._file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #895ce09729d67c0c Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/document_loaders/content_understanding.py:410
            with open(self._file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2489a20132d380db Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_azure_ai/retrievers/azure_ai_search.py:192
        response = requests.get(search_url, headers=self._headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #890d49ea731b9f0c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_azure_ai/retrievers/azure_ai_search.py:202
                async with session.get(search_url, headers=self._headers) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #064db10b098f7eac Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_azure_ai/retrievers/azure_ai_search.py:205
            async with self.aiosession.get(
                search_url, headers=self._headers
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #5e774da86b72e8ef Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/tools/_openai_tools.py:165
            with open(file_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #39a0b1689a50d39f Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/tools/_openai_tools.py:341
            with open(file_path, "rb") as audio_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #024a3d681cfcd28d Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/tools/services/content_understanding.py:173
            with open(source, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #e1da22f5b4b447bb Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/tools/services/document_intelligence.py:118
            with open(source, "rb") as document:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #205788894271f375 Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/tools/services/image_analysis.py:129
                with open(source, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling reachable #47ff18a9e8087449 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_azure_ai/tools/services/speech_to_text.py:127
        with urllib.request.urlopen(url) as response:  # noqa: S310

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #c418435f201747bd Filesystem access.
pkgs/python/[email protected]/langchain_azure_ai/tools/services/speech_to_text.py:128
            with open(tmp_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9215893722e3d86f Environment-variable access.
pkgs/python/[email protected]/langchain_azure_ai/utils/env.py:118
        if env_value := os.getenv(k):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e1743f909d77c585 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_azure_ai/utils/utils.py:137
    response = requests.get(audio_url, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

PyYAML

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #f5c0a31020a4e0d3 Environment-variable access.
pkgs/python/[email protected]/setup.py:72
os.environ['SETUPTOOLS_USE_DISTUTILS'] = 'local'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed5e73cffdf8e4e8 Environment-variable access.
pkgs/python/[email protected]/setup.py:81
if 'sdist' in sys.argv or os.environ.get('PYYAML_FORCE_CYTHON') == '1':

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a419d0a4399805c8 Environment-variable access.
pkgs/python/[email protected]/setup.py:160
            with_ext = getattr(self, ext.attr_name) or os.environ.get('PYYAML_FORCE_{0}'.format(ext.feature_name.upper()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

SQLAlchemy

python dependency
expand_more 29 low-confidence finding(s)
low egress dependency Excluded from app score #88eaf79b806ab783 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/lib/sqlalchemy/pool/impl.py:145
            self._pool.put(record, False)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling reachable #dc4be750cfd7c324 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:42
            with open(
                Path(cachedir) / "sqla_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c03477e33c81e2f4 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:56
            with open(
                Path(cachedir) / "plain_mypy_config.cfg", "w"
            ) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #56f865dfa6ee17d3 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:106
            os.environ.pop("MYPY_FORCE_COLOR", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #45d5f003327efd86 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/fixtures/mypy.py:146
        with open(path) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f16c4942cf930a1 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:398
    if os.environ.get("REQUIRE_SQLALCHEMY_CEXT", "0") == "1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9c4cbbe2893dd60c Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/plugin_base.py:455
            with open(options.write_idents, "a") as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #785e5e0040c93d25 Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/plugin/pytestplugin.py:880
        return os.environ.get("PYTEST_CURRENT_TEST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76cb1ec2a35bf17b Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:200
            profile_f = open(self.fname)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d55b78232088c150 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/profiling.py:219
        profile_f = open(self.fname, "w")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71ed244cab706af3 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/testing/provision.py:453
    with open(idents_file) as file_:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8a78f6ce9e1032ad Environment-variable access.
pkgs/python/[email protected]/lib/sqlalchemy/util/_has_cy.py:27
    if os.environ.get("DISABLE_SQLALCHEMY_CEXT_RUNTIME"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8770f0174ac5b853 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:134
            Path(destination_path).write_text(
                text, encoding="utf-8", newline="\n"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77eab1f43a2b9e49 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:146
            with open(tempfile) as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9c1e5d1dd824b54 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:162
            with open(source_file, encoding="utf-8") as tf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6feb232d004c2f00 Filesystem access.
pkgs/python/[email protected]/lib/sqlalchemy/util/tool_support.py:169
        with open(destination_path, encoding="utf-8") as dp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ccae91106435374 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:95
    cmd.extend(os.environ.get(dburl_env, default_dburl).split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1c95b36df54d4f62 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:106
    env_dbdrivers = os.environ.get(extra_driver_env, None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2b3a8b612f134034 Environment-variable access.
pkgs/python/[email protected]/noxfile.py:269
    cmd.extend(os.environ.get("TOX_WORKERS", "-n4").split())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f29fad6ad54c2559 Environment-variable access.
pkgs/python/[email protected]/setup.py:23
DISABLE_EXTENSION = bool(os.environ.get("DISABLE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0865544eab4e1f61 Environment-variable access.
pkgs/python/[email protected]/setup.py:24
REQUIRE_EXTENSION = bool(os.environ.get("REQUIRE_SQLALCHEMY_CEXT"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8350cf7379592483 Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:155
    original = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #10f98462b53deb29 Filesystem access.
pkgs/python/[email protected]/tools/format_docs_code.py:313
                file.write_text(updated, "utf-8", newline="\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #1b9b17ff3c8f87a3 Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:145
    with open(fn.__code__.co_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f65b7fda9fbbd47d Filesystem access.
pkgs/python/[email protected]/tools/generate_proxy_methods.py:373
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ede119e638cc6a2a Filesystem access.
pkgs/python/[email protected]/tools/generate_sql_functions.py:38
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a625d023e1340c4e Filesystem access.
pkgs/python/[email protected]/tools/generate_tuple_map_overloads.py:53
        open(filename) as orig_py,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f3453b30cee7ee81 Filesystem access.
pkgs/python/[email protected]/tools/normalize_file_headers.py:27
    content = file.read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b0258988ca3cab55 Filesystem access.
pkgs/python/[email protected]/tools/sync_test_files.py:35
    source_data = Path(source).read_text().replace(remove_str, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

aiohttp

python dependency
expand_more 30 low-confidence finding(s)
low env_fs dependency Excluded from app score #a39d932808e0ca78 Filesystem access.
pkgs/python/[email protected]/aiohttp/cookiejar.py:207
        with open(
            file_path,
            mode="w",
            encoding="utf-8",
            opener=lambda path, flags: os.open(path, flags, 0o600),
        ) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #006ae009adfbb04f Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:73
NO_EXTENSIONS = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #753593609cae0ec6 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:82
    not sys.flags.ignore_environment and bool(os.environ.get("PYTHONASYNCIODEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd36133ba44fa438 Environment-variable access.
pkgs/python/[email protected]/aiohttp/helpers.py:228
    netrc_env = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #760842e34a2e52bb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/aiohttp/test_utils.py:347
        resp = await self._session.request(method, self.make_url(path), **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #97b49172fb0abe17 Environment-variable access.
pkgs/python/[email protected]/aiohttp/web_fileresponse.py:50
NOSENDFILE: Final[bool] = bool(os.environ.get("AIOHTTP_NOSENDFILE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #3cc70e9e58f2580d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:65
                async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #b6b538cd7530f262 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/docs/code/client_middleware_cookbook.py:87
                    async with req.session.post(url, data=self.refresh_token) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #9534af650d10a696 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:21
    os.getenv("READTHEDOCS", "False") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #7df06335a77b8935 Environment-variable access.
pkgs/python/[email protected]/docs/conf.py:22
    and os.environ["READTHEDOCS_VERSION_TYPE"] == "tag"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a2fbdd7fd73e29ff Filesystem access.
pkgs/python/[email protected]/docs/conf.py:31
with open(_version_path, encoding="latin1") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #c96310d14117eea6 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/client_auth.py:9
    async with session.get("http://httpbin.org/basic-auth/andrew/password") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #7d1ca767d8d9a4f3 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/client_json.py:9
    async with session.get("http://httpbin.org/get") as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #75dfcdcbe510ef7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/curl.py:12
        async with session.request("GET", url) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #df9ec6facf41b188 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/digest_auth_qop_auth.py:48
            async with session.get(url) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #a392c90a95e728c1 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fake_server.py:109
        async with session.get(
            "https://graph.facebook.com/v2.7/me", params={"access_token": token}
        ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #058c6b53f7718a92 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/fake_server.py:114
        async with session.get(
            "https://graph.facebook.com/v2.7/me/friends", params={"access_token": token}
        ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #9c2db2bddab84d6b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/logging_middleware.py:147
            coro = session.get(f"http://localhost:8080/hello/User{i}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #8df8c255de4b034f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/token_refresh_middleware.py:65
            async with session.post(
                self.token_endpoint,
                json={"refresh_token": self.refresh_token},
                middlewares=(),  # Disable middleware for this request
            ) as resp:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #fef10ee5abc87792 Filesystem access.
pkgs/python/[email protected]/examples/web_ws.py:20
        with open(WS_FILE, "rb") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195bfd934774920a Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:12
data = tomllib.loads(Path("pyproject.toml").read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4101c75b033d3c57 Filesystem access.
pkgs/python/[email protected]/requirements/sync-direct-runtime-deps.py:19
with open(Path("requirements", "runtime-deps.in"), "w") as outfile:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ff35faccbf7749b Environment-variable access.
pkgs/python/[email protected]/setup.py:13
    os.environ.get("AIOHTTP_USE_SYSTEM_DEPS", os.environ.get("USE_SYSTEM_DEPS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fff2d3e1c4d2105e Environment-variable access.
pkgs/python/[email protected]/setup.py:15
NO_EXTENSIONS: bool = bool(os.environ.get("AIOHTTP_NO_EXTENSIONS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87d8685cf3080c6a Environment-variable access.
pkgs/python/[email protected]/setup.py:16
CYTHON_TRACING: bool = bool(os.environ.get("AIOHTTP_CYTHON_TRACE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #45d12733dd34704d Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:30
        hasher.update(full_src.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e22da822056bf1e1 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:37
        dst_hash = dst.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #33b1c70ba0426da3 Filesystem access.
pkgs/python/[email protected]/tools/check_sum.py:41
        dst.write_text(src_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #159367360fc8b491 Filesystem access.
pkgs/python/[email protected]/tools/cleanup_changes.py:30
    changes = (root / "CHANGES.rst").read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4b0846aa4af5b8c3 Filesystem access.
pkgs/python/[email protected]/tools/gen.py:16
    code = compile(hdrs_file.read_text(), str(hdrs_file), "exec")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

anthropic

python dependency
expand_more 122 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #e738a22b4fb48646 Environment-variable access.
pkgs/python/[email protected]/examples/agents.py:9
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #0682a66ae6abf40d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:15 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:15
    print("Created environment:", environment.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #a891acd0a35b577e PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:22 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:22
    print("Created agent:", agent.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #5722b2b1e2fbb861 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:29 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:29
    print("Created session:", session.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #c18d218eea107ee9 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents.py:45 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:9 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents.py:45
            print(event.to_json(indent=2))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #d683e4b8f75106f0 Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:18
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #72dd225666afc92d Environment-variable access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:20
    github_token = os.environ.get("GITHUB_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #ea00d1c60cf91702 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:28 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:28
    print("Created environment:", environment.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #195665ffd45aeacf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:32 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:32
    print("Created vault:", vault.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #e6905cdd34057af3 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:43 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:43
    print("Created credential:", credential.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #b9efae7b47c95c22 Filesystem access.
pkgs/python/[email protected]/examples/agents_comprehensive.py:47
    with open(skill_md_path, "rb") as skill_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #ad8aa91dd44cc543 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:52 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:52
    print("Created skill:", skill.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #490b4869fb05a746 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:75 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:75
    print("Created agent v1:", agent_v1.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #83b1f5fd8599f783 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:86 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:86
    print("Patched agent to v2:", agent.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #b01be5575315efcf PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:89 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:89
    print("Agent versions:", versions.data)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #2030bc57bb048e5f PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:97 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:97
    print("Created session:", session.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #8394c8e34f63b1d5 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_comprehensive.py:108 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:18 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_comprehensive.py:108
            print(event.to_json(indent=2))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #2723ff5ad69fcbf8 Environment-variable access.
pkgs/python/[email protected]/examples/agents_with_files.py:10
    anthropic = Anthropic(api_key=os.environ.get("ANTHROPIC_API_KEY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow tooling Excluded from app score unreachable #fd5f8a711ed6c1dc PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:16 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:16
    print("Created environment:", environment.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #14bb4713964345d1 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:32 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:32
    print("Created agent:", agent.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #439e8c3aff31f84d PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:38 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:38
    print("Uploaded file:", file.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #0728ea8a79364109 PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:52 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:52
    print("Created session:", session.id)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #b9a3bf582bd15c7a PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:55 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:55
    print("Listed session resources:", resources.data)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow tooling Excluded from app score unreachable #3601834e54507dda PII-bearing data is written to a log/print sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
pkgs/python/[email protected]/examples/agents_with_files.py:76 · flow /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:10 → /tmp/closeopen-cjr2m_c9/pkgs/python/[email protected]/examples/agents_with_files.py:76
            print(event.to_json(indent=2))

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs tooling Excluded from app score unreachable #f5d4ce9172720095 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:46
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ab8797c6b9848f4d Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-observe-tool-calls.py:64
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #a7f8a21ca73d6226 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:48
    val = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5557b2967e464c91 Environment-variable access.
pkgs/python/[email protected]/examples/managed-agents-self-hosted-sandbox-worker.py:60
    workdir = os.environ.get("ANTHROPIC_WORKDIR", ".")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #34d06d92e45f3685 Environment-variable access.
pkgs/python/[email protected]/examples/workload_identity.py:70
        identity_token_provider=lambda: os.environ["ANTHROPIC_IDENTITY_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #749a74d46edcc583 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/_base_client.py:325
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ac9068f5a9831857 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:107
    if api_key is not None and os.environ.get("ANTHROPIC_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58aacdf6ae2d31df Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:109
    if auth_token is not None and os.environ.get("ANTHROPIC_AUTH_TOKEN"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d617bf09adc5704f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:214
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59a2e6209b540df4 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:215
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b0783ff933df5cf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:221
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e827446e56ef323b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:225
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55715a73a116c081 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:234
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3a071b4635abb16 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:634
            api_key = os.environ.get("ANTHROPIC_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63d01e6c7d4f1482 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:635
            auth_token = os.environ.get("ANTHROPIC_AUTH_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d713dffb3b73b1b0 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:641
            webhook_key = os.environ.get("ANTHROPIC_WEBHOOK_SIGNING_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f97650df7d8a1171 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:645
            base_url = os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ffadca43bff1bef5 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_client.py:654
        custom_headers_env = os.environ.get("ANTHROPIC_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1766b5c806b2178 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3ce7bb0e7e25440 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33c26610b5350637 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f32c821c9b9adc82 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24dcec4267766d5f Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:464
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d2af479f262a18e Filesystem access.
pkgs/python/[email protected]/src/anthropic/_legacy_response.py:477
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b0fa3c1ea1273426 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #484081c8769468b8 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11d81e646b4a2194 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_response.py:579
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6f766d2fb941840 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/_utils/_logs.py:17
    env = os.environ.get("ANTHROPIC_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b4f1229bc4baf47 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:250
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58b2895f140031d7 Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_transform.py:418
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #397a1f21b14a342d Filesystem access.
pkgs/python/[email protected]/src/anthropic/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7edc772418ea7cf7 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:25
        files.append((path.relative_to(relative_to).as_posix(), path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d3b1d82805decb1 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/_files.py:42
        files.append((path.relative_to(relative_to).as_posix(), await path.read_bytes()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9a634396d079929d Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:25
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #13003289fe8fe39c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/aws/_credentials.py:90
    return os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8ff7c9e392c1b14 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:77
    aws_region = os.environ.get("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a9ce198a849338a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:165
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef880fd4adaab23c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:190
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63b8748712573aec Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:345
            api_key = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f7c2d4b6348819f8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_client.py:370
            base_url = os.environ.get("ANTHROPIC_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d78342620aec9095 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/bedrock/_mantle.py:144
        base_url = os.environ.get("ANTHROPIC_BEDROCK_MANTLE_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e31b1c406c283892 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:33
    federation_rule_id = os.environ.get(ENV_FEDERATION_RULE_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #70c1cdd12268d2fe Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:34
    organization_id = os.environ.get(ENV_ORGANIZATION_ID)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d06d44b708d82f55 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:35
    has_literal_token = ENV_IDENTITY_TOKEN in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59e5246c49caab4b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:50
            value = os.environ.get(ENV_IDENTITY_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3fbdf9d853b5740f Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:65
        service_account_id=os.environ.get(ENV_SERVICE_ACCOUNT_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #df84b536f4768ef6 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:69
        workspace_id=os.environ.get(ENV_WORKSPACE_ID) or None,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15343b15063be2fd Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:70
        scope=os.environ.get(ENV_SCOPE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2c34a0122415bae Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:108
    if os.environ.get(ENV_API_KEY):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88b99e0d43777ba2 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:112
    auth_token = os.environ.get(ENV_AUTH_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03dabe8de0bdb3b8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_chain.py:119
    env_explicit = bool(os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef7bb10bf618291c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:78
    env = os.environ.get(ENV_CONFIG_DIR)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eff4aff6045c8418 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:82
        appdata = os.environ.get("APPDATA")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82abd3cc9bbca5f7 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:92
        name = (_config_dir() / "active_config").read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d4ccb71bafb6893 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:105
    env = os.environ.get(ENV_PROFILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #993621e318a97154 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:224
    env = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00deaf1371e15554 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:240
    if os.environ.get(ENV_PROFILE) or os.environ.get(ENV_CONFIG_DIR):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9f487a5feeb8620 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:244
    if os.environ.get(ENV_FEDERATION_RULE_ID) and os.environ.get(ENV_ORGANIZATION_ID):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cfb3dd2ee26084fc Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_constants.py:245
        if os.environ.get(ENV_IDENTITY_TOKEN_FILE) or os.environ.get(ENV_IDENTITY_TOKEN):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62b64c3e39688bcf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:96
            v = os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81f09b6f4f9d2b20 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:110
            v = os.environ.get(ENV_IDENTITY_TOKEN_FILE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #db3ee982a8c297ad Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:136
        value = os.environ.get(self._env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #31868d0dcc36ba4a Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:284
            raw = self._config_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69b377faf3a3902f Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:374
            creds: Dict[str, Any] = _wrap_secret_fields(json.loads(path.read_text(encoding="utf-8")))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f71358bf8051edae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:538
            resp = self._get_http_client().post(
                f"{self._base_url}{TOKEN_ENDPOINT}",
                # Serialized inline so the raw request bytes are never bound
                # to a local here; SecretStr values unwrap at dump time.
                content=_json_dumps_secrets(body),
                headers={
                    "Content-Type": "application/json",
                    # oauth-2025-04-20 unlocks the token endpoint family. Do
                    # NOT send oidc-federation-2026-04-01 — that's a routing
                    # switch that misroutes refresh_token grants to the Go
                    # userauth handler, which only accepts jwt-bearer.
                    "anthropic-beta": OAUTH_API_BETA_HEADER,
                    "User-Agent": _user_agent(),
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #45ae596f7492e581 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_providers.py:746
            content = self._path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #d646d29d47040718 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/anthropic/lib/credentials/_workload.py:259
            resp = self._http_client.post(
                url,
                # Serialized inline so the raw request bytes are never bound
                # to a local here; SecretStr values unwrap at dump time.
                content=_json_dumps_secrets(body),
                headers={
                    "anthropic-beta": _JWT_BEARER_BETA_HEADER,
                    "Content-Type": "application/json",
                    "User-Agent": _user_agent(),
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ea4152587ae5f10c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/environments/_worker.py:160
    resolved = value or os.environ.get(env_var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8bee09bb38e03149 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:157
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a212c77cedd92371 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:158
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fdf5c4c475bd6db4 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:159
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f756c142e1bb9c2b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:382
        api_key = api_key if api_key is not None else os.environ.get("ANTHROPIC_FOUNDRY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #678cb3e463519689 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:383
        resource = resource if resource is not None else os.environ.get("ANTHROPIC_FOUNDRY_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4da651efb92bcdb8 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/foundry.py:384
        base_url = base_url if base_url is not None else os.environ.get("ANTHROPIC_FOUNDRY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee24bb8befed847c Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:247
            location = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39687fdb0f25b922 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:252
            project = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #141ce14d760e215b Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:254
            project = os.environ.get("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #59c8c04f82d678b9 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:260
            base_url = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8387ea0d8620361a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:266
            workspace_id = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_WORKSPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3764cfb39d543cbf Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:493
            location = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_LOCATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0cf1e40c7309648e Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:498
            project = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cdf166cfe89a15aa Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:500
            project = os.environ.get("GOOGLE_CLOUD_PROJECT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8839e7e1ab3c4810 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:506
            base_url = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea9ea911a6342b70 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/google_cloud/_client.py:510
            workspace_id = os.environ.get("ANTHROPIC_GOOGLE_CLOUD_WORKSPACE_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3d1ff2427d26567f Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:356
        return full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8294413175845da4 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_beta_builtin_memory_tool.py:653
        return await full_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #40998353e6d6568f Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:138
                with zf.open(info) as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #3a8005c7e4d2488d Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/_skills.py:164
            with extracted as src, open(target, "wb") as out:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #c9249de5be80c672 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:123
    return {k: v for k, v in os.environ.items() if not k.startswith("ANTHROPIC_")}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #2310f726008871dd Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:512
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #12edf259d135a810 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:540
            target.write_text(content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8ef1f89822c537cb Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:570
            text = target.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #8103e26dabc6dfa3 Filesystem access.
pkgs/python/[email protected]/src/anthropic/lib/tools/agent_toolset.py:582
            target.write_text(updated)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d9c1aeb667dafe9 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:46
        project_id = os.environ.get("ANTHROPIC_VERTEX_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #022851b65c73e413 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:114
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2416b4ede8f5af3a Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:121
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1bdeacabacf925ad Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:278
            region = os.environ.get("CLOUD_ML_REGION", NOT_GIVEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0859186fcb2f0e91 Environment-variable access.
pkgs/python/[email protected]/src/anthropic/lib/vertex/_client.py:285
            base_url = os.environ.get("ANTHROPIC_VERTEX_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

exa-py

python dependency
expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #da69ab45abfbbf83 Environment-variable access.
pkgs/python/[email protected]/exa_py/api.py:50
is_beta = os.getenv("IS_BETA") == "True"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b58a635e6c7b54be Environment-variable access.
pkgs/python/[email protected]/exa_py/api.py:1440
            api_key = os.environ.get("EXA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8cba3152c692c7b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/api.py:1512
                res = requests.get(
                    self.base_url + endpoint,
                    headers=request_headers,
                    params=params,
                    stream=True,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #caac59c71b518d15 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/api.py:1526
                res = requests.get(
                    self.base_url + endpoint, headers=request_headers, params=params
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #70870880633e438b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/api.py:1531
                res = requests.post(
                    self.base_url + endpoint,
                    data=json_data,
                    headers=request_headers,
                    stream=True,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4ebc324435b1e263 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/api.py:1545
                res = requests.post(
                    self.base_url + endpoint, data=json_data, headers=request_headers
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b0c291894ec4de33 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/api.py:2736
                res = await self.client.get(
                    self.base_url + endpoint, params=params, headers=request_headers
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #30b6834ee47455b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/api.py:2754
                res = await self.client.post(
                    self.base_url + endpoint, json=data, headers=request_headers
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3582e4a98d054ec6 Filesystem access.
pkgs/python/[email protected]/exa_py/utils.py:185
            with open(pyproject_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #978f8c9f2406abdf Filesystem access.
pkgs/python/[email protected]/exa_py/websets/imports/client.py:54
                with open(csv_data, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #053b17fa9e4ab529 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/websets/imports/client.py:92
        upload_response = requests.put(
            import_response.upload_url,
            data=csv_content,
            headers={'Content-Type': 'text/csv'}
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #b427580f25111bad Filesystem access.
pkgs/python/[email protected]/exa_py/websets/imports/client.py:217
                with open(csv_data, 'r', encoding='utf-8') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #81f9dba4679d6b98 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/exa_py/websets/imports/client.py:257
            upload_response = await http_client.put(
                import_response.upload_url,
                data=csv_content,
                headers={'Content-Type': 'text/csv'}
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

fastembed

python dependency
expand_more 21 low-confidence finding(s)
low egress dependency Excluded from app score #9eca5a0b614a86ae Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/fastembed/common/model_management.py:102
        response = requests.get(url, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d4352a834a9abbb4 Filesystem access.
pkgs/python/[email protected]/fastembed/common/model_management.py:126
            with open(output_path, "wb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f7a31f0eeeed7a9 Filesystem access.
pkgs/python/[email protected]/fastembed/common/model_management.py:200
                (model_dir / cls.METADATA_FILE).write_text(json.dumps(meta))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #398494983b4a2ba7 Filesystem access.
pkgs/python/[email protected]/fastembed/common/model_management.py:220
                metadata = json.loads(metadata_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0b66a384c9ac04d Filesystem access.
pkgs/python/[email protected]/fastembed/common/model_management.py:252
            metadata = json.loads(metadata_file.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d15de2253ae1f86 Environment-variable access.
pkgs/python/[email protected]/fastembed/common/model_management.py:398
        hf_offline = os.environ.get("HF_HUB_OFFLINE", "").strip().upper()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8c1137615a06b1f9 Filesystem access.
pkgs/python/[email protected]/fastembed/common/preprocessor_utils.py:15
    with open(str(tokens_map_path)) as tokens_map_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6765c42e311cae79 Filesystem access.
pkgs/python/[email protected]/fastembed/common/preprocessor_utils.py:34
    with open(str(config_path)) as config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d71e61a7958dd3f Filesystem access.
pkgs/python/[email protected]/fastembed/common/preprocessor_utils.py:37
    with open(str(tokenizer_config_path)) as tokenizer_config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20b23341fd5c1a36 Filesystem access.
pkgs/python/[email protected]/fastembed/common/preprocessor_utils.py:81
    with open(str(preprocessor_config_path)) as preprocessor_config_file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #386c209664e677b0 Environment-variable access.
pkgs/python/[email protected]/fastembed/common/utils.py:54
        cache_path = Path(os.getenv("FASTEMBED_CACHE_PATH", default_cache_dir))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0647a9b9ec2a7704 Filesystem access.
pkgs/python/[email protected]/fastembed/late_interaction_multimodal/colmodernvbert.py:140
        with open(processor_config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c28cf0b012d9986 Filesystem access.
pkgs/python/[email protected]/fastembed/late_interaction_multimodal/colmodernvbert.py:145
        with open(preprocessor_config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8702e3b022d66519 Filesystem access.
pkgs/python/[email protected]/fastembed/late_interaction_multimodal/colmodernvbert.py:153
        with open(config_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03bb998729cd3f85 Filesystem access.
pkgs/python/[email protected]/fastembed/sparse/bm25.py:154
        with open(stopwords_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3b2171edd160b9b Filesystem access.
pkgs/python/[email protected]/fastembed/sparse/bm42.py:282
        with open(stopwords_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6711d1041fcd558 Filesystem access.
pkgs/python/[email protected]/fastembed/sparse/minicoil.py:264
        with open(stopwords_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3834fbc5a6b52b4c Filesystem access.
pkgs/python/[email protected]/fastembed/sparse/utils/vocab_resolver.py:59
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #53c2110f626693e7 Filesystem access.
pkgs/python/[email protected]/fastembed/sparse/utils/vocab_resolver.py:66
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93d8ad4809d3a7db Filesystem access.
pkgs/python/[email protected]/fastembed/sparse/utils/vocab_resolver.py:72
        with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20a7400b9f91d213 Filesystem access.
pkgs/python/[email protected]/fastembed/sparse/utils/vocab_resolver.py:93
        with open(path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

fireworks-ai

python dependency
expand_more 25 low-confidence finding(s)
low env_fs dependency Excluded from app score #e4edfd958aab8c80 Filesystem access.
pkgs/python/[email protected]/noxfile.py:29
    lockfile_lines = Path("requirements-dev.lock").read_text(encoding="utf-8").splitlines()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1036888257c66352 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/fireworks/_base_client.py:306
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #0ca8179e1dc8fade Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:141
            api_key = os.environ.get("FIREWORKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d65d126a3efefd8 Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:149
            account_id = os.environ.get("FIREWORKS_ACCOUNT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84357c1cb023357b Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:153
            base_url = os.environ.get("FIREWORKS_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c869067dac067605 Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:158
        custom_headers_env = os.environ.get("FIREWORKS_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b37d8c8a874d9775 Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:462
            api_key = os.environ.get("FIREWORKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48ae625928a93b8e Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:470
            account_id = os.environ.get("FIREWORKS_ACCOUNT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #47c45a951bf30eb2 Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:474
            base_url = os.environ.get("FIREWORKS_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #79e780848d2d1724 Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_client.py:479
        custom_headers_env = os.environ.get("FIREWORKS_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f9f2b6e1467963a8 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08aab9d04f124ad9 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d5fc6ada4faba49 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f049b4b988cb0f2 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c31a4c1ec92c429e Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_models.py:110
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f76ee053493342e3 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_response.py:495
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44f7848800409a2c Filesystem access.
pkgs/python/[email protected]/src/fireworks/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7daeac916b26fb39 Environment-variable access.
pkgs/python/[email protected]/src/fireworks/_utils/_logs.py:17
    env = os.environ.get("FIREWORKS_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a56197806b4d903 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #624bebeaff420ff3 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #394c5c8daaf93442 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #217eea7cba004249 Filesystem access.
pkgs/python/[email protected]/src/fireworks/_version.py:30
        text = (_Path(__file__).resolve().parents[2] / "pyproject.toml").read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #11ccb20f8d5ca575 Environment-variable access.
pkgs/python/[email protected]/src/fireworks/training/sdk/client.py:963
    return os.environ.get("FIREWORKS_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55add4199e0bfddc Environment-variable access.
pkgs/python/[email protected]/src/fireworks/training/sdk/client.py:967
    return base_url or os.environ.get("FIREWORKS_BASE_URL") or DEFAULT_FIREWORKS_API_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1cbe7e93a87bef7d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/fireworks/training/sdk/trainer.py:632
            r = self._sync_client.get(
                f"{base_url}/api/v1/healthz",
                headers=self._headers(Authorization=f"Bearer {self.api_key}"),
                timeout=timeout,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

groq

python dependency
expand_more 18 low-confidence finding(s)
low egress dependency Excluded from app score #29fa697e1000b9a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/groq/_base_client.py:306
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #93f61b06396001e1 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:81
            api_key = os.environ.get("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d6bd9567b4b6481 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:89
            base_url = os.environ.get("GROQ_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac3aceaedd8e5330 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:93
        custom_headers_env = os.environ.get("GROQ_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5525d30ca553355c Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:294
            api_key = os.environ.get("GROQ_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30c4da0672d056de Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:302
            base_url = os.environ.get("GROQ_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #991b2312eb0c81d7 Environment-variable access.
pkgs/python/[email protected]/src/groq/_client.py:306
        custom_headers_env = os.environ.get("GROQ_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #00da61e90a0bf171 Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bec6a157f073b880 Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66abd0060bad2a4d Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c76a8165d7ec960e Filesystem access.
pkgs/python/[email protected]/src/groq/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3adaef2b4676d56 Environment-variable access.
pkgs/python/[email protected]/src/groq/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #acd2d70b01e0d8d2 Filesystem access.
pkgs/python/[email protected]/src/groq/_response.py:495
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #baa496e89e808840 Filesystem access.
pkgs/python/[email protected]/src/groq/_response.py:537
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #75d93c48e2c1ebd1 Environment-variable access.
pkgs/python/[email protected]/src/groq/_utils/_logs.py:17
    env = os.environ.get("GROQ_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09d58b09afc581ea Filesystem access.
pkgs/python/[email protected]/src/groq/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6ce05b1a96dd38b Filesystem access.
pkgs/python/[email protected]/src/groq/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #681b0344b5f44365 Filesystem access.
pkgs/python/[email protected]/src/groq/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

httpx

python dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #bc49c096a7be53cc Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:34
        if trust_env and os.environ.get("SSL_CERT_FILE"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ff53cbdee422cb0 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:35
            ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9adf21a0c2aa3e49 Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:36
        elif trust_env and os.environ.get("SSL_CERT_DIR"):  # pragma: nocover

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f5ead19ade999e2a Environment-variable access.
pkgs/python/[email protected]/httpx/_config.py:37
            ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

huggingface-hub

python dependency
expand_more 185 low-confidence finding(s)
low env_fs dependency Excluded from app score #c9c8eee25eecea14 Filesystem access.
pkgs/python/[email protected]/setup.py:6
    with open(rel_path, "r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #818eb816bba6f798 Filesystem access.
pkgs/python/[email protected]/setup.py:107
    long_description=open("README.md", "r", encoding="utf-8").read(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02364546245b99c3 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/__init__.py:1231
if os.environ.get("EAGER_IMPORT", ""):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a8cd8855ea2ca902 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_buckets.py:386
    with open(filter_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3b230d7a75d3180 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_buckets.py:837
    with open(plan_file, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #051f5d0950f1589d Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_buckets.py:843
    with open(plan_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e527ef4666635714 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_commit_api.py:269
                with open(self.path_or_fileobj, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4af1c286790e6770 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/_commit_api.py:1062
        response = get_session().post(url, headers=headers, content=data, params=params)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #062192d7f27637e5 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_local_folder.py:446
                gitignore.write_text("*")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b404374905573322 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_local_folder.py:467
            tag_path.write_text(CACHEDIR_TAG_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7eb00787f2ba776 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_oauth.py:183
    if os.getenv("SPACE_ID") is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d5c242d9eb3f498a Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_oauth.py:319
                host = os.environ.get("SPACE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #195d8e204e03bbf4 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_oidc.py:48
    if os.environ.get("GITHUB_ACTIONS") == "true":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23582d17fb6a09b6 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_oidc.py:59
    request_url = os.environ.get("ACTIONS_ID_TOKEN_REQUEST_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3dae173ce364b79 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_oidc.py:60
    request_token = os.environ.get("ACTIONS_ID_TOKEN_REQUEST_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #3faf8a6a5ba1fc92 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/_oidc.py:116
    response = get_session().post(
        f"{endpoint or constants.ENDPOINT}/oauth/token",
        json={
            "grant_type": _TOKEN_EXCHANGE_GRANT_TYPE,
            "subject_token_type": _ID_TOKEN_TYPE,
            "subject_token": subject_token,
            "resource": resource,
        },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #4496ab0a0096acd1 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_sandbox.py:214
            self._write_ranges(path, Path(local_path).read_bytes(), mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9dc00542c0d2ebbe Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_sandbox.py:216
        with open(local_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f198c19093af2d10 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_sandbox.py:223
            with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b41108c4b112b66d Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_sandbox.py:228
            with open(local_path, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #1cfed2def7e49724 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/_sandbox.py:409
        response = self._client.request(method, self.base_url + path, timeout=timeout, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0caa298ce910eb40 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/_sandbox.py:435
                response = self._client.get(self.base_url + "/health", timeout=httpx.Timeout(5.0))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9c602ba178c44936 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_snapshot_download.py:304
                with open(ref_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ac3b358798aa063 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_snapshot_download.py:412
            with open(ref_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d79e35a405e6f00 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_snapshot_download.py:657
        with open(ref_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f3c83c691d980e8a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/_tree_cache.py:106
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5dc46c29fa9c9e8d Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:39
_is_local = os.environ.get("SPACE_ID") is None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d7c18cbb0a947ae Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:111
        self.webhook_secret = webhook_secret or os.getenv("WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #104fa732c3102423 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:178
            self.fastapi_app.post(path)(func)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #9a691b4f04e10ceb Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/_webhooks_server.py:181
        space_host = os.environ.get("SPACE_HOST")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a47d8504ce3ec31e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_cli_utils.py:100
            formatter.write_text(line)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad69b4728a86c2aa Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_cli_utils.py:800
    extended_environ = os.environ.copy()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6a851d6ed370ca8c Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_cli_utils.py:818
        env_map.update(load_dotenv(Path(env_file).read_text(), environ=extended_environ))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8184f1dd2488e75e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/cli/_cli_utils.py:1017
        response = get_session().get("https://formulae.brew.sh/api/formula/hf.json", timeout=2)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5d13ec0eda9fe7ea Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_completion.py:46
    return Path(os.environ.get("SHELL", "")).name or "bash"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcff1155c75cdb1a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_completion.py:73
        path.write_text(_completion_script("fish"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c19720af574609a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_completion.py:77
        existing = path.read_text() if path.exists() else ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90cd957848b4da40 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_cp.py:156
            with open(tmp_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #50341c356093036d Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_skills.py:65
        (install_dir / "SKILL.md").write_text(content, encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97305763a7bcb454 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/_skills.py:183
        parsed = json.loads(local_path.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4d278f2a4c573eb3 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/discussions.py:76
        return body_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52340fe5c2bc995e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/extensions.py:78
        data = json.loads(manifest_path.read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #35c83fd2862ee63e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/extensions.py:89
        manifest_path.write_text(json.dumps(data, indent=2, sort_keys=True))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #64c762d4c22653bc Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/hf.py:122
    if _COMPLETE_VAR not in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3384f974ef94432f Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/cli/lfs.py:140
        with open(filepath, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #2e48bfa0ce3beb61 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/cli/lfs.py:147
                    r = get_session().put(presigned_url, data=data)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1fb112e5f212c5dd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/cli/lfs.py:166
        r = get_session().post(
            completion_url,
            json={
                "oid": oid,
                "parts": parts,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #e9700ea53f466ae5 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/cli/spaces.py:857
        if command := os.getenv(env, "").strip():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9e6105e52b0d7b15 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:64
_staging_mode = _is_true(os.environ.get("HUGGINGFACE_CO_STAGING"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1b9449a0ed9df8c Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:68
ENDPOINT = os.getenv("HF_ENDPOINT", _HF_DEFAULT_ENDPOINT).rstrip("/")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5d0ce90eef5a861 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:98
INFERENCE_ENDPOINT = os.environ.get("HF_INFERENCE_ENDPOINT", "https://api-inference.huggingface.co")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #807eb9778cd43b26 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:170
        os.getenv(
            "HF_HOME",
            os.path.join(os.getenv("XDG_CACHE_HOME", default_home), "huggingface"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #752dfaa43e08a219 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:172
            os.path.join(os.getenv("XDG_CACHE_HOME", default_home), "huggingface"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #becfcc61a3c0b109 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:181
HUGGINGFACE_HUB_CACHE = os.getenv("HUGGINGFACE_HUB_CACHE", default_cache_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62395bc5a2d95a6d Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:182
HUGGINGFACE_ASSETS_CACHE = os.getenv("HUGGINGFACE_ASSETS_CACHE", default_assets_cache_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #56a61f6e9532e963 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:187
        os.getenv(
            "HF_HUB_CACHE",
            HUGGINGFACE_HUB_CACHE,
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bba5b11fe8477b6c Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:195
        os.getenv(
            "HF_ASSETS_CACHE",
            HUGGINGFACE_ASSETS_CACHE,
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c4c923ffebbc565 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:202
HF_HUB_OFFLINE = _is_true(os.environ.get("HF_HUB_OFFLINE") or os.environ.get("TRANSFORMERS_OFFLINE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a0b3bfd51e09e365 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:233
HF_HUB_DISABLE_UPDATE_CHECK = _is_true(os.environ.get("HF_HUB_DISABLE_UPDATE_CHECK"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cacaa98ef6d5c297 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:237
HF_DEBUG = _is_true(os.environ.get("HF_DEBUG"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0609e98d3bcff89e Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:241
    _is_true(os.environ.get("HF_HUB_DISABLE_TELEMETRY"))  # HF-specific env variable

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cb6de6adca26ff9 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:242
    or _is_true(os.environ.get("DISABLE_TELEMETRY"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #01de2eb646c48fe0 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:243
    or _is_true(os.environ.get("DO_NOT_TRACK"))  # https://consoledonottrack.com/

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62533aa665641d15 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:248
        os.getenv(
            "HF_TOKEN_PATH",
            os.path.join(HF_HOME, "token"),
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0576901edcc8ddd6 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:269
__HF_HUB_DISABLE_PROGRESS_BARS = os.environ.get("HF_HUB_DISABLE_PROGRESS_BARS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e08ab470b7855f5 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:275
HF_HUB_DISABLE_SYMLINKS: bool = _is_true(os.environ.get("HF_HUB_DISABLE_SYMLINKS"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ee1fa08a860bbffe Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:278
HF_HUB_DISABLE_SYMLINKS_WARNING: bool = _is_true(os.environ.get("HF_HUB_DISABLE_SYMLINKS_WARNING"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d0cda94a943f58f Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:281
HF_HUB_DISABLE_EXPERIMENTAL_WARNING: bool = _is_true(os.environ.get("HF_HUB_DISABLE_EXPERIMENTAL_WARNING"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26517fc437048875 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:284
HF_HUB_DISABLE_IMPLICIT_TOKEN: bool = _is_true(os.environ.get("HF_HUB_DISABLE_IMPLICIT_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21e635edf6fcdc45 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:286
HF_XET_HIGH_PERFORMANCE: bool = _is_true(os.environ.get("HF_XET_HIGH_PERFORMANCE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f86ebb2b47257703 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:295
if _is_true(os.environ.get("HF_HUB_ENABLE_HF_TRANSFER")) and not HF_XET_HIGH_PERFORMANCE:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3b555756bf4056e Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:306
HF_HUB_ETAG_TIMEOUT: int = _as_int(os.environ.get("HF_HUB_ETAG_TIMEOUT")) or DEFAULT_ETAG_TIMEOUT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2eb661e240ca10db Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:310
HF_HUB_DOWNLOAD_TIMEOUT: int = _as_int(os.environ.get("HF_HUB_DOWNLOAD_TIMEOUT")) or DEFAULT_DOWNLOAD_TIMEOUT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77330ef76766acde Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:313
HF_HUB_USER_AGENT_ORIGIN: str | None = os.environ.get("HF_HUB_USER_AGENT_ORIGIN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad53b3fefade3af1 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:320
OAUTH_CLIENT_ID = os.environ.get("OAUTH_CLIENT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7f5534ff84a271e Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:321
OAUTH_CLIENT_SECRET = os.environ.get("OAUTH_CLIENT_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b07816b013750eef Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:322
OAUTH_SCOPES = os.environ.get("OAUTH_SCOPES")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9fe3e721cda312a Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:323
OPENID_PROVIDER_URL = os.environ.get("OPENID_PROVIDER_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a9ded6ed016fc7da Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:327
DEVICE_CODE_OAUTH_CLIENT_ID = os.environ.get("HF_DEVICE_CODE_OAUTH_CLIENT_ID", "26be6b09-91c5-47da-9861-d2d2bb7a7e36")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #95e4816975de6dbd Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:338
HF_XET_CACHE = os.getenv("HF_XET_CACHE", default_xet_cache_path)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #974f8fc8ec106983 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/constants.py:339
HF_HUB_DISABLE_XET: bool = _is_true(os.environ.get("HF_HUB_DISABLE_XET"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71fe420695fe327a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/fastai_utils.py:267
        with open(path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fe79cf662240d1c7 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:706
        if not ref_path.exists() or commit_hash != ref_path.read_text():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1f205e8f75907c23 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:713
            tmp_path.write_text(commit_hash)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19f2dc0b76c96557 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:1122
                    with open(ref_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0608e8cb5d4bb03 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:1395
            with open(paths.file_path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bb0b34156fec080e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/file_download.py:1542
            with open(revision_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #92eaea34f6830912 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4251
        response = get_session().post(
            f"{self.endpoint}/api/{repo_type}s/{repo_id}/paths-info/{revision}",
            data={
                "paths": paths if isinstance(paths, list) else [paths],
                "expand": expand,
            },
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1b73e070d1d6325c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4465
            response = get_session().post(url, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #aa8c137528775f94 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4678
            r = get_session().post(path, headers=headers, json=payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ba3f8c9fc4737d15 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4756
        r = get_session().request("DELETE", path, headers=headers, json=json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bf6732c6412a96a6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:4895
        r = get_session().post(path, headers=headers, json=json)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #81482c7f34a2d840 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:5469
                response = get_session().post(
                    duplicate_url,
                    headers=headers,
                    json={"target": {"type": repo_type, "name": repo_id}, "files": list(batch)},
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f578c63c45ba5e01 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:6797
            with open(index_file) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #f6a9db97c604bf43 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7449
        resp = get_session().post(
            f"{self.endpoint}/api/{repo_type}s/{repo_id}/discussions",
            json={
                "title": title.strip(),
                "description": description,
                "pullRequest": pull_request,
            },
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #29620c1b7d0fa0c1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7547
        resp = get_session().post(path, headers=headers, json=body)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8dd0fa50279b63c2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7972
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/secrets",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #02536b5619e89d17 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:7997
        r = get_session().request(
            "DELETE",
            f"{self.endpoint}/api/spaces/{repo_id}/secrets",
            headers=self._build_hf_headers(token=token),
            json={"key": key},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #460f6e7482437dc0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8098
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/variables",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7badd9daf2b158a9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8126
        r = get_session().request(
            "DELETE",
            f"{self.endpoint}/api/spaces/{repo_id}/variables",
            headers=self._build_hf_headers(token=token),
            json={"key": key},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #56e5f7ba52f77d58 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8221
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/hardware",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f547a3aa8eda236a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8257
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/sleeptime",
            headers=self._build_hf_headers(token=token),
            json={"seconds": sleep_time},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4c10a8e052a688fc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8308
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/pause", headers=self._build_hf_headers(token=token)
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6ab40c1e796c4e88 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8345
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/dev-mode",
            headers=self._build_hf_headers(token=token),
            json={"enabled": True},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #93dccb91fcbdd2e9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8389
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/dev-mode",
            headers=self._build_hf_headers(token=token),
            json={"enabled": False},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c6b5e2850dacd64d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8437
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/restart", headers=self._build_hf_headers(token=token), params=params
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #56b61acf0b453341 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8851
        r = get_session().post(
            f"{self.endpoint}/api/{api_prefix}/{from_id}/duplicate",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #73bc0161dad128a7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:8996
        r = get_session().post(
            f"{self.endpoint}/api/spaces/{repo_id}/storage",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #faa4226de8021830 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9082
        r = get_session().put(
            f"{self.endpoint}/api/spaces/{repo_id}/volumes",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #59866c6f0a804433 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9439
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #908e1fe8e45960b4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9497
        response = get_session().post(
            f"{constants.INFERENCE_CATALOG_ENDPOINT}/deploy",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #01482542e9e9f9fd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9720
        response = get_session().put(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9600769d0a9ad96b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9784
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}/pause",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #1b80d448d9a91f4d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9823
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}/resume",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4bcba38ee5e0ff39 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:9865
        response = get_session().post(
            f"{constants.INFERENCE_ENDPOINTS_ENDPOINT}/endpoint/{namespace}/{name}/scale-to-zero",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b49b11fa4ec95f2d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10036
        r = get_session().post(
            f"{self.endpoint}/api/collections", headers=self._build_hf_headers(token=token), json=payload
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6c28488a18b2903d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10225
        r = get_session().post(
            f"{self.endpoint}/api/collections/{collection_slug}/items",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c97c6d2b2d60375a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10719
        response = get_session().post(
            f"{constants.ENDPOINT}/api/{repo_type}s/{repo_id}/user-access-request/handle",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #244ec813fa324a4e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10769
        response = get_session().post(
            f"{constants.ENDPOINT}/api/{repo_type}s/{repo_id}/user-access-request/grant",
            headers=self._build_hf_headers(token=token),
            json={"user": user},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #ec6b8b6277ab2989 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:10998
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks",
            json=post_webhooks_json,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d541b19e1be5a24b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11086
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks/{webhook_id}",
            json=update_json,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8df9446b1eef4c67 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11140
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks/{webhook_id}/enable",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #94ead93b807daeab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11193
        response = get_session().post(
            f"{constants.ENDPOINT}/api/settings/webhooks/{webhook_id}/disable",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #394ab0b6b0d6dd8a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11347
                content=relpath_to_abspath["README.md"].read_text(encoding="utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5682c36e2c63ca1d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11382
        response = get_session().post(
            f"{self.endpoint}/api/validate-yaml",
            json={"content": content, "repoType": repo_type},
            headers=headers,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #28bd8e734ebc5219 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:11920
        response = get_session().post(
            f"{self.endpoint}/api/jobs/{namespace}",
            json=job_spec,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c8fdc65a4c213850 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12381
        response = get_session().post(
            f"{self.endpoint}/api/jobs/{namespace}/{job_id}/cancel",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #de222a165f1a57b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12422
        response = get_session().put(
            f"{self.endpoint}/api/jobs/{namespace}/{job_id}/labels",
            headers=self._build_hf_headers(token=token),
            json={"labels": labels},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2b481ceb1edd7ac8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12718
        response = get_session().post(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}",
            json=input_json,
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #549f3a59317a702a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12852
        response = get_session().post(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}/{scheduled_job_id}/suspend",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5125144470e772cc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12882
        response = get_session().post(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}/{scheduled_job_id}/resume",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6604b886af207c7b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12923
        response = get_session().post(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}/{scheduled_job_id}/run",
            headers=self._build_hf_headers(token=token),
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f86c70d19c72b5e5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:12965
        response = get_session().put(
            f"{self.endpoint}/api/scheduled-jobs/{namespace}/{scheduled_job_id}/labels",
            headers=self._build_hf_headers(token=token),
            json={"labels": labels},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3a31b77ae62845f0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:13421
        response = get_session().post(
            f"{self.endpoint}/api/buckets/{namespace}/{name}",
            headers=self._build_hf_headers(token=token),
            json=payload,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #daf6ae4b67719309 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:13636
        response = get_session().post(path, headers=headers, json=json_payload)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7ecad4ee0bab0130 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:14674
    with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a938d9a8a51019d7 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_api.py:14766
        with open(index_file_path) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eeafaf6d6cda70af Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hf_file_system.py:1111
            outfile = open(lpath, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc2fa6456aa8cd89 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hub_mixin.py:433
                config_path.write_text(config_str)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f56ae44ca7c5ef4a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/hub_mixin.py:523
            with open(config_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e8d728a3a8e4391 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_common.py:172
        return MimeBytes(content.read_bytes(), mime_type=mimetypes.guess_type(content)[0])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #de05406cb7f31662 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/inference/_generated/_async_client.py:298
                response = await client.post(
                    request_parameters.url,
                    json=request_parameters.json,
                    data=request_parameters.data,
                    headers=request_parameters.headers,
                    cookies=self.cookies,
                    timeout=self.timeout,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #488f9f8388c44b2e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/inference/_generated/_async_client.py:3387
        response = await client.get(url, headers=build_hf_headers(token=self.token))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3d6b042d5b276833 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/inference/_generated/_async_client.py:3424
        response = await client.get(url, headers=build_hf_headers(token=self.token))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #193b9ba114443f45 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/cli.py:119
                    final_value = os.getenv(env_variable_key, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1e8b2c9a22a6636 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/utils.py:97
        config: AgentConfig = json.loads(cfg_file.read_text(encoding="utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #400277cf46136cd4 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/utils.py:102
                prompt = prompt_file.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3437026a7b8499d0 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_mcp/utils.py:112
        return json.loads(path.read_text(encoding="utf-8")), None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #57c5d4e98818545a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_providers/fal_ai.py:102
                with open(inputs, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d18849536912ed7 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/inference/_providers/wavespeed.py:118
            with open(inputs, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e0795fce621b8835 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/inference/_providers/zai_org.py:98
            poll_response = session.get(poll_url, headers=request_params.headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #9cd07d7a7f6fda42 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/inference/_providers/zai_org.py:125
        image_response = session.get(image_url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #19559736c2bf2971 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/lfs.py:93
            with open(self._source_path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #46563d398a536ab1 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/lfs.py:113
        with open(path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc812445b99301ca Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:132
        with open(filepath, mode="w", newline="", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #eb025e3f3985027b Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:218
            response = get_session().post("https://huggingface.co/api/validate-yaml", json=body, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #3708c60fe1ea37b7 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:274
            tmp_path.write_text(str(self), encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e7b51bb9b75cc4eb Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:328
            template_str = Path(template_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e4232ca41a2d93d Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:330
            template_str = Path(cls.default_template_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #343f6d01a763265a Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:516
    content = Path(local_path).read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89966619a7521dba Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:539
        with open(local_path, newline="", encoding="utf8") as readme:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5672e453c4e57256 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/repocard.py:547
    with open(local_path, "w", newline="", encoding="utf8") as readme:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #03e4e6ce2544b6f0 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_dduf.py:153
    index = json.loads(entries["model_index.json"].read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9389c2141195d67e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_dduf.py:303
        return Path(content).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e46087c01daf9bb8 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_torch.py:281
        with open(os.path.join(save_directory, index_path), "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce868ff6fa70e8d6 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/serialization/_torch.py:510
    with open(index_file, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a221e326670c970 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_auth.py:147
    return _clean_token(os.environ.get("HF_TOKEN") or os.environ.get("HUGGING_FACE_HUB_TOKEN"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3cca10d51fd8f71c Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_auth.py:152
        return _clean_token(Path(constants.HF_TOKEN_PATH).read_text())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3d463fdffc6f517 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_auth.py:181
    resource = os.environ.get("HF_OIDC_RESOURCE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4cbfd88c5b9a504 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_auth.py:198
        subject_token = os.environ.get("HF_OIDC_ID_TOKEN") or None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bd0b33967b71c10 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_detect_agent.py:90
            if os.environ.get(var, "").strip() == harness_id:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87224acb3c76037d Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_detect_agent.py:96
        if value := os.environ.get(var, "").strip().lower():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ae39f0fb97dab397 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_detect_agent.py:117
        value = os.environ.get(var)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #359bf434e00f32b9 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_detect_agent.py:173
        with open(path, encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20d8c60fcd17556c Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_detect_agent.py:183
        with open(path, "w", encoding="utf-8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8d7a25a201c0505a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/utils/_oauth_device.py:66
        response = get_session().post(
            f"{constants.ENDPOINT}/oauth/device",
            data={"client_id": constants.DEVICE_CODE_OAUTH_CLIENT_ID},
            timeout=constants.HF_HUB_DOWNLOAD_TIMEOUT,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e493ea58524c597d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/utils/_oauth_device.py:111
            response = get_session().post(
                f"{constants.ENDPOINT}/oauth/token",
                data={
                    "grant_type": _DEVICE_CODE_GRANT_TYPE,
                    "device_code": device_info["device_code"],
                    "client_id": constants.DEVICE_CODE_OAUTH_CLIENT_ID,
                },
                timeout=constants.HF_HUB_DOWNLOAD_TIMEOUT,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e157d8a1c0b98c05 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/utils/_oauth_device.py:167
        response = get_session().post(
            f"{constants.ENDPOINT}/oauth/token",
            data={
                "grant_type": _REFRESH_TOKEN_GRANT_TYPE,
                "refresh_token": refresh_token,
                "client_id": constants.DEVICE_CODE_OAUTH_CLIENT_ID,
            },
            # An explicit timeout is critical here: this runs inside `get_token()`, so a hung
            # request would otherwise block every Hub call in the process.
            timeout=constants.HF_HUB_DOWNLOAD_TIMEOUT,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6f91037be0ab4793 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/huggingface_hub/utils/_pagination.py:36
    r = session.get(path, params=params, headers=headers, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5e2e9c3faed5db08 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_runtime.py:313
    return os.environ.get("VERTEX_PRODUCT") == "COLAB_ENTERPRISE"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e6ede63bdfc86d0 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_terminal.py:102
        if os.environ.get("NO_COLOR") or is_agent():

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f944b0130ffdfb2e Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_verification.py:59
            return ref_path.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f26fa4cce2cd27 Filesystem access.
pkgs/python/[email protected]/src/huggingface_hub/utils/_verification.py:65
        return main_ref.read_text(encoding="utf-8").strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be3000f41b3637d5 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/logging.py:56
    env_level_str = os.getenv("HF_HUB_VERBOSITY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #023acdeaf5ef7a52 Environment-variable access.
pkgs/python/[email protected]/src/huggingface_hub/utils/tqdm.py:227
    if os.getenv("TQDM_POSITION") == "-1":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jsonpatch

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #9e9e37e7cbc46dbb Filesystem access.
pkgs/python/[email protected]/ext_tests.py:97
        with open(testfile) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2b1e9476ba39a1b Filesystem access.
pkgs/python/[email protected]/setup.py:13
src = io.open('jsonpatch.py', encoding='utf-8').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #88e14002a8741730 Filesystem access.
pkgs/python/[email protected]/setup.py:23
REQUIREMENTS = list(open('requirements.txt'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6987c7128a2f5c7c Filesystem access.
pkgs/python/[email protected]/setup.py:47
    read_md = lambda f: open(f, 'r').read()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eceabc4e7bd337b2 Filesystem access.
pkgs/python/[email protected]/tests.py:23
        with open('./tests.js', 'r') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-anthropic

python dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #ecaa9cf2249d9612 Environment-variable access.
pkgs/python/[email protected]/langchain_anthropic/_client_utils.py:55
        or os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0b3e3e6fda18fb86 Environment-variable access.
pkgs/python/[email protected]/langchain_anthropic/_client_utils.py:74
        or os.environ.get("ANTHROPIC_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9caca907c32c758c Filesystem access.
pkgs/python/[email protected]/langchain_anthropic/middleware/anthropic_tools.py:900
            content = full_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2401bbda285af86 Filesystem access.
pkgs/python/[email protected]/langchain_anthropic/middleware/anthropic_tools.py:936
        full_path.write_text(file_text + "\n")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #adf5cf9add0e5e60 Filesystem access.
pkgs/python/[email protected]/langchain_anthropic/middleware/anthropic_tools.py:963
        content = full_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c874b82ef5023134 Filesystem access.
pkgs/python/[email protected]/langchain_anthropic/middleware/anthropic_tools.py:973
        full_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #da7e9c09a7d3273e Filesystem access.
pkgs/python/[email protected]/langchain_anthropic/middleware/anthropic_tools.py:1000
        content = full_path.read_text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #836226d4af915b0e Filesystem access.
pkgs/python/[email protected]/langchain_anthropic/middleware/anthropic_tools.py:1018
        full_path.write_text(new_content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0a226c26cc1cb714 Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #b6f31402f31c0c0e Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-aws

python dependency
expand_more 17 low-confidence finding(s)
low env_fs dependency Excluded from app score #c6be1326be15f88c Environment-variable access.
pkgs/python/[email protected]/langchain_aws/__init__.py:33
    if os.environ.get("LANGCHAIN_AWS_DEBUG", "FALSE").lower() in ["true", "1"]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97271500f3736957 Environment-variable access.
pkgs/python/[email protected]/langchain_aws/chat_models/anthropic.py:143
            or os.getenv("AWS_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c9679ad0ef28fcf8 Environment-variable access.
pkgs/python/[email protected]/langchain_aws/chat_models/anthropic.py:144
            or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d57fe0c5b66553a0 Filesystem access.
pkgs/python/[email protected]/langchain_aws/embeddings/bedrock.py:427
            with open(data, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5764c8c345e45d58 Environment-variable access.
pkgs/python/[email protected]/langchain_aws/utils.py:184
            region_name or os.getenv("AWS_REGION") or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f484591db85d1ce Environment-variable access.
pkgs/python/[email protected]/langchain_aws/utils.py:346
        region_name or os.getenv("AWS_REGION") or os.getenv("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4b5f24899816984c Environment-variable access.
pkgs/python/[email protected]/langchain_aws/utils.py:365
        os.environ["AWS_BEARER_TOKEN_BEDROCK"] = api_key.get_secret_value()  # type: ignore[union-attr]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76f1de9bc163742f Environment-variable access.
pkgs/python/[email protected]/langchain_aws/vectorstores/inmemorydb/base.py:332
        redis_url = kwargs.get("redis_url", os.getenv("REDIS_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bc9b91170167beb4 Environment-variable access.
pkgs/python/[email protected]/langchain_aws/vectorstores/inmemorydb/base.py:512
        redis_url = kwargs.get("redis_url", os.getenv("REDIS_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9625ebec53ca76e2 Filesystem access.
pkgs/python/[email protected]/langchain_aws/vectorstores/inmemorydb/base.py:555
        with open(path, "w+") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fa6113da18eebffe Environment-variable access.
pkgs/python/[email protected]/langchain_aws/vectorstores/inmemorydb/base.py:578
        redis_url = kwargs.get("redis_url", os.getenv("REDIS_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0128d4a180364f64 Environment-variable access.
pkgs/python/[email protected]/langchain_aws/vectorstores/inmemorydb/base.py:630
        redis_url = kwargs.get("redis_url", os.getenv("REDIS_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a135088f600c887a Filesystem access.
pkgs/python/[email protected]/langchain_aws/vectorstores/inmemorydb/schema.py:299
        with open(index_schema, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec9f547ceb5bb24d Filesystem access.
pkgs/python/[email protected]/langchain_aws/vectorstores/inmemorydb/schema.py:303
            with open(index_schema, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e6aa6829b4ca603 Environment-variable access.
pkgs/python/[email protected]/langchain_aws/vectorstores/s3_vectors/base.py:184
            aws_access_key_id = aws_access_key_id or os.getenv("AWS_ACCESS_KEY_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3efb4130ed387cee Environment-variable access.
pkgs/python/[email protected]/langchain_aws/vectorstores/s3_vectors/base.py:185
            aws_secret_access_key = aws_secret_access_key or os.getenv(
                "AWS_SECRET_ACCESS_KEY"
            )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04ea3fd0b37693b9 Environment-variable access.
pkgs/python/[email protected]/langchain_aws/vectorstores/s3_vectors/base.py:188
            aws_session_token = aws_session_token or os.getenv("AWS_SESSION_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-core

python dependency
expand_more 23 low-confidence finding(s)
low env_fs dependency Excluded from app score #a2fa7ec1a1631f69 Environment-variable access.
pkgs/python/[email protected]/langchain_core/_security/_policy.py:238
    if os.environ.get("LANGCHAIN_ENV", "").startswith("local"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fbd877273cf371a9 Environment-variable access.
pkgs/python/[email protected]/langchain_core/_security/_ssrf_protection.py:70
        os.environ.get("LANGCHAIN_ENV") == "local_test"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6beeff1686e01782 Filesystem access.
pkgs/python/[email protected]/langchain_core/documents/base.py:168
            return Path(self.path).read_text(encoding=self.encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1087d624e29df0f6 Filesystem access.
pkgs/python/[email protected]/langchain_core/documents/base.py:190
            return Path(self.path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ba7d55f46cda10a Environment-variable access.
pkgs/python/[email protected]/langchain_core/load/load.py:481
            if self.secrets_from_env and key in os.environ and os.environ[key]:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78686689ccc2fa5f Environment-variable access.
pkgs/python/[email protected]/langchain_core/load/load.py:482
                return os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ad933de28a481d5 Filesystem access.
pkgs/python/[email protected]/langchain_core/prompts/chat.py:553
        template = Path(template_file).read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43c69447e6ab585a Filesystem access.
pkgs/python/[email protected]/langchain_core/prompts/loading.py:105
            template = resolved_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #de6c779a044cfcc7 Filesystem access.
pkgs/python/[email protected]/langchain_core/prompts/prompt.py:253
        template = Path(template_file).read_text(encoding=encoding)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #4cc836c06be41a14 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_core/runnables/graph_mermaid.py:461
            response = requests.get(image_url, timeout=10, proxies=proxies)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #8aa879cad946839b Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/env.py:18
    return env_var in os.environ and os.environ[env_var] not in {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08c3ff57cec6e655 Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/env.py:77
    if env_value := os.getenv(env_key):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2360d3fc06b8fbf Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:405
                if k in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed46e48ace4d15ed Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:406
                    return os.environ[k]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eb5faa3943d74808 Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:407
        if isinstance(key, str) and key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ff89ef56c3687f Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:408
            return os.environ[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ab2fd4fdd3606f20 Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:475
                if k in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6089383923c7d00c Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:476
                    return SecretStr(os.environ[k])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #386048091b80dd16 Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:477
        if isinstance(key, str) and key in os.environ:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e74c37e57af6020 Environment-variable access.
pkgs/python/[email protected]/langchain_core/utils/utils.py:478
            return SecretStr(os.environ[key])

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #69e6c213752efa33 Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:21
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #0cdc87c79214c1b3 Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:28
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #8e5aed2b142fb1ba Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:41
        content = snapshot_path.read_text(encoding="utf-8", errors="replace")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-fireworks

python dependency
expand_more 3 low-confidence finding(s)
low egress dependency Excluded from app score #8d2c515432be1651 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_fireworks/llms.py:219
            session.post(
                self.base_url,
                json=payload,
                headers=headers,
                timeout=ClientTimeout(total=self.timeout),
            ) as response,

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #714eac7a23974b5c Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #4fd249f9e690b4b1 Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-google-genai

python dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #d1d5af091f8535d1 Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/_common.py:582
            env_var = os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e63fea9af6d73b42 Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/_common.py:634
    if os.environ.get(_TELEMETRY_ENV_VARIABLE_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #a6ddbbd0df2cf421 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_google_genai/_image_utils.py:216
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #26c9fcccff2dd802 Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/chat_models.py:2610
                and not os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2c9d7a4699251e43 Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/chat_models.py:2611
                and not os.getenv("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #19b68fdb0808522b Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/chat_models.py:2614
                os.environ["GOOGLE_API_KEY"] = google_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a67ab391b76e1dda Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/chat_models.py:2628
                    os.environ.pop("GOOGLE_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #38476437da8e190b Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/embeddings.py:229
            env_var = os.getenv("GOOGLE_GENAI_USE_VERTEXAI", "").lower()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8af741b03b3e7699 Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/embeddings.py:280
                and not os.getenv("GOOGLE_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c6b312df3f04b2a Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/embeddings.py:281
                and not os.getenv("GEMINI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7b892adb03583f3b Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/embeddings.py:284
                os.environ["GOOGLE_API_KEY"] = google_api_key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f07c4546da6efab3 Environment-variable access.
pkgs/python/[email protected]/langchain_google_genai/embeddings.py:298
                    os.environ.pop("GOOGLE_API_KEY", None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-google-vertexai

python dependency
expand_more 2 low-confidence finding(s)
low egress dependency Excluded from app score #68ef905d1346039b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_google_vertexai/_image_utils.py:191
        response = requests.get(url)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #7bf5e753884a8375 Environment-variable access.
pkgs/python/[email protected]/langchain_google_vertexai/_utils.py:102
    if os.environ.get(_TELEMETRY_ENV_VARIABLE_NAME):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-huggingface

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #564b230c03bf7ef3 Environment-variable access.
pkgs/python/[email protected]/langchain_huggingface/embeddings/huggingface_endpoint.py:74
        huggingfacehub_api_token = self.huggingfacehub_api_token or os.getenv(
            "HF_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2dd3c232e904731d Environment-variable access.
pkgs/python/[email protected]/langchain_huggingface/llms/huggingface_endpoint.py:242
            model or endpoint_url or repo_id or os.environ.get("HF_INFERENCE_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3935014524c43dca Environment-variable access.
pkgs/python/[email protected]/langchain_huggingface/llms/huggingface_endpoint.py:255
        huggingfacehub_api_token = self.huggingfacehub_api_token or os.getenv(
            "HF_TOKEN"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-meta

python dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #b7622204a93adad3 Environment-variable access.
pkgs/python/[email protected]/langchain_meta/chat_models.py:236
        default_factory=lambda: os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8cdfda484b0dd09 Environment-variable access.
pkgs/python/[email protected]/langchain_meta/chat_models.py:236
        default_factory=lambda: os.environ.get(
            "LLAMA_API_BASE", "https://api.llama.com/compat/v1/"
        )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9482616f35fcfa03 Environment-variable access.
pkgs/python/[email protected]/langchain_meta/chat_models_v2_ported.py:264
            key_from_llama_env = os.environ.get("LLAMA_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e3f739ea3fb69af Environment-variable access.
pkgs/python/[email protected]/langchain_meta/chat_models_v2_ported.py:265
            key_from_meta_env = os.environ.get("META_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48c43d37d709cbed Environment-variable access.
pkgs/python/[email protected]/langchain_meta/chat_models_v2_ported.py:272
            url_from_llama_env = os.environ.get("LLAMA_API_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09ac8a9d41873510 Environment-variable access.
pkgs/python/[email protected]/langchain_meta/chat_models_v2_ported.py:273
            url_from_meta_env = os.environ.get("META_API_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-mistralai

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #dc4fe9845d10c722 Environment-variable access.
pkgs/python/[email protected]/langchain_mistralai/chat_models.py:724
            or os.environ.get("MISTRAL_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #aa9117d6712bc61c Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #495e7ecf7492e378 Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-openai

python dependency
expand_more 22 low-confidence finding(s)
low env_fs dependency Excluded from app score #1cd123ca84230282 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:61
    raw = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a6ed62404e71e226 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:92
    raw = os.environ.get(name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29bf3a5151f0ed05 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:179
    if os.environ.get("LANGCHAIN_OPENAI_TCP_KEEPALIVE", "1") == "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4c47a5ed9fe095c4 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:224
    if any(os.environ.get(name) for name in _PROXY_ENV_VARS):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6d3bf3317cfd8cb6 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:259
    if os.environ.get("LANGCHAIN_OPENAI_TCP_KEEPALIVE", "1") == "0":

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48b0026828eecdd0 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:280
    active = [name for name in _PROXY_ENV_VARS if os.environ.get(name)]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be243a36fbbba64d Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:315
    active = [name for name in _PROXY_ENV_VARS if os.environ.get(name)]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c7031e110cdbd743 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:394
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a33d0738f4a2a295 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/_client_utils.py:415
        or os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24c2ec75a2bbff02 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/azure.py:619
            or os.getenv("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ced98ea088e350b Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/azure.py:620
            or os.getenv("OPENAI_ORGANIZATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d3aebcac92752819 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:1212
            or os.getenv("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #10efc283c2ca7b8d Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:1213
            or os.getenv("OPENAI_ORGANIZATION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dcd4a7f4cd84972a Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:1215
        self.openai_api_base = self.openai_api_base or os.getenv("OPENAI_API_BASE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #68820490c8fb713a Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/base.py:1234
            and "OPENAI_BASE_URL" not in os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4957fa525dc3c162 Environment-variable access.
pkgs/python/[email protected]/langchain_openai/chat_models/codex.py:81
    return os.environ.get(ORIGINATOR_ENV_VAR) or ORIGINATOR_VALUE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #cf7d9bc05d84af0f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_openai/chatgpt_oauth.py:405
        resp = client.post(
            url,
            data=data,
            headers={"Accept": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #322e2df665fb7abf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_openai/chatgpt_oauth.py:425
        resp = client.post(
            url,
            data=data,
            headers={"Accept": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5df193a2a8063f69 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_openai/chatgpt_oauth.py:447
        resp = await client.post(
            url,
            data=data,
            headers={"Accept": "application/json"},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #d3fbaef90e489def Filesystem access.
pkgs/python/[email protected]/langchain_openai/chatgpt_oauth.py:503
            raw_text = self.path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e71a6ac4ce2b2c0f Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:15
    content = pyproject_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #505ec155e53fc551 Filesystem access.
pkgs/python/[email protected]/scripts/check_version.py:22
    content = version_path.read_text(encoding="utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-perplexity

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #d48fc8cb0ce219fa Environment-variable access.
pkgs/python/[email protected]/langchain_perplexity/_utils.py:12
        or os.environ.get("PPLX_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4af38468980bba13 Environment-variable access.
pkgs/python/[email protected]/langchain_perplexity/_utils.py:13
        or os.environ.get("PERPLEXITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

langchain-together

python dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #e8f2dfbd0dbbc6db Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/langchain_together/llms.py:204
            async with session.post(
                self.base_url, json=payload, headers=headers
            ) as response:

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

langgraph

python dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #b7740ef699bcbba9 Environment-variable access.
pkgs/python/[email protected]/langgraph/_internal/_config.py:32
DEFAULT_RECURSION_LIMIT = int(getenv("LANGGRAPH_DEFAULT_RECURSION_LIMIT", "10007"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3c5fb3872e95e88d Environment-variable access.
pkgs/python/[email protected]/langgraph/_internal/_config.py:34
    getenv("LANGGRAPH_DELTA_MAX_SUPERSTEPS_SINCE_SNAPSHOT", "5000")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

nomic

python dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #c3615b5d8fa203a1 Filesystem access.
pkgs/python/[email protected]/nomic/cli.py:33
    with open(filepath, "r") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5a5f0523083d903a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/cli.py:73
        response = requests.get("https://" + environment["api_domain"] + f"/v1/user/token/refresh/{token}")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #a479bde233bea49c Filesystem access.
pkgs/python/[email protected]/nomic/cli.py:82
    with open(os.path.join(nomic_base_path, "credentials"), "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #0b5154e27f712eca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/cli.py:102
        response = requests.get(
            "https://" + environment["api_domain"] + f"/v1/user/token/refresh/{credentials['refresh_token']}"
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #c3ef891832522914 Filesystem access.
pkgs/python/[email protected]/nomic/cli.py:112
        with open(os.path.join(nomic_base_path, "credentials"), "w") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #12253bc917101d8c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/client.py:130
        completed_response = requests.get(status_resp["result_url"])

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #017eed1c466b6c55 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/client.py:216
            resp = requests.put(upload_url, data=pdf_file, headers={"x-amz-server-side-encryption": "AES256"})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #69cf44cacffa4df8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/data_operations.py:342
        response = requests.get(
            self.projection.dataset.atlas_api_path
            + "/v1/project/{}/index/projection/{}".format(
                self.projection.dataset.meta["id"], self.projection.projection_id
            ),
            headers=self.projection.dataset.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f010f820c7a80d10 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/data_operations.py:502
        response = requests.post(
            self.dataset.atlas_api_path + "/v1/project/data/get/embedding/topic",
            headers=self.dataset.header,
            json={
                "atlas_index_id": self.projection.atlas_index_id,
                "queries": base64.b64encode(bytesio.getvalue()).decode("utf-8"),
                "k": k,
                "depth": depth,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c7b78c72651dcaf7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/data_operations.py:778
            response = requests.post(
                self.projection.dataset.atlas_api_path + "/v1/project/data/get/nearest_neighbors/by_embedding",
                headers=self.projection.dataset.header,
                json={
                    "atlas_index_id": self.projection.atlas_index_id,
                    "queries": base64.b64encode(bytesio.getvalue()).decode("utf-8"),
                    "k": k,
                },
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bcf83ae7296b3529 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/data_operations.py:788
            response = requests.post(
                self.projection.dataset.atlas_api_path + "/v1/project/data/get/nearest_neighbors/by_id",
                headers=self.projection.dataset.header,
                json={"atlas_index_id": self.projection.atlas_index_id, "datum_ids": ids, "k": k},
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f34d4a1a9065ebf2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/data_operations.py:896
        tags = requests.get(
            self.dataset.atlas_api_path + "/v1/project/projection/tags/get/all",
            headers=self.dataset.header,
            params={"project_id": self.dataset.id, "projection_id": self.projection.id, "include_dsl_rule": False},
        ).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #80d39b6132f37433 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/data_operations.py:903
            is_complete = requests.get(
                self.dataset.atlas_api_path + "/v1/project/projection/tags/status",
                headers=self.dataset.header,
                params={
                    "project_id": self.dataset.id,
                    "tag_id": tag["tag_id"],
                },
            ).json()["is_complete"]

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #1aa49ff927865364 Environment-variable access.
pkgs/python/[email protected]/nomic/dataset.py:83
            override_api_path = os.environ["ATLAS_API_PATH"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #5bd442d158607a8c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:101
            response = requests.get(
                self.atlas_api_path + "/v1/user",
                headers=self.header,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f7d7c9ac33b0b271 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:123
        response = requests.get(
            api_base_path + "/v1/user",
            headers=self.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #b6823adb523a9d4a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:172
        response = requests.post(
            self.atlas_api_path + "/v1/project/remove",
            headers=self.header,
            json={"project_id": project_id},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #362a71238e86bd2e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:190
        response = requests.get(
            self.atlas_api_path + f"/v1/project/{project_id}",
            headers=self.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7c959350e94d1f2c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:213
        response = requests.get(
            self.atlas_api_path + f"/v1/organization/{slug}",
            headers=self.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8733f6cf974b227e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:237
        response = requests.get(
            self.atlas_api_path + f"/v1/project/{organization_slug}/{project_slug}",
            headers=self.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #e71d313baa174f87 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:275
        response = requests.get(
            self.atlas_api_path + f"/v1/project/index/job/{job_id}",
            headers=self.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8ff81181df04c06a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:429
        response = requests.post(
            self.atlas_api_path + endpoint,
            headers=self.header,
            json=json,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #14d653be6cb20764 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:437
        response = requests.get(
            self.atlas_api_path + endpoint,
            headers=self.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a2c41c5a4df76cfb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:444
        response = requests.put(
            self.atlas_api_path + endpoint,
            headers=self.header,
            data=data,
            json=json,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #15dedb567db25f7e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:516
        response = requests.get(
            self.dataset.atlas_api_path + f"/v1/project/index/job/progress/{self.atlas_index_id}",
            headers=self.dataset.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bff895352ecf4c77 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:651
            response = requests.get(
                self.dataset.atlas_api_path + f"/v1/project/projection/{self.projection_id}/schema",
                headers=self.dataset.header,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #860f942d2deda6ea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:753
        response = requests.get(
            self.atlas_api_path + endpoint,
            headers=self.header,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4b06471e63baf9c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:876
        response = requests.post(
            self.atlas_api_path + "/v1/project/create",
            headers=self.header,
            json={
                "organization_id": organization_id,
                "project_name": project_slug,
                "description": description,
                "unique_id_field": unique_id_field,
                "is_public": is_public,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #2b216e4031b297c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:1254
        response = requests.post(
            self.atlas_api_path + "/v1/project/index/create",
            headers=self.header,
            json=build_template,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3fd295e5917bd3ff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:1266
        job = requests.get(
            self.atlas_api_path + f"/v1/project/index/job/{job_id}",
            headers=self.header,
        ).json()

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #092f866899ca969f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:1340
        response = requests.post(
            self.atlas_api_path + "/v1/project/data/get",
            headers=self.header,
            json={"project_id": self.id, "datum_ids": ids},
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0288f30a46a28d0d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:1468
            response = requests.post(
                self.atlas_api_path + blob_upload_endpoint,
                headers=self.header,
                data={"dataset_id": self.id},  # self.id is project_id
                files=blobs_for_api,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #7379c95da7d1e575 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/dataset.py:1637
                response = requests.post(
                    self.atlas_api_path + upload_endpoint,
                    headers=self.header,
                    data=buffer,
                )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6b1aeb987330ad9d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/embed.py:78
        lambda: requests.post(
            text_api_url,
            headers=text_api_header,
            json={
                "texts": texts,
                "model": model,
                "task_type": task_type,
                "dimensionality": dimensionality,
                "long_text_mode": long_text_mode,
            },
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8bcb88913962b49f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/embed.py:334
        lambda: requests.post(
            atlas_url + "/v1/embedding/image",
            headers=atlas_header,
            data={"model": model, "urls": urls},
            files=images,
        )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3a57634a84fda672 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/nomic/utils.py:270
                data = requests.get(str(url), headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #cfc729517ed6782c Filesystem access.
pkgs/python/[email protected]/setup.py:10
with open("README.md") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ollama

python dependency
expand_more 12 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #be5c967ac3fd29f0 Filesystem access.
pkgs/python/[email protected]/examples/generate-image.py:13
    with open('output.png', 'wb') as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #405507812ae6e840 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/multimodal-generate.py:8
latest = httpx.get('https://xkcd.com/info.0.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #317832a6c5b2f251 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/multimodal-generate.py:13
comic = httpx.get(f'https://xkcd.com/{num}/info.0.json')

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unreachable #fe179e4db0a5be15 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/multimodal-generate.py:20
raw = httpx.get(comic.json().get('img'))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #860903c4cdf77413 Environment-variable access.
pkgs/python/[email protected]/ollama/_client.py:108
    api_key = os.getenv('OLLAMA_API_KEY', None)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7657277b0b66c5f0 Environment-variable access.
pkgs/python/[email protected]/ollama/_client.py:113
      base_url=_parse_host(host or os.getenv('OLLAMA_HOST')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #476072fcd2672f4c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/ollama/_client.py:139
      r = self._client.request(*args, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #98576d89cc2adad2 Filesystem access.
pkgs/python/[email protected]/ollama/_client.py:611
    with open(path, 'rb') as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2e4a8fd33f51375 Filesystem access.
pkgs/python/[email protected]/ollama/_client.py:620
    with open(path, 'rb') as r:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #e6ef6d283d5b53ea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/ollama/_client.py:732
      r = await self._client.request(*args, **kwargs)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #866efe99b309503c Filesystem access.
pkgs/python/[email protected]/ollama/_types.py:167
      return b64encode(self.value.read_bytes() if isinstance(self.value, Path) else self.value).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2056309d0c1513f5 Filesystem access.
pkgs/python/[email protected]/ollama/_types.py:172
          return b64encode(Path(self.value).read_bytes()).decode()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

python dependency
expand_more 69 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #acc5296e8b760f53 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:30
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #bfe2b8a9805749a9 Filesystem access.
pkgs/python/[email protected]/examples/image_stream.py:41
            with open(filename, "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dd8275208b0ac702 Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:31
    endpoint = os.environ["AZURE_OPENAI_ENDPOINT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #820584cf91e74d8a Environment-variable access.
pkgs/python/[email protected]/examples/realtime/azure_realtime.py:37
    deployment_name = os.environ["AZURE_OPENAI_DEPLOYMENT_NAME"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #298cc7c9ee541d5a Filesystem access.
pkgs/python/[email protected]/examples/uploads.py:30
    data = file.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2a8cfff716ff9aa2 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:158
api_type: _ApiType | None = _t.cast(_ApiType, _os.environ.get("OPENAI_API_TYPE"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9ad7467d764299c2 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:160
api_version: str | None = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a9ea3f24e2902d7 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:162
azure_endpoint: str | None = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0828c72b8083cd29 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:164
azure_ad_token: str | None = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e9a36293c730225f Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:338
    return _os.environ.get("OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a800c359d7af73ff Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:342
    return azure_endpoint is not None or _os.environ.get("AZURE_OPENAI_API_KEY") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #292784af60829931 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:347
        _os.environ.get("AZURE_OPENAI_AD_TOKEN") is not None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16a42897ab0f3d3b Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:363
            azure_endpoint = _os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5279ed2baf14f1af Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:366
            azure_ad_token = _os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c0cca42dc54bd1be Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:369
            api_version = _os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e71cc2c7a827266a Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:379
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f6c34cc6de33a822 Environment-variable access.
pkgs/python/[email protected]/src/openai/__init__.py:379
            if (azure_ad_token is not None or azure_ad_token_provider is not None) and _os.environ.get(
                "AZURE_OPENAI_API_KEY"
            ) is not None:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #8ebdf14a4f467503 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/_base_client.py:309
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #79374a42c8b2e39c Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:209
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a1592bd1f5e0667b Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:219
            admin_api_key = os.environ.get("OPENAI_ADMIN_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e8177ad5d9b1d10 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:235
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ca2752b1bed84a9 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:239
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5871d51b57b98265 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:243
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c01d56ebf52e8775 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:251
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e58bb0f1b9e6aefd Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:255
        custom_headers_env = os.environ.get("OPENAI_CUSTOM_HEADERS") if provider_runtime is None else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6889719130cdd3ca Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:805
                api_key = os.environ.get("OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ad9af40e5ffb5968 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:815
            admin_api_key = os.environ.get("OPENAI_ADMIN_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #04cdfc4295eed546 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:831
            organization = os.environ.get("OPENAI_ORG_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b56d34a03b6aa96e Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:835
            project = os.environ.get("OPENAI_PROJECT_ID")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #449309e001d51f2d Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:839
            webhook_secret = os.environ.get("OPENAI_WEBHOOK_SECRET")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b1dc66e28214e8d Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:847
            base_url = os.environ.get("OPENAI_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3957a1334e145907 Environment-variable access.
pkgs/python/[email protected]/src/openai/_client.py:851
        custom_headers_env = os.environ.get("OPENAI_CUSTOM_HEADERS") if provider_runtime is None else None

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a76066ae2bdce5 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1758a97ee9d2c6e Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7aa3802c56784ec0 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c06f9f9000c168e0 Filesystem access.
pkgs/python/[email protected]/src/openai/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ed8a9d79c5b6ea95 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:441
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f80103b6328da69 Filesystem access.
pkgs/python/[email protected]/src/openai/_legacy_response.py:454
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14e19c1f9882118a Environment-variable access.
pkgs/python/[email protected]/src/openai/_models.py:129
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33641f30a70e95a2 Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:513
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1b049c2efb20237d Filesystem access.
pkgs/python/[email protected]/src/openai/_response.py:555
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6c9d2227a248deb5 Environment-variable access.
pkgs/python/[email protected]/src/openai/_utils/_logs.py:23
    env = os.environ.get("OPENAI_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4bc4c4fc5edaced1 Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e1842a9a9b9ebd1a Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5d48099ae898d24c Filesystem access.
pkgs/python/[email protected]/src/openai/_utils/_utils.py:383
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6cdc08a9ac1f724 Filesystem access.
pkgs/python/[email protected]/src/openai/auth/_workload.py:58
            with open(token_file_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #fd88b2cac3e51049 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/auth/_workload.py:106
                response = http_client.get(url, params=params, headers={"Metadata": "true"}, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #583aa35f27f6e606 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/auth/_workload.py:109
                    response = client.get(url, params=params, headers={"Metadata": "true"}, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #42dd0872cfe07190 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/auth/_workload.py:153
                response = http_client.get(url, params=params, headers={"Metadata-Flavor": "Google"}, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5c722ba9a3c57d92 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/auth/_workload.py:156
                    response = client.get(url, params=params, headers={"Metadata-Flavor": "Google"}, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #51186cbd820a3386 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/openai/auth/_workload.py:249
            response = client.post(
                self.token_exchange_url,
                json={
                    "grant_type": TOKEN_EXCHANGE_GRANT_TYPE,
                    "subject_token": subject_token,
                    "subject_token_type": subject_token_type,
                    "identity_provider_id": self.workload_identity["identity_provider_id"],
                    "service_account_id": self.workload_identity["service_account_id"],
                },
                timeout=10.0,
            )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5ce3e61a45897db6 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/_bedrock_auth.py:172
        region = os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b11a6e9a5b78c680 Filesystem access.
pkgs/python/[email protected]/src/openai/lib/_validators.py:485
                with open(fname, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1de69f8c846ff822 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:214
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5ac0bc307e73fad9 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:217
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d0feb87a875c536b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:225
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1afcad2598bbe28 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:239
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be9709e03c3b6c2b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:538
            api_key = os.environ.get("AZURE_OPENAI_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac2881122f92cd73 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:541
            azure_ad_token = os.environ.get("AZURE_OPENAI_AD_TOKEN")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0c4d0393b55abd0b Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:549
            api_version = os.environ.get("OPENAI_API_VERSION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fceb991db1331ad Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/azure.py:563
                azure_endpoint = os.environ.get("AZURE_OPENAI_ENDPOINT")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #58ca96be2ad9fdda Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:70
    configured = region or os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be4af8ebc0a560bc Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:80
    environment_base_url = os.environ.get("AWS_BEDROCK_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0e6a7953193b8a21 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:105
    token = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f96ddbf5941a385 Environment-variable access.
pkgs/python/[email protected]/src/openai/lib/bedrock.py:150
    environment_token = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bad456d1bd17e1df Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:248
            token = os.environ.get("AWS_BEARER_TOKEN_BEDROCK")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #99e6e9ed5f568087 Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:331
            os.environ.get("AWS_REGION") or os.environ.get("AWS_DEFAULT_REGION")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43e14f3b228285e1 Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:338
        environment_base_url = _normalize_optional_string(os.environ.get("AWS_BEDROCK_BASE_URL"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #377cc12031f144ce Environment-variable access.
pkgs/python/[email protected]/src/openai/providers/bedrock.py:391
        and bool(os.environ.get("AWS_BEARER_TOKEN_BEDROCK"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openrouter

python dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #3a98ea6803620d4c Filesystem access.
pkgs/python/[email protected]/src/openrouter/types/base64fileinput.py:23
            with open(value, "rb") as fh:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #20891d81988d3788 Environment-variable access.
pkgs/python/[email protected]/src/openrouter/utils/logger.py:24
    if os.getenv("OPENROUTER_DEBUG"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7c518011e6692b82 Environment-variable access.
pkgs/python/[email protected]/src/openrouter/utils/security.py:79
    if os.getenv("OPENROUTER_API_KEY"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d459c40aa9fbd21 Environment-variable access.
pkgs/python/[email protected]/src/openrouter/utils/security.py:80
        security_dict["api_key"] = os.getenv("OPENROUTER_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #531b5a0ec77d6498 Environment-variable access.
pkgs/python/[email protected]/src/openrouter/utils/values.py:63
    env_value = os.getenv(env_key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

packaging

python dependency
expand_more 3 low-confidence finding(s)
low env_fs tooling Excluded from app score unreachable #ce0f4bf0206d27cd Filesystem access.
pkgs/python/[email protected]/docs/conf.py:11
with open(os.path.join(_BASE_DIR, "src", "packaging", "__init__.py")) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cf0f229ca995228 Filesystem access.
pkgs/python/[email protected]/src/packaging/_manylinux.py:34
        with open(path, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d7c05ffe85f94a5 Filesystem access.
pkgs/python/[email protected]/src/packaging/_musllinux.py:46
        with open(executable, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

perplexityai

python dependency
expand_more 18 low-confidence finding(s)
low egress dependency Excluded from app score #d69a86ebba4e667d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/perplexity/_base_client.py:306
        return await self._client.request(self._page_cls, self._options)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fc7a93b6cddbf0c6 Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_client.py:94
            api_key = os.environ.get("PERPLEXITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9796936e44f87e5b Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_client.py:102
            base_url = os.environ.get("PERPLEXITY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8327efc3f2789b77 Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_client.py:106
        custom_headers_env = os.environ.get("PERPLEXITY_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #82a867a4b492564d Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_client.py:317
            api_key = os.environ.get("PERPLEXITY_API_KEY")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6044376a21eee777 Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_client.py:325
            base_url = os.environ.get("PERPLEXITY_BASE_URL")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9177abd8241f5cec Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_client.py:329
        custom_headers_env = os.environ.get("PERPLEXITY_CUSTOM_HEADERS")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #37eab42b30cd8df3 Filesystem access.
pkgs/python/[email protected]/src/perplexity/_files.py:69
            return (path.name, path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc58fae070fd64b9 Filesystem access.
pkgs/python/[email protected]/src/perplexity/_files.py:81
        return pathlib.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f541192aa8ae3a37 Filesystem access.
pkgs/python/[email protected]/src/perplexity/_files.py:111
            return (path.name, await path.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7cafc723c2e3ffca Filesystem access.
pkgs/python/[email protected]/src/perplexity/_files.py:123
        return await anyio.Path(file).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5c726a17a994dbcd Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_models.py:120
            extra="allow", defer_build=coerce_boolean(os.environ.get("DEFER_PYDANTIC_BUILD", "true"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #370bf2f0500018cb Filesystem access.
pkgs/python/[email protected]/src/perplexity/_response.py:497
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c88f3e803a52f49b Filesystem access.
pkgs/python/[email protected]/src/perplexity/_response.py:539
        with open(file, mode="wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66f5a3a54c5449e8 Environment-variable access.
pkgs/python/[email protected]/src/perplexity/_utils/_logs.py:17
    env = os.environ.get("PERPLEXITY_LOG")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #556ee98ff8d72207 Filesystem access.
pkgs/python/[email protected]/src/perplexity/_utils/_transform.py:248
            binary = data.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #89f5224aeeb287f6 Filesystem access.
pkgs/python/[email protected]/src/perplexity/_utils/_transform.py:414
            binary = await anyio.Path(data).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d3e753a6105bad8 Filesystem access.
pkgs/python/[email protected]/src/perplexity/_utils/_utils.py:379
    contents = Path(path).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pydantic

python dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #0ddc7b6e543ee6cf Filesystem access.
pkgs/python/[email protected]/pydantic/deprecated/parse.py:71
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #297f816af42ec6b4 Environment-variable access.
pkgs/python/[email protected]/pydantic/json_schema.py:344
                if os.getenv('PYDANTIC_PRIVATE_ALLOW_UNHANDLED_SCHEMA_TYPES'):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #45f08e4b6eda4355 Filesystem access.
pkgs/python/[email protected]/pydantic/mypy.py:1411
    with open(config_file, 'rb') as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81d78f81ebd05d5b Environment-variable access.
pkgs/python/[email protected]/pydantic/plugin/_loader.py:27
    disabled_plugins = os.getenv('PYDANTIC_DISABLE_PLUGINS')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #66139b997e6c1d15 Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:173
            env_vars: Mapping[str, Optional[str]] = os.environ

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d28cb9ed2948fc0d Environment-variable access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:175
            env_vars = {k.lower(): v for k, v in os.environ.items()}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b95cf8b01e7de2d0 Filesystem access.
pkgs/python/[email protected]/pydantic/v1/env_settings.py:307
                    secret_value = path.read_text().strip()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f993ed78653ae33a Filesystem access.
pkgs/python/[email protected]/pydantic/v1/mypy.py:948
    with open(config_file, read_mode) as rf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #36d4712102e0e08f Filesystem access.
pkgs/python/[email protected]/pydantic/v1/parse.py:57
    b = path.read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pytest-recording

python dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #b45d2c2b50f6a378 Filesystem access.
pkgs/python/[email protected]/src/pytest_recording/_vcr.py:34
        with open(cassette_path, encoding="utf8") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

qdrant-client

python dependency
expand_more 13 low-confidence finding(s)
low egress dependency Excluded from app score #8bd345041e9ee396 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/qdrant_client/common/version_check.py:15
    response = httpx.get(rest_uri, headers=rest_headers, auth=auth_provider, timeout=timeout)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #fa6a317fdd52c1d2 Filesystem access.
pkgs/python/[email protected]/qdrant_client/embed/schema_parser.py:298
        with open(output_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #179ccc3e3db486b1 Filesystem access.
pkgs/python/[email protected]/qdrant_client/embed/utils.py:76
    with open(path, "rb") as file:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d1132b00f51032d Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:99
            with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #558f75056223df15 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:102
            with open(meta_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #543c7c222583eacb Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:125
            with open(lock_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dd0fdb6c3b2be307 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:127
        self._flock_file = open(lock_file_path, "r+")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c6e3909c4381a0d1 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/async_qdrant_local.py:146
        with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #be3aae1309c6be27 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:102
            with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72dafe5824993c9c Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:105
            with open(meta_path, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #02988303a0ceca66 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:136
            with open(lock_file_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b887e6b2768a852f Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:138
        self._flock_file = open(lock_file_path, "r+")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #047696994fbc6894 Filesystem access.
pkgs/python/[email protected]/qdrant_client/local/qdrant_local.py:162
        with open(meta_path, "w") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #7694d032605fc2d6 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:857
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72084f36b3dec720 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:858
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1769d00cec5de6fc Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:239
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #28c30f120166120e Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:798
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ce99121539d9d208 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:799
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9ed542d6c96c904 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:805
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef9ddbd6f3eafd53 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:807
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #84a81b57d1fe66b7 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:820
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tokenizers

python dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #13e6d1f41b3b3a3b Environment-variable access.
pkgs/python/[email protected]/bindings/python/benches/test_tiktoken.py:29
    os.environ["RAYON_NUM_THREADS"] = str(num_threads)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #5d08371f49e2f147 Filesystem access.
pkgs/python/[email protected]/bindings/python/examples/example.py:29
    with open(args.file, "r") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f4cccfd43cac41e6 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/convert.py:52
    m.ParseFromString(open(filename, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #28378e071f7a94c9 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/convert.py:342
    with open(filename, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #ea6ee02e53d89718 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:61
        with open(self._model, "r") as model_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #0065813bffaa78a4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:121
                response = get(args.model, allow_redirects=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #e628801cd7dbf372 Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:134
        with open(args.vocab_output_path, "w") as vocab_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #e34962ab84310efc Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/sentencepiece_extractor.py:135
            with open(args.merges_output_path, "w") as merges_f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #dba2da8a658cd71e Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/spm_parity_check.py:99
    with open(args.input_file, "r") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #c71d4a08a4d106ca Filesystem access.
pkgs/python/[email protected]/bindings/python/scripts/spm_parity_check.py:226
    with open(args.input_file, "r", encoding="utf-8-sig") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7744883a6f7a79c1 Filesystem access.
pkgs/python/[email protected]/py_src/tokenizers/implementations/sentencepiece_unigram.py:160
        m.ParseFromString(open(filename, "rb").read())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling reachable #95ce90fcdf9109e7 Filesystem access.
pkgs/python/[email protected]/py_src/tokenizers/tools/visualizer.py:12
with open(css_filename) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typing-extensions

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #7b694905a487d5ad Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1698
            Path(tempdir, "ann_module.py").write_text(ANN_MODULE_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5878a57d7742a98c Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1699
            Path(tempdir, "ann_module2.py").write_text(ANN_MODULE_2_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #63dd6c38618de31c Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1700
            Path(tempdir, "ann_module3.py").write_text(ANN_MODULE_3_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #963d3343c4a642e6 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8783
            Path(tempdir, "inspect_stock_annotations.py").write_text(STOCK_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ac0e73ea78a931e Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8784
            Path(tempdir, "inspect_stringized_annotations.py").write_text(STRINGIZED_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d3edbbfa0a73caf Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8785
            Path(tempdir, "inspect_stringized_annotations_2.py").write_text(STRINGIZED_ANNOTATIONS_2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a3ed9784b754412a Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:9234
            Path(tempdir, "inspect_stringized_annotations_pep_695.py").write_text(STRINGIZED_ANNOTATIONS_PEP_695)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • langchain-community prod — sdist exceeds byte cap