Close Open Privacy Scan

bolt Snapshot: commit 643b8bc
science engine v1.21
schedule 2026-07-19T02:16:39.548562+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

smart_toy MCP server detected: @anthropic-ai/sdk, @modelcontextprotocol/sdk, openai — detected in dependencies, not a safety judgment.
Incomplete scan — only 0/200 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 2735 finding(s)

Dependency score: 100 (Low risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

2 high 80 medium 2653 low
First-party packages: 38
Dependency packages: 0
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: 302.aia.comagent-gateway.lobehub.comai-gateway.vercel.shai-userxxxxxxxxxx.services.ai.azure.comai.360.cnai.360.comai.azure.comai.gitee.comai.google.devai.meta.comaihubmix.comalipaytbox.yuque.comampcode.comanalytics.umami.isanthropic.comapi-data.line.meapi-inference.modelscope.cnapi.302.aiapi.360.cnapi.abc.comapi.ai21.comapi.anthropic.comapi.baichuan-ai.comapi.bfl.aiapi.bochaai.comapi.cerebras.aiapi.cloudflare.comapi.cohere.aiapi.cohere.comapi.cometapi.comapi.deepseek.comapi.exa.aiapi.firecrawl.devapi.fireworks.aiapi.github.comapi.githubcopilot.comapi.groq.comapi.kimi.comapi.line.meapi.lingyiwanwu.comapi.lkeap.cloud.tencent.comapi.longcat.chatapi.minimax.ioapi.minimaxi.comapi.mistral.aiapi.moonshot.cnapi.novita.aiapi.openai.comapi.perplexity.aiapi.ppinfra.comapi.replicate.comapi.sambanova.aiapi.search.brave.comapi.search1api.comapi.sgroup.qq.comapi.siliconflow.cnapi.slack.comapi.stepfun.comapi.straico.comapi.studio.nebius.comapi.tavily.comapi.tbox.cnapi.telegram.orgapi.together.xyzapi.upstage.aiapi.v0.devapi.x.aiapi.xiaomimimo.comapig.console.aliyun.comapp.lobehub.comapp.posthog.comark.cn-beijing.volces.comarxiv.orgauth.x.aiazure.microsoft.combfl.aibluebubbles.appbots.qq.combuild.nvidia.comcdn.jsdelivr.netcdn.tailwindcss.comcerebras.aichat-plugins.lobehub.comchat-preview.lobehub.comchat.intern-ai.org.cnchatapi.akash.networkchatgpt.comchrome.browserless.ioclaude.aicloud.baidu.comcloud.google.comcloud.infini-ai.comcloud.langfuse.comcloud.sambanova.aicloud.tencent.comcloud.zidongtaichu.comcoding.dashscope.aliyuncs.comcohere.comcometapi.comcomposio.devconsole.bce.baidu.comconsole.cloud.google.comconsole.cloud.tencent.comconsole.groq.comcvpr.thecvf.comdashscope.aliyuncs.comdatatracker.ietf.orgdeepsearch.jina.aideepseek.comdeveloper.mozilla.orgdeveloper.qiniu.comdevelopers.cloudflare.comdevelopers.line.bizdevelopers.upstage.aidevice-gateway.lobehub.comdiscord.comdiscord.ggdocs.ai21.comdocs.aihubmix.comdocs.anthropic.comdocs.aws.amazon.comdocs.cohere.comdocs.mistral.aidocs.perplexity.aidocs.together.aidocs.vllm.aidocs.x.aidocs.z.aifal.aifireworks.aigenerativelanguage.googleapis.comgithub.comgroq.comhelp.aliyun.comhigress.cnhub-apac-1.lobeobjects.spacehuggingface.cohunyuan.tencent.comicons.duckduckgo.comilinkai.weixin.qq.cominference-docs.cerebras.aiinference.readthedocs.iointegrate.api.nvidia.cominternlm.intern-ai.org.cnjina.aikagi.comlearn.microsoft.comling.tbox.cnlmstudio.ailobe.lilobechat.comlobehub.comlocal.filelongcat.chatmarket.lobehub.commedium.commistral.aimodels.devmodels.github.aimodelscope.cnnebius.comnovac2c.cdn.weixin.qq.comnovita.ainpmmirror.comollama.comopen.bigmodel.cnopen.feishu.cnopen.larksuite.comopenai.comopenai.qiniu.comopencode.aiopenrouter.aiplatform.baichuan-ai.complatform.deepseek.complatform.lingyiwanwu.complatform.minimax.ioplatform.minimaxi.complatform.moonshot.aiplatform.openai.complatform.sensenova.cnplatform.stepfun.complatform.xiaomimimo.complausible.ioplay.google.complugin.anspire.cnppinfra.comq.qq.comqianfan.baidubce.comqstash.upstash.ior.jina.air.jinaai.cnraw.githubusercontent.comregistry.npmjs.orgregistry.npmmirror.comreplicate.comrouter.huggingface.cos.jina.ais.jinaai.cnsandbox.api.sgroup.qq.comscribe.ripsiliconflow.cnslack.comsogou.comspark-api-open.xf-yun.comstepfun.comstraico.comstudio.ai21.comstudio.nebius.comt.metestflight.apple.comtoken.sensenova.cntokenhub.tencentmaas.comupstage.aiv0.devvercel.comwallstreetcn.comwanqing.streamlakeapi.comworkflow-run-guard.localwww.aliyun.comwww.bing.comwww.comfy.orgwww.google.comwww.googleapis.comwww.lingyiwanwu.comwww.minimaxi.comwww.moonshot.aiwww.perplexity.aiwww.qiniu.comwww.qiumiwu.comwww.reddit.comwww.search1api.comwww.sensenova.cnwww.streamlake.comwww.together.aiwww.volcengine.comwww.w3.orgwww.xfyun.cnwww.youtube.comx.aix.comxinghuo.xfyun.cnyour-proxy-url.comyour-resource.cognitiveservices.azure.comyour-server.comyour.new-api-provider.comz.aizenmux.aizhipuai.cnzhuanlan.zhihu.com

high first-party (npm): packages/model-runtime A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/model-runtime/src/providers/azureai/index.ts:33 repo/packages/model-runtime/src/providers/azureai/index.ts:67
high first-party (npm): packages/model-runtime A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/model-runtime/src/providers/comfyui/index.ts:96 repo/packages/model-runtime/src/providers/comfyui/index.ts:101
medium first-party (npm) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/src/layout/AuthProvider/MarketAuth/oidc.ts:142 repo/src/layout/AuthProvider/MarketAuth/oidc.ts:150
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:48 repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:45
medium first-party (npm): apps/server Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/apps/server/src/services/bot/BotMessageRouter.ts:780 repo/apps/server/src/services/bot/BotMessageRouter.ts:798
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/desktopRelease/index.ts:120 repo/apps/server/src/services/desktopRelease/index.ts:122
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/oauthDeviceFlow/index.ts:105 repo/apps/server/src/services/oauthDeviceFlow/index.ts:105
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/oauthDeviceFlow/index.ts:169 repo/apps/server/src/services/oauthDeviceFlow/index.ts:169
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/oauthDeviceFlow/providers/githubCopilot.ts:55 repo/apps/server/src/services/oauthDeviceFlow/providers/githubCopilot.ts:55
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/anspire/index.ts:74 repo/apps/server/src/services/search/impls/anspire/index.ts:71
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/bocha/index.ts:64 repo/apps/server/src/services/search/impls/bocha/index.ts:61
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/brave/index.ts:70 repo/apps/server/src/services/search/impls/brave/index.ts:66
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/exa/index.ts:69 repo/apps/server/src/services/search/impls/exa/index.ts:65
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/firecrawl/index.ts:69 repo/apps/server/src/services/search/impls/firecrawl/index.ts:66
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/jina/index.ts:48 repo/apps/server/src/services/search/impls/jina/index.ts:44
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/kagi/index.ts:52 repo/apps/server/src/services/search/impls/kagi/index.ts:50
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/search1api/index.ts:85 repo/apps/server/src/services/search/impls/search1api/index.ts:82
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/tavily/index.ts:63 repo/apps/server/src/services/search/impls/tavily/index.ts:60
medium first-party (npm): apps/server A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/workflows/runGuard/qstashCancel.ts:79 repo/apps/server/src/workflows/runGuard/qstashCancel.ts:93
medium first-party (npm): packages/web-crawler A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/browserless.ts:14 repo/packages/web-crawler/src/crawImpl/browserless.ts:42
medium first-party (npm): packages/web-crawler A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/exa.ts:25 repo/packages/web-crawler/src/crawImpl/exa.ts:32
medium first-party (npm): packages/web-crawler A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/firecrawl.ts:54 repo/packages/web-crawler/src/crawImpl/firecrawl.ts:62
medium first-party (npm): packages/web-crawler A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/jina.ts:11 repo/packages/web-crawler/src/crawImpl/jina.ts:17
medium first-party (npm): packages/web-crawler A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/search1api.ts:19 repo/packages/web-crawler/src/crawImpl/search1api.ts:26
medium first-party (npm): packages/web-crawler A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/tavily.ts:26 repo/packages/web-crawler/src/crawImpl/tavily.ts:33
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:51 repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:49
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:167 repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:164
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.ts:610 repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.ts:710
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/aihubmix/index.ts:163 repo/packages/model-runtime/src/providers/aihubmix/index.ts:181
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/bfl/createImage.ts:125 repo/packages/model-runtime/src/providers/bfl/createImage.ts:121
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/bfl/createImage.ts:161 repo/packages/model-runtime/src/providers/bfl/createImage.ts:158
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/cloudflare/index.ts:77 repo/packages/model-runtime/src/providers/cloudflare/index.ts:93
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/cloudflare/index.ts:77 repo/packages/model-runtime/src/providers/cloudflare/index.ts:156
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/google/index.ts:135 repo/packages/model-runtime/src/providers/google/index.ts:471
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:55 repo/packages/model-runtime/src/providers/minimax/createVideo.ts:53
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:78 repo/packages/model-runtime/src/providers/minimax/createVideo.ts:76
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:177 repo/packages/model-runtime/src/providers/minimax/createVideo.ts:174
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/nebius/index.ts:34 repo/packages/model-runtime/src/providers/nebius/index.ts:31
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:41 repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:38
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:126 repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:123
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/straico/index.ts:46 repo/packages/model-runtime/src/providers/straico/index.ts:44
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/volcengine/video/createVideo.ts:78 repo/packages/model-runtime/src/providers/volcengine/video/createVideo.ts:75
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:37 repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:35
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:137 repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:134
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/xai/createVideo.ts:35 repo/packages/model-runtime/src/providers/xai/createVideo.ts:33
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/xai/createVideo.ts:127 repo/packages/model-runtime/src/providers/xai/createVideo.ts:124
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createImage.ts:39 repo/packages/model-runtime/src/providers/zhipu/createImage.ts:37
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createImage.ts:134 repo/packages/model-runtime/src/providers/zhipu/createImage.ts:131
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:41 repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:39
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:147 repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:144
medium first-party (npm): packages/model-runtime A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/index.ts:222 repo/packages/model-runtime/src/providers/zhipu/index.ts:220

</> First-Party Code

first-party (npm): packages/model-runtime

npm first-party
high pii_flow production #b68f45e69f3dbef5 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/model-runtime/src/providers/azureai/index.ts:67 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/azureai/index.ts:33 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/azureai/index.ts:67
      const response = this.client.path('/chat/completions').post({
        body: {
          messages: updatedMessages as OpenAI.ChatCompletionMessageParam[],
          model,
          ...params,
          stream: enableStreaming,
          temperature: model.includes('o3') || model.includes('o4') ? undefined : temperature,
          tool_choice: params.tools ? 'auto' : undefined,
          top_p: model.includes('o3') || model.includes('o4') ? undefined : top_p,
        },
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6d078c155c6114ae A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/model-runtime/src/providers/comfyui/index.ts:101 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/comfyui/index.ts:96 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/comfyui/index.ts:101
      const response = await fetch(`${appUrl}/webapi/create-image/comfyui`, {
        body: JSON.stringify({
          model: payload.model,
          options: this.options,
          params: payload.params,
        }),
        headers,
        method: 'POST',
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #d3816c4579d1acac A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:49 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:51 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:49
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #4e89ed0f90e7c206 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:164 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:167 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:164
  const response = await fetch(`${baseURL}/videos`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #4309b4d81487cf0c A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.ts:710 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.ts:610 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.ts:710
          response = (await this.client.chat.completions.create(requestPayload, {
            // https://github.com/lobehub/lobe-chat/pull/318
            headers: { Accept: '*/*', ...options?.requestHeaders },
            signal: options?.signal,
          })) as unknown as Stream<OpenAI.Chat.Completions.ChatCompletionChunk>;

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #2fbf9a3b49706cf8 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/aihubmix/index.ts:181 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/aihubmix/index.ts:163 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/aihubmix/index.ts:181
      const response = await fetch(urlJoin(rootBaseURL, '/api/v1/models'), {
        headers: {
          'Authorization': `Bearer ${apiKey}`,
          'APP-Code': 'LobeHub',
        },
        signal: controller.signal,
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #978a2f824d74098e A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/bfl/createImage.ts:121 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/bfl/createImage.ts:125 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/bfl/createImage.ts:121
  const response = await fetch(url, {
    body: JSON.stringify(payload),
    headers: {
      'Content-Type': 'application/json',
      'x-key': options.apiKey,
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #ace67adddb771a1b A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/bfl/createImage.ts:158 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/bfl/createImage.ts:161 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/bfl/createImage.ts:158
  const response = await fetch(pollingUrl, {
    headers: {
      'accept': 'application/json',
      'x-key': options.apiKey,
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #00615fb973fd7b3d A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/cloudflare/index.ts:93 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/cloudflare/index.ts:77 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/cloudflare/index.ts:93
      response = await fetch(url, {
        body: JSON.stringify({ tools: functions, ...restPayload }),
        headers: { 'Content-Type': 'application/json', ...headers },
        method: 'POST',
        signal: options?.signal,
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #77033a13d22d5f99 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/cloudflare/index.ts:156 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/cloudflare/index.ts:77 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/cloudflare/index.ts:156
    const response = await fetch(url, {
      headers: {
        'Authorization': `Bearer ${this.apiKey}`,
        'Content-Type': 'application/json',
      },
      method: 'GET',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #5a77397c4dae0619 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/google/index.ts:471 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/google/index.ts:135 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/google/index.ts:471
      const response = await fetch(url, {
        headers: {
          'x-goog-api-key': this.apiKey!,
        },
        method: 'GET',
        signal: options?.signal,
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #bab49511dbdf2ca9 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:53 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/minimax/createVideo.ts:55 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/minimax/createVideo.ts:53
  const response = await fetch(urlWithParams.toString(), {
    headers: {
      Authorization: `Bearer ${options.apiKey}`,
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #c78c08fe5b9a5595 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:76 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/minimax/createVideo.ts:78 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/minimax/createVideo.ts:76
  const response = await fetch(urlWithParams.toString(), {
    headers: {
      Authorization: `Bearer ${options.apiKey}`,
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #ddab827373a4fce2 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:174 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/minimax/createVideo.ts:177 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/minimax/createVideo.ts:174
  const response = await fetch(`${baseURL}/video_generation`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #1d7bf3c8712f4ae1 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/nebius/index.ts:31 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/nebius/index.ts:34 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/nebius/index.ts:31
    const res = await fetch(url, {
      headers: {
        Accept: 'application/json',
        Authorization: `Bearer ${client.apiKey}`,
      },
      method: 'GET',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #c8933e081a1663a7 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:38 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:41 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:38
  const response = await fetch(statusUrl, {
    body: JSON.stringify({ requestId }),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #6cc77dd866e15020 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:123 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:126 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:123
  const response = await fetch(`${baseURL}/video/submit`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #6bcfdef547a2e605 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/straico/index.ts:44 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/straico/index.ts:46 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/straico/index.ts:44
    const response = await fetch(url, {
      headers: {
        Authorization: `Bearer ${client.apiKey}`,
      },
      method: 'GET',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #0ff0e65c443ab054 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/volcengine/video/createVideo.ts:75 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/volcengine/video/createVideo.ts:78 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/volcengine/video/createVideo.ts:75
  const response = await fetch(`${baseURL}/contents/generations/tasks`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #9fcc9835e34c79f2 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:35 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:37 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:35
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #54a1b3ce19a46308 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:134 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:137 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:134
  const response = await fetch(`${baseURL}/video/generations`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #a6af94bca8b1d8ca A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/xai/createVideo.ts:33 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/xai/createVideo.ts:35 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/xai/createVideo.ts:33
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #91f68f525705dd50 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/xai/createVideo.ts:124 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/xai/createVideo.ts:127 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/xai/createVideo.ts:124
  const response = await fetch(`${baseURL}/videos/generations`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #38e035d8619af576 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createImage.ts:37 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createImage.ts:39 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createImage.ts:37
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #165ef8bd117acb07 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createImage.ts:131 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createImage.ts:134 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createImage.ts:131
  const response = await fetch(endpoint, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #603d5715e5c2241c A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:39 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:41 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:39
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #40000c7ed1ec6503 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:144 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:147 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:144
  const response = await fetch(`${baseURL}/videos/generations`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #da11821c587e9960 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/model-runtime/src/providers/zhipu/index.ts:220 · flow /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/index.ts:222 → /tmp/closeopen-4_u_15or/repo/packages/model-runtime/src/providers/zhipu/index.ts:220
    const response = await fetch(url, {
      headers: {
        'Authorization': `Bearer ${client.apiKey}`,
        'Bigmodel-Organization': 'lobehub',
        'Bigmodel-Project': 'lobechat',
      },
      method: 'GET',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 428 low-confidence finding(s)
low env_fs production #d4da30d0daf36fc9 Environment-variable access.
repo/packages/model-runtime/src/core/RouterRuntime/createRuntime.ts:265
      if (process.env.NODE_ENV !== 'development') return effectiveUserId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #967e52b5685a394f Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:25
const originalAnthropicClientTimeout = process.env.ANTHROPIC_CLIENT_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1dd380068c94c18b Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:29
    delete process.env.ANTHROPIC_CLIENT_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4163dd66edb1a364 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:31
    process.env.ANTHROPIC_CLIENT_TIMEOUT = originalAnthropicClientTimeout;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #58dac2bd92ee307d Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:68
    delete process.env.ANTHROPIC_CLIENT_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ba2ff0560738d9c7 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:81
    process.env.ANTHROPIC_CLIENT_TIMEOUT = '780000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c2e00e0f2ce889f2 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:91
    delete process.env.ANTHROPIC_CLIENT_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #00221593ad44a305 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:96
    process.env.ANTHROPIC_CLIENT_TIMEOUT = 'invalid';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0c948088f0438a9 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:106
    delete process.env.ANTHROPIC_CLIENT_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e38bead28d2c3225 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:111
    process.env.ANTHROPIC_CLIENT_TIMEOUT = '780000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8c3eabb717073143 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.test.ts:124
    delete process.env.ANTHROPIC_CLIENT_TIMEOUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94c86919238f77fc Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.ts:66
  const timeout = Number(process.env[ANTHROPIC_CLIENT_TIMEOUT_ENV]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a2972a780404de1 Environment-variable access.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.ts:275
  const betaHeaders = process.env.ANTHROPIC_BETA_HEADERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3b428eedaabda356 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/core/anthropicCompatibleFactory/index.ts:381
  const response = await fetch(`${baseURL}/v1/models`, {
    headers: {
      'anthropic-version': '2023-06-01',
      'x-api-key': `${apiKey}`,
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6df5124c216d1105 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/anthropic.ts:479
  const maxUses = process.env.ANTHROPIC_MAX_USES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #75a77d73d527b515 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:39
    process.env.LLM_VISION_IMAGE_USE_BASE64 = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7c5e8698fcf18531 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:64
    process.env.LLM_VISION_IMAGE_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #671025bfe2dc4750 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:80
    process.env.LLM_VISION_IMAGE_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8189d20e4a3362f1 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:104
    process.env.LLM_VISION_VIDEO_USE_BASE64 = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4d03f6811117c7ba Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:127
    process.env.LLM_VISION_VIDEO_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0b3b6b4a63523d4e Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:131
    process.env.LLM_VISION_VIDEO_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ac9656045a19152f Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:147
    process.env.LLM_VISION_VIDEO_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #003cce6d1ac0200c Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:171
    process.env.LLM_VISION_VIDEO_USE_BASE64 = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #88b4f9a3efd37fef Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:185
    process.env.LLM_VISION_VIDEO_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b41156fff1e56293 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:219
    process.env.LLM_VISION_IMAGE_USE_BASE64 = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b79c83ae0848c181 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:238
    process.env.LLM_VISION_IMAGE_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e4fa6607174e1c03 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:1055
    process.env.LLM_VISION_VIDEO_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fe44bfd693199b39 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.test.ts:1097
    process.env.LLM_VISION_IMAGE_USE_BASE64 = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1c02b116b34888b Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.ts:43
      options?.forceImageBase64 || process.env.LLM_VISION_IMAGE_USE_BASE64 === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e899d258f48230d7 Environment-variable access.
repo/packages/model-runtime/src/core/contextBuilders/openai.ts:59
      options?.forceVideoBase64 || process.env.LLM_VISION_VIDEO_USE_BASE64 === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6b55c694a5479212 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/core/contextBuilders/openai.ts:448
    const response = await fetch(imageUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ab124fb645ea4f86 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:49
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b7bb9a102772ff33 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/createVideo.ts:164
  const response = await fetch(`${baseURL}/videos`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #cde71859a96e00c2 Environment-variable access.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.test.ts:43
    chatCompletion: () => process.env.DEBUG_MOCKPROVIDER_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e313f29776f5de50 Environment-variable access.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.test.ts:1664
        const originalDebugValue = process.env.DEBUG_MOCKPROVIDER_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4883338bce53711d Environment-variable access.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.test.ts:1667
        process.env.DEBUG_MOCKPROVIDER_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c6af1d152f6abd52 Environment-variable access.
repo/packages/model-runtime/src/core/openaiCompatibleFactory/index.test.ts:1683
        process.env.DEBUG_MOCKPROVIDER_CHAT_COMPLETION = originalDebugValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89f76bf043979d0d Environment-variable access.
repo/packages/model-runtime/src/providerTestUtils.ts:338
          const originalDebugValue = process.env[debugEnv];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23751b355369b2d2 Environment-variable access.
repo/packages/model-runtime/src/providerTestUtils.ts:340
          process.env[debugEnv] = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba4e73a843a1bed4 Environment-variable access.
repo/packages/model-runtime/src/providerTestUtils.ts:356
          process.env[debugEnv] = originalDebugValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bceaf1c2fce93291 Environment-variable access.
repo/packages/model-runtime/src/providers/ai21/index.ts:16
    chatCompletion: () => process.env.DEBUG_AI21_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23f866a9c1ac80c2 Environment-variable access.
repo/packages/model-runtime/src/providers/ai302/index.ts:36
    chatCompletion: () => process.env.DEBUG_AI302_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #311c12df2157363d Environment-variable access.
repo/packages/model-runtime/src/providers/ai360/index.test.ts:34
      delete process.env.DEBUG_AI360_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #098a95882fe57f92 Environment-variable access.
repo/packages/model-runtime/src/providers/ai360/index.test.ts:40
      process.env.DEBUG_AI360_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4f2b18aea2399ea5 Environment-variable access.
repo/packages/model-runtime/src/providers/ai360/index.test.ts:43
      delete process.env.DEBUG_AI360_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #73da7a9b2e1fd93d Environment-variable access.
repo/packages/model-runtime/src/providers/ai360/index.test.ts:47
      process.env.DEBUG_AI360_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #77170d8d3a055f25 Environment-variable access.
repo/packages/model-runtime/src/providers/ai360/index.test.ts:50
      delete process.env.DEBUG_AI360_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70b6e1e713819c55 Environment-variable access.
repo/packages/model-runtime/src/providers/ai360/index.ts:39
    chatCompletion: () => process.env.DEBUG_AI360_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f32336f7428c431 Environment-variable access.
repo/packages/model-runtime/src/providers/aihubmix/index.ts:156
    chatCompletion: () => process.env.DEBUG_AIHUBMIX_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6ee5d3a26eddc0c3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/aihubmix/index.ts:181
      const response = await fetch(urlJoin(rootBaseURL, '/api/v1/models'), {
        headers: {
          'Authorization': `Bearer ${apiKey}`,
          'APP-Code': 'LobeHub',
        },
        signal: controller.signal,
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #787968e0aa5d00d3 Environment-variable access.
repo/packages/model-runtime/src/providers/akashchat/index.test.ts:68
      delete process.env.DEBUG_AKASH_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #104e4e328e131cfa Environment-variable access.
repo/packages/model-runtime/src/providers/akashchat/index.test.ts:74
      process.env.DEBUG_AKASH_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2164ed3f44584ab4 Environment-variable access.
repo/packages/model-runtime/src/providers/akashchat/index.test.ts:77
      delete process.env.DEBUG_AKASH_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #31373891ce1bc874 Environment-variable access.
repo/packages/model-runtime/src/providers/akashchat/index.test.ts:81
      process.env.DEBUG_AKASH_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #297d79ba0455f333 Environment-variable access.
repo/packages/model-runtime/src/providers/akashchat/index.test.ts:84
      delete process.env.DEBUG_AKASH_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce240d4f6227d69a Environment-variable access.
repo/packages/model-runtime/src/providers/akashchat/index.ts:36
    chatCompletion: () => process.env.DEBUG_AKASH_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #414a67af15cf7318 Environment-variable access.
repo/packages/model-runtime/src/providers/antgroup/index.ts:22
    chatCompletion: () => process.env.DEBUG_ANTGROUP_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #568d901da416358c Environment-variable access.
repo/packages/model-runtime/src/providers/anthropic/index.test.ts:262
      const originalDebugValue = process.env.DEBUG_ANTHROPIC_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5fa34681ad378ec5 Environment-variable access.
repo/packages/model-runtime/src/providers/anthropic/index.test.ts:264
      process.env.DEBUG_ANTHROPIC_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b36b25bb371434c9 Environment-variable access.
repo/packages/model-runtime/src/providers/anthropic/index.test.ts:278
      process.env.DEBUG_ANTHROPIC_CHAT_COMPLETION = originalDebugValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ce4b72a9064d9fe Environment-variable access.
repo/packages/model-runtime/src/providers/anthropic/index.ts:23
    chatCompletion: () => process.env.DEBUG_ANTHROPIC_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5b80a05aa2552a0c Environment-variable access.
repo/packages/model-runtime/src/providers/azureOpenai/index.test.ts:436
        process.env.DEBUG_AZURE_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8f79d127b4eb71ff Environment-variable access.
repo/packages/model-runtime/src/providers/azureOpenai/index.test.ts:451
        delete process.env.DEBUG_AZURE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6318c316817ea390 Environment-variable access.
repo/packages/model-runtime/src/providers/azureOpenai/index.ts:19
const azureSearchContextSize = process.env.OPENAI_SEARCH_CONTEXT_SIZE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90f105cab07a162a Environment-variable access.
repo/packages/model-runtime/src/providers/azureOpenai/index.ts:141
    chatCompletion: () => process.env.DEBUG_AZURE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dbc3c03832e6e40 Environment-variable access.
repo/packages/model-runtime/src/providers/azureOpenai/index.ts:142
    responses: () => process.env.DEBUG_AZURE_RESPONSES === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1c9c0fdb7736ea8a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/azureai/index.ts:67
      const response = this.client.path('/chat/completions').post({
        body: {
          messages: updatedMessages as OpenAI.ChatCompletionMessageParam[],
          model,
          ...params,
          stream: enableStreaming,
          temperature: model.includes('o3') || model.includes('o4') ? undefined : temperature,
          tool_choice: params.tools ? 'auto' : undefined,
          top_p: model.includes('o3') || model.includes('o4') ? undefined : top_p,
        },
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3d428d22d8d0c825 Environment-variable access.
repo/packages/model-runtime/src/providers/azureai/index.ts:115
        if (process.env.DEBUG_AZURE_AI_CHAT_COMPLETION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c6ac144dcbe3a812 Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.test.ts:45
      delete process.env.DEBUG_BAICHUAN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c843fce50cd5e756 Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.test.ts:51
      process.env.DEBUG_BAICHUAN_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59e0bb3fc9617ac1 Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.test.ts:54
      delete process.env.DEBUG_BAICHUAN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e9a0d8deb713dc37 Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.test.ts:110
      delete process.env.BAICHUAN_SEARCH_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #55b5d33f8fdba00c Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.test.ts:124
      process.env.BAICHUAN_SEARCH_MODE = 'quality_first';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #26ac5c96af5f58fb Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.test.ts:136
      delete process.env.BAICHUAN_SEARCH_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3c1c1f4691d73b5 Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.ts:30
                search_mode: process.env.BAICHUAN_SEARCH_MODE || 'performance_first', // performance_first or quality_first

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0203f37fd77646b0 Environment-variable access.
repo/packages/model-runtime/src/providers/baichuan/index.ts:56
    chatCompletion: () => process.env.DEBUG_BAICHUAN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bece60f190c1b76e Environment-variable access.
repo/packages/model-runtime/src/providers/bailianCodingPlan/index.ts:45
    chatCompletion: () => process.env.DEBUG_BAILIAN_CODING_PLAN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5412b9ab4be66016 Environment-variable access.
repo/packages/model-runtime/src/providers/bedrock/index.test.ts:569
        process.env.DEBUG_BEDROCK_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b2c31a083a812745 Environment-variable access.
repo/packages/model-runtime/src/providers/bedrock/index.test.ts:583
        delete process.env.DEBUG_BEDROCK_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8cd640ae8192739f Environment-variable access.
repo/packages/model-runtime/src/providers/bedrock/index.test.ts:973
        process.env.DEBUG_BEDROCK_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #af0d4f0d83e86f62 Environment-variable access.
repo/packages/model-runtime/src/providers/bedrock/index.test.ts:987
        delete process.env.DEBUG_BEDROCK_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e67fba5b9a127111 Environment-variable access.
repo/packages/model-runtime/src/providers/bedrock/index.ts:372
      if (process.env.DEBUG_BEDROCK_CHAT_COMPLETION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #078cbfb5efc659e3 Environment-variable access.
repo/packages/model-runtime/src/providers/bedrock/index.ts:433
      if (process.env.DEBUG_BEDROCK_CHAT_COMPLETION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7f047ecabd165a96 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/bfl/createImage.ts:121
  const response = await fetch(url, {
    body: JSON.stringify(payload),
    headers: {
      'Content-Type': 'application/json',
      'x-key': options.apiKey,
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9b7b16112b4aa182 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/bfl/createImage.ts:158
  const response = await fetch(pollingUrl, {
    headers: {
      'accept': 'application/json',
      'x-key': options.apiKey,
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #57c31bfcf976412e Environment-variable access.
repo/packages/model-runtime/src/providers/cerebras/index.test.ts:66
      delete process.env.DEBUG_CEREBRAS_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #34bfb98db4d6fe89 Environment-variable access.
repo/packages/model-runtime/src/providers/cerebras/index.test.ts:72
      process.env.DEBUG_CEREBRAS_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b03fd35160173405 Environment-variable access.
repo/packages/model-runtime/src/providers/cerebras/index.test.ts:78
      process.env.DEBUG_CEREBRAS_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d06ac0b058f3c8b9 Environment-variable access.
repo/packages/model-runtime/src/providers/cerebras/index.test.ts:84
      process.env.DEBUG_CEREBRAS_CHAT_COMPLETION = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #286a45e86480c350 Environment-variable access.
repo/packages/model-runtime/src/providers/cerebras/index.ts:25
    chatCompletion: () => process.env.DEBUG_CEREBRAS_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f5e3ea8d42648170 Environment-variable access.
repo/packages/model-runtime/src/providers/cloudflare/index.test.ts:255
      const originalDebugValue = process.env.DEBUG_CLOUDFLARE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #82ee54b97408f517 Environment-variable access.
repo/packages/model-runtime/src/providers/cloudflare/index.test.ts:257
      process.env.DEBUG_CLOUDFLARE_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b42fb177bb8aad81 Environment-variable access.
repo/packages/model-runtime/src/providers/cloudflare/index.test.ts:271
      process.env.DEBUG_CLOUDFLARE_CHAT_COMPLETION = originalDebugValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #af791de87fe7466e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/cloudflare/index.ts:93
      response = await fetch(url, {
        body: JSON.stringify({ tools: functions, ...restPayload }),
        headers: { 'Content-Type': 'application/json', ...headers },
        method: 'POST',
        signal: options?.signal,
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #841e44657b471248 Environment-variable access.
repo/packages/model-runtime/src/providers/cloudflare/index.ts:136
    if (process.env.DEBUG_CLOUDFLARE_CHAT_COMPLETION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4dc2138a320f8b6b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/cloudflare/index.ts:156
    const response = await fetch(url, {
      headers: {
        'Authorization': `Bearer ${this.apiKey}`,
        'Content-Type': 'application/json',
      },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #b758618f504ccc40 Environment-variable access.
repo/packages/model-runtime/src/providers/cohere/index.test.ts:44
      delete process.env.DEBUG_COHERE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #93c4e09c2406ae09 Environment-variable access.
repo/packages/model-runtime/src/providers/cohere/index.test.ts:50
      process.env.DEBUG_COHERE_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5bd10c182011b39f Environment-variable access.
repo/packages/model-runtime/src/providers/cohere/index.test.ts:53
      delete process.env.DEBUG_COHERE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6272e142769b9f39 Environment-variable access.
repo/packages/model-runtime/src/providers/cohere/index.ts:42
    chatCompletion: () => process.env.DEBUG_COHERE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d609e8b984553157 Environment-variable access.
repo/packages/model-runtime/src/providers/cometapi/index.test.ts:49
      delete process.env.DEBUG_COMETAPI_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dc36df19eccffabe Environment-variable access.
repo/packages/model-runtime/src/providers/cometapi/index.test.ts:55
      process.env.DEBUG_COMETAPI_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3e7d4d0932dc0189 Environment-variable access.
repo/packages/model-runtime/src/providers/cometapi/index.test.ts:58
      delete process.env.DEBUG_COMETAPI_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bba3dda4a0c3e98 Environment-variable access.
repo/packages/model-runtime/src/providers/cometapi/index.ts:27
    chatCompletion: () => process.env.DEBUG_COMETAPI_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d55768a1eabf09e1 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:49
      const originalEnv = process.env.COMFYUI_DEFAULT_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8c60d6f8581ddfd9 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:50
      process.env.COMFYUI_DEFAULT_URL = 'https://env.comfyui.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #005d1817825f44f2 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:58
        delete process.env.COMFYUI_DEFAULT_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #42c2a52fa5b559a9 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:60
        process.env.COMFYUI_DEFAULT_URL = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #04d91cd67be75a02 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:202
      const originalInternalAppUrl = process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0fb57ab8e357e8ba Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:203
      const originalAppUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #283b221826106196 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:204
      delete process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4a6bbeff653d5d84 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:205
      process.env.APP_URL = 'http://localhost:3010';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #92fefab60e7b6618 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:237
        delete process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a7082fe38584aeed Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:239
        process.env.INTERNAL_APP_URL = originalInternalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a247ba8882c7f91f Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:242
        delete process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e20a303ee59b6a92 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:244
        process.env.APP_URL = originalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #762c4b56367b5fbb Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:261
      const originalInternalAppUrl = process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7157a5541ceb813f Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:262
      const originalAppUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3c6709a315dc377d Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:263
      process.env.INTERNAL_APP_URL = 'http://internal-service:3210';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ac28e79886109415 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:264
      process.env.APP_URL = 'https://public.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #27e3295a714174b4 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:274
        delete process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fa36c80270831593 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:276
        process.env.INTERNAL_APP_URL = originalInternalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2e80d964c54ad8c2 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:279
        delete process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3f3b17ab83150ad7 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:281
        process.env.APP_URL = originalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f544372dec90a41f Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:300
      const originalInternalAppUrl = process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #baa20c4c786d9efe Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:301
      const originalAppUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #62382efb97ad28fc Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:302
      const originalPort = process.env.PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1baee1cf8daf7599 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:303
      delete process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #678660aa66e8021e Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:304
      delete process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #21883fd926cdde34 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:305
      process.env.PORT = '3000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8dca31691ea8557a Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:317
        process.env.INTERNAL_APP_URL = originalInternalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e28c5fc2361334e3 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:320
        process.env.APP_URL = originalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9f746b85c752b848 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:323
        delete process.env.PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #abf9bf593286febd Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:325
        process.env.PORT = originalPort;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8af5436c5f472104 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:344
      const originalInternalAppUrl = process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #99a4c6e133f26c5d Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:345
      const originalAppUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d734ba19868e7c04 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:346
      const originalPort = process.env.PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b1567f224669cf67 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:347
      delete process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #54830b708c12156e Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:348
      delete process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #513d9b2f7334dd21 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:349
      delete process.env.PORT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4507cde95272e3f3 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:361
        process.env.INTERNAL_APP_URL = originalInternalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #62f8abeefebd3355 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:364
        process.env.APP_URL = originalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #19f84ce1e7f22619 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/__tests__/index.test.ts:367
        process.env.PORT = originalPort;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f46ba3c08cedbc7 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:28
    this.baseURL = options.baseURL || process.env.COMFYUI_DEFAULT_URL || 'http://localhost:8188';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43d93e96df79184f Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:76
      const isInVercel = process.env.VERCEL === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88b1445f9a9fcdd0 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:77
      const vercelUrl = `https://${process.env.VERCEL_URL}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de5f135232b1b416 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:79
        process.env.INTERNAL_APP_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2e2681b8bfca438 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:80
        process.env.APP_URL ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07ec51b48a2b6fbc Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:81
        (isInVercel ? vercelUrl : `http://localhost:${process.env.PORT || 3010}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a2b54f1df1991c2 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:90
      if (process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f1b4c29be6101d1 Environment-variable access.
repo/packages/model-runtime/src/providers/comfyui/index.ts:96
      const keyVaultSecret = process.env.KEY_VAULTS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #171418e8c24ef4d8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/comfyui/index.ts:101
      const response = await fetch(`${appUrl}/webapi/create-image/comfyui`, {
        body: JSON.stringify({
          model: payload.model,
          options: this.options,
          params: payload.params,
        }),
        headers,
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #6db0d1496c43d560 Environment-variable access.
repo/packages/model-runtime/src/providers/deepseek/__tests__/index.test.ts:158
    delete process.env.DEBUG_DEEPSEEK_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #14ea0562b6413121 Environment-variable access.
repo/packages/model-runtime/src/providers/deepseek/__tests__/index.test.ts:164
    process.env.DEBUG_DEEPSEEK_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #be6dafef77b415be Environment-variable access.
repo/packages/model-runtime/src/providers/deepseek/__tests__/index.test.ts:167
    delete process.env.DEBUG_DEEPSEEK_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1dbcc553b09ba5b9 Environment-variable access.
repo/packages/model-runtime/src/providers/deepseek/index.ts:46
    chatCompletion: () => process.env.DEBUG_DEEPSEEK_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adcb4beb563c8ed3 Environment-variable access.
repo/packages/model-runtime/src/providers/deepseek/index.ts:64
    chatCompletion: () => process.env.DEBUG_DEEPSEEK_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2dd0268360496468 Environment-variable access.
repo/packages/model-runtime/src/providers/fireworksai/index.test.ts:40
      delete process.env.DEBUG_FIREWORKSAI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7f9acb4a6248d3d7 Environment-variable access.
repo/packages/model-runtime/src/providers/fireworksai/index.test.ts:44
      process.env.DEBUG_FIREWORKSAI_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #609790a6debe7696 Environment-variable access.
repo/packages/model-runtime/src/providers/fireworksai/index.test.ts:48
      delete process.env.DEBUG_FIREWORKSAI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1e1be3502f18af8 Environment-variable access.
repo/packages/model-runtime/src/providers/fireworksai/index.ts:17
    chatCompletion: () => process.env.DEBUG_FIREWORKSAI_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #11cde23917586dd1 Environment-variable access.
repo/packages/model-runtime/src/providers/giteeai/index.test.ts:55
      delete process.env.DEBUG_GITEE_AI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1d674939ad9f6b26 Environment-variable access.
repo/packages/model-runtime/src/providers/giteeai/index.test.ts:61
      process.env.DEBUG_GITEE_AI_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #baf7b79c5c73153e Environment-variable access.
repo/packages/model-runtime/src/providers/giteeai/index.test.ts:67
      process.env.DEBUG_GITEE_AI_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fb80ed39b8a6d423 Environment-variable access.
repo/packages/model-runtime/src/providers/giteeai/index.test.ts:73
      process.env.DEBUG_GITEE_AI_CHAT_COMPLETION = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2700ffa8df17bf6f Environment-variable access.
repo/packages/model-runtime/src/providers/giteeai/index.ts:14
    chatCompletion: () => process.env.DEBUG_GITEE_AI_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #44037c636cb72b9d Environment-variable access.
repo/packages/model-runtime/src/providers/github/index.test.ts:48
      delete process.env.DEBUG_GITHUB_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7c6a95d2a3b11a17 Environment-variable access.
repo/packages/model-runtime/src/providers/github/index.test.ts:54
      process.env.DEBUG_GITHUB_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3239e83c43f2d57e Environment-variable access.
repo/packages/model-runtime/src/providers/github/index.test.ts:57
      delete process.env.DEBUG_GITHUB_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5ba0638f8f48acbb Environment-variable access.
repo/packages/model-runtime/src/providers/github/index.test.ts:61
      process.env.DEBUG_GITHUB_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #73a07aed2e86f008 Environment-variable access.
repo/packages/model-runtime/src/providers/github/index.test.ts:64
      delete process.env.DEBUG_GITHUB_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1bfcf83ad409951 Environment-variable access.
repo/packages/model-runtime/src/providers/github/index.ts:47
    chatCompletion: () => process.env.DEBUG_GITHUB_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #96673479e726e269 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/github/index.ts:54
    const response = await fetch('https://models.github.ai/catalog/models');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #22a2c1b7b25722ec Environment-variable access.
repo/packages/model-runtime/src/providers/githubCopilot/index.test.ts:389
      process.env.DEBUG_GITHUBCOPILOT_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #290afd225806765d Environment-variable access.
repo/packages/model-runtime/src/providers/githubCopilot/index.test.ts:411
      delete process.env.DEBUG_GITHUBCOPILOT_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8325331d38331560 Environment-variable access.
repo/packages/model-runtime/src/providers/githubCopilot/index.test.ts:436
      process.env.DEBUG_GITHUBCOPILOT_RESPONSES = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fa8dba2399d07e62 Environment-variable access.
repo/packages/model-runtime/src/providers/githubCopilot/index.test.ts:458
      delete process.env.DEBUG_GITHUBCOPILOT_RESPONSES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75e0c4b4466ff6ba Environment-variable access.
repo/packages/model-runtime/src/providers/githubCopilot/index.ts:32
  chatCompletion: () => process.env.DEBUG_GITHUBCOPILOT_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4988bcdfbed54ac5 Environment-variable access.
repo/packages/model-runtime/src/providers/githubCopilot/index.ts:33
  responses: () => process.env.DEBUG_GITHUBCOPILOT_RESPONSES === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5919a2cd88362a69 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/githubCopilot/index.ts:79
    const response = await fetch(TOKEN_EXCHANGE_URL, {
      headers: {
        'Accept': 'application/json',
        'Authorization': `Token ${githubToken}`,
        'User-Agent': 'LobeChat/1.0',
      },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b0c731f85f464265 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/githubCopilot/index.ts:402
        const response = await fetch(`${COPILOT_BASE_URL}/models`, {
          headers: {
            'Accept': 'application/json',
            'Authorization': `Bearer ${bearerToken}`,
            'Copilot-Integration-Id': 'vscode-chat',
            'Editor-Plugin-Version': 'LobeChat/1.0',
            'Editor-Version': 'LobeChat/1.0',
          },
          method: 'GET',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f0630dd432157976 Environment-variable access.
repo/packages/model-runtime/src/providers/glmCodingPlan/index.ts:28
    chatCompletion: () => process.env.DEBUG_GLM_CODING_PLAN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1a0d500ba081864f Environment-variable access.
repo/packages/model-runtime/src/providers/google/index.test.ts:163
      process.env.DEBUG_GOOGLE_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #86c780f6a5caacbc Environment-variable access.
repo/packages/model-runtime/src/providers/google/index.test.ts:188
      delete process.env.DEBUG_GOOGLE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5b0b925adcaaf30 Environment-variable access.
repo/packages/model-runtime/src/providers/google/index.ts:230
      if (process.env[key] === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fa44b127478f5dc Environment-variable access.
repo/packages/model-runtime/src/providers/google/index.ts:240
      if (process.env[key] === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a84b28f82752659e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/google/index.ts:471
      const response = await fetch(url, {
        headers: {
          'x-goog-api-key': this.apiKey!,
        },
        method: 'GET',
        signal: options?.signal,
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #6a1ecc199d182b46 Environment-variable access.
repo/packages/model-runtime/src/providers/groq/index.test.ts:487
      delete process.env.DEBUG_GROQ_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #49b21be5544bab7c Environment-variable access.
repo/packages/model-runtime/src/providers/groq/index.test.ts:493
      process.env.DEBUG_GROQ_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #22f80d95d920b459 Environment-variable access.
repo/packages/model-runtime/src/providers/groq/index.test.ts:496
      delete process.env.DEBUG_GROQ_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0870fa41de14ce1 Environment-variable access.
repo/packages/model-runtime/src/providers/groq/index.ts:82
    chatCompletion: () => process.env.DEBUG_GROQ_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3fcb5cbbbf4c9e5 Environment-variable access.
repo/packages/model-runtime/src/providers/higress/index.ts:27
    chatCompletion: () => process.env.DEBUG_HIGRESS_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2fc08e260267e05e Environment-variable access.
repo/packages/model-runtime/src/providers/huggingface/index.test.ts:78
      delete process.env.DEBUG_HUGGINGFACE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ef66de04e4134c21 Environment-variable access.
repo/packages/model-runtime/src/providers/huggingface/index.test.ts:84
      process.env.DEBUG_HUGGINGFACE_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #df63621cfa7ab773 Environment-variable access.
repo/packages/model-runtime/src/providers/huggingface/index.test.ts:87
      delete process.env.DEBUG_HUGGINGFACE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #16fe7f483a878264 Environment-variable access.
repo/packages/model-runtime/src/providers/huggingface/index.test.ts:91
      process.env.DEBUG_HUGGINGFACE_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #21ba69d19c7bc96c Environment-variable access.
repo/packages/model-runtime/src/providers/huggingface/index.test.ts:94
      delete process.env.DEBUG_HUGGINGFACE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #299d2e9c46d94d05 Environment-variable access.
repo/packages/model-runtime/src/providers/huggingface/index.ts:54
    chatCompletion: () => process.env.DEBUG_HUGGINGFACE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e71c10a6f63fe059 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/huggingface/index.ts:57
    const response = await fetch('https://router.huggingface.co/v1/models');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #116e9d6e3db0655b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/hunyuan/createImage.ts:76
      const submitResponse = await fetch(submitUrl, {
        body: JSON.stringify(requestBody),
        headers: {
          'Authorization': `Bearer ${apiKey}`,
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #59018c9d0d83e23d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/hunyuan/createImage.ts:129
    const submitResponse = await fetch(submitUrl, {
      body: JSON.stringify(requestBody),
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #24f240036a12d1d8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/hunyuan/createImage.ts:238
        const queryResponse = await fetch(queryUrl, {
          body: JSON.stringify({ model, id: jobId }),
          headers: {
            'Authorization': `Bearer ${apiKey}`,
            'Content-Type': 'application/json',
          },
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7993d538031c8ec4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/hunyuan/createVideo.ts:79
  const submitResponse = await fetch(submitUrl, {
    body: JSON.stringify(requestBody),
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #54e436fb9fd9e7e9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/hunyuan/createVideo.ts:140
  const response = await fetch(queryUrl, {
    body: JSON.stringify(queryBody),
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #9df88d5f05b29b3a Environment-variable access.
repo/packages/model-runtime/src/providers/hunyuan/index.test.ts:51
      delete process.env.DEBUG_HUNYUAN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #06f04c2afe9f814e Environment-variable access.
repo/packages/model-runtime/src/providers/hunyuan/index.test.ts:57
      process.env.DEBUG_HUNYUAN_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #390660814f1eb961 Environment-variable access.
repo/packages/model-runtime/src/providers/hunyuan/index.test.ts:60
      delete process.env.DEBUG_HUNYUAN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d1626a57f30d9f7c Environment-variable access.
repo/packages/model-runtime/src/providers/hunyuan/index.test.ts:144
      process.env.HUNYUAN_ENABLE_SPEED_SEARCH = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59ae6d4bce8950e2 Environment-variable access.
repo/packages/model-runtime/src/providers/hunyuan/index.test.ts:156
      delete process.env.HUNYUAN_ENABLE_SPEED_SEARCH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fc2863282809e62 Environment-variable access.
repo/packages/model-runtime/src/providers/hunyuan/index.ts:56
          enable_speed_search: process.env.HUNYUAN_ENABLE_SPEED_SEARCH === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d6717eb10b603cb3 Environment-variable access.
repo/packages/model-runtime/src/providers/hunyuan/index.ts:69
    chatCompletion: () => process.env.DEBUG_HUNYUAN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc6a06217c46d075 Environment-variable access.
repo/packages/model-runtime/src/providers/infiniai/index.ts:24
    chatCompletion: () => process.env.DEBUG_INFINIAI_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9976343035af99d3 Environment-variable access.
repo/packages/model-runtime/src/providers/internlm/index.test.ts:43
      delete process.env.DEBUG_INTERNLM_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ce598c3782c78595 Environment-variable access.
repo/packages/model-runtime/src/providers/internlm/index.test.ts:49
      process.env.DEBUG_INTERNLM_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1edc7dddfae86af7 Environment-variable access.
repo/packages/model-runtime/src/providers/internlm/index.test.ts:52
      delete process.env.DEBUG_INTERNLM_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3610455be39acfba Environment-variable access.
repo/packages/model-runtime/src/providers/internlm/index.ts:26
    chatCompletion: () => process.env.DEBUG_INTERNLM_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fbcbebe8e7ed0adf Environment-variable access.
repo/packages/model-runtime/src/providers/jina/index.test.ts:40
      delete process.env.DEBUG_JINA_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #945548377a3f199b Environment-variable access.
repo/packages/model-runtime/src/providers/jina/index.test.ts:44
      process.env.DEBUG_JINA_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0e111ccc22c8b8c0 Environment-variable access.
repo/packages/model-runtime/src/providers/jina/index.test.ts:48
      delete process.env.DEBUG_JINA_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d3f3a0300505fb1 Environment-variable access.
repo/packages/model-runtime/src/providers/jina/index.ts:14
    chatCompletion: () => process.env.DEBUG_JINA_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5e25a1f5e7283030 Environment-variable access.
repo/packages/model-runtime/src/providers/kimiCodingPlan/index.test.ts:549
      const originalDebugValue = process.env.DEBUG_KIMI_CODING_PLAN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #84e5504adce7afc4 Environment-variable access.
repo/packages/model-runtime/src/providers/kimiCodingPlan/index.test.ts:551
      process.env.DEBUG_KIMI_CODING_PLAN_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bc2acb15b0f2e51b Environment-variable access.
repo/packages/model-runtime/src/providers/kimiCodingPlan/index.test.ts:565
      process.env.DEBUG_KIMI_CODING_PLAN_CHAT_COMPLETION = originalDebugValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76f82b02023becbc Environment-variable access.
repo/packages/model-runtime/src/providers/kimiCodingPlan/index.ts:105
    chatCompletion: () => process.env.DEBUG_KIMI_CODING_PLAN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7b6aa8f3c18e5e94 Environment-variable access.
repo/packages/model-runtime/src/providers/lmstudio/index.test.ts:47
      delete process.env.DEBUG_LMSTUDIO_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #375970a825ca6306 Environment-variable access.
repo/packages/model-runtime/src/providers/lmstudio/index.test.ts:52
      process.env.DEBUG_LMSTUDIO_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e8e119fc09f2842a Environment-variable access.
repo/packages/model-runtime/src/providers/lmstudio/index.test.ts:54
      delete process.env.DEBUG_LMSTUDIO_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5bf418f8336e0e1 Environment-variable access.
repo/packages/model-runtime/src/providers/lmstudio/index.ts:15
    chatCompletion: () => process.env.DEBUG_LMSTUDIO_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5743bcda08697f7 Environment-variable access.
repo/packages/model-runtime/src/providers/longcat/index.ts:30
    chatCompletion: () => process.env.DEBUG_LONGCAT_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5e98dd1faed9a1e1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/minimax/createImage.ts:56
    const response = await fetch(endpoint, {
      body: JSON.stringify(requestBody),
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f37186a874d80517 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:53
  const response = await fetch(urlWithParams.toString(), {
    headers: {
      Authorization: `Bearer ${options.apiKey}`,
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d31c291e761fb191 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:76
  const response = await fetch(urlWithParams.toString(), {
    headers: {
      Authorization: `Bearer ${options.apiKey}`,
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6f8ecc88c666a83f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/minimax/createVideo.ts:174
  const response = await fetch(`${baseURL}/video_generation`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #4582ab71313fdb3b Environment-variable access.
repo/packages/model-runtime/src/providers/minimax/index.ts:298
    chatCompletion: () => process.env.DEBUG_MINIMAX_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bae5d0a2f94f6f2b Environment-variable access.
repo/packages/model-runtime/src/providers/minimax/index.ts:319
    chatCompletion: () => process.env.DEBUG_MINIMAX_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e75fceea51b75d1f Environment-variable access.
repo/packages/model-runtime/src/providers/minimaxCodingPlan/index.ts:28
    chatCompletion: () => process.env.DEBUG_MINIMAX_CODING_PLAN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e3b44d8b5a1652f0 Environment-variable access.
repo/packages/model-runtime/src/providers/mistral/index.test.ts:39
      delete process.env.DEBUG_MISTRAL_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5bee60e01651c092 Environment-variable access.
repo/packages/model-runtime/src/providers/mistral/index.test.ts:45
      process.env.DEBUG_MISTRAL_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1afc76cf29e0666b Environment-variable access.
repo/packages/model-runtime/src/providers/mistral/index.test.ts:48
      delete process.env.DEBUG_MISTRAL_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef8668d2ae254a5f Environment-variable access.
repo/packages/model-runtime/src/providers/mistral/index.ts:59
    chatCompletion: () => process.env.DEBUG_MISTRAL_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9519738337aa15db Environment-variable access.
repo/packages/model-runtime/src/providers/modelscope/index.test.ts:44
      delete process.env.DEBUG_MODELSCOPE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fd7c842f0bd01a70 Environment-variable access.
repo/packages/model-runtime/src/providers/modelscope/index.test.ts:50
      process.env.DEBUG_MODELSCOPE_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ef451213881b334c Environment-variable access.
repo/packages/model-runtime/src/providers/modelscope/index.test.ts:56
      process.env.DEBUG_MODELSCOPE_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de9d9d3248e2ba2f Environment-variable access.
repo/packages/model-runtime/src/providers/modelscope/index.ts:17
    chatCompletion: () => process.env.DEBUG_MODELSCOPE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #690a39e6a69ab180 Environment-variable access.
repo/packages/model-runtime/src/providers/moonshot/index.test.ts:140
      delete process.env.DEBUG_MOONSHOT_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a22762f764be634d Environment-variable access.
repo/packages/model-runtime/src/providers/moonshot/index.test.ts:146
      process.env.DEBUG_MOONSHOT_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59572d54b57db902 Environment-variable access.
repo/packages/model-runtime/src/providers/moonshot/index.test.ts:149
      delete process.env.DEBUG_MOONSHOT_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aed94392de9720db Environment-variable access.
repo/packages/model-runtime/src/providers/moonshot/index.ts:297
    chatCompletion: () => process.env.DEBUG_MOONSHOT_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #473c9ab94841d959 Environment-variable access.
repo/packages/model-runtime/src/providers/moonshot/index.ts:314
    chatCompletion: () => process.env.DEBUG_MOONSHOT_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #21f86b7c6498789f Environment-variable access.
repo/packages/model-runtime/src/providers/nebius/index.test.ts:47
      delete process.env.DEBUG_NEBIUS_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8c3fbf8a75cb5f43 Environment-variable access.
repo/packages/model-runtime/src/providers/nebius/index.test.ts:52
      process.env.DEBUG_NEBIUS_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #81d9d095aa4f3667 Environment-variable access.
repo/packages/model-runtime/src/providers/nebius/index.test.ts:54
      delete process.env.DEBUG_NEBIUS_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50ee65052dadbf73 Environment-variable access.
repo/packages/model-runtime/src/providers/nebius/index.ts:25
    chatCompletion: () => process.env.DEBUG_NEBIUS_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4ffd55ed2ca18abb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/nebius/index.ts:31
    const res = await fetch(url, {
      headers: {
        Accept: 'application/json',
        Authorization: `Bearer ${client.apiKey}`,
      },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #71330d390df7489c Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:38
    delete process.env.DEBUG_NEWAPI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #966c203817e071e1 Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:43
    delete process.env.DEBUG_NEWAPI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #438af3b1b09292d0 Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:48
      delete process.env.DEBUG_NEWAPI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6e9abc03e9171c7b Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:49
      const debugResult = process.env.DEBUG_NEWAPI_CHAT_COMPLETION === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #af6684227289f6b7 Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:54
      process.env.DEBUG_NEWAPI_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5d72836250419521 Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:55
      const debugResult = process.env.DEBUG_NEWAPI_CHAT_COMPLETION === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #99611592729f1ad5 Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:683
      delete process.env.DEBUG_NEWAPI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8bde6d3129e0089e Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:689
      process.env.DEBUG_NEWAPI_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #88477667e6efafac Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:692
      delete process.env.DEBUG_NEWAPI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b16351ae79877307 Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:696
      process.env.DEBUG_NEWAPI_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #802229f9f9c6c398 Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.test.ts:699
      delete process.env.DEBUG_NEWAPI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f6c662f6094e1611 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/newapi/index.ts:40
      res = await fetch(`/webapi/models/${encodeURIComponent(providerId)}/pricing`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #afb67b0c33710118 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/newapi/index.ts:49
        return fetch(pricingUrl, { headers });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #05fb86a6436f149c Environment-variable access.
repo/packages/model-runtime/src/providers/newapi/index.ts:76
    chatCompletion: () => process.env.DEBUG_NEWAPI_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e20d98ed5740833 Environment-variable access.
repo/packages/model-runtime/src/providers/novita/index.ts:23
    chatCompletion: () => process.env.DEBUG_NOVITA_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fcf8dc2548092f5f Environment-variable access.
repo/packages/model-runtime/src/providers/nvidia/index.test.ts:235
      process.env.DEBUG_NVIDIA_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1c7124fff6799abd Environment-variable access.
repo/packages/model-runtime/src/providers/nvidia/index.test.ts:238
      delete process.env.DEBUG_NVIDIA_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d9bd174e2f89b191 Environment-variable access.
repo/packages/model-runtime/src/providers/nvidia/index.test.ts:242
      delete process.env.DEBUG_NVIDIA_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc225c9230eeec83 Environment-variable access.
repo/packages/model-runtime/src/providers/nvidia/index.ts:82
    chatCompletion: () => process.env.DEBUG_NVIDIA_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ac973f19ff2f0923 Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.test.ts:303
        const originalDebugValue = process.env.DEBUG_OLLAMA_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2838cff9cf439405 Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.test.ts:304
        process.env.DEBUG_OLLAMA_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #74bade11a1c5a965 Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.test.ts:326
        process.env.DEBUG_OLLAMA_CHAT_COMPLETION = originalDebugValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cea0164e96435a19 Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.test.ts:1041
      delete process.env.DEBUG_OLLAMA_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #74d69e4a8f824e9f Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.test.ts:1047
      process.env.DEBUG_OLLAMA_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #92bdc7126a84f116 Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.test.ts:1050
      delete process.env.DEBUG_OLLAMA_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d363e9cccdfad2e0 Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.ts:34
    chatCompletion: () => process.env.DEBUG_OLLAMA_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06aaef8f4b2de9b0 Environment-variable access.
repo/packages/model-runtime/src/providers/ollama/index.ts:81
      if (process.env.DEBUG_OLLAMA_CHAT_COMPLETION === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a6275598ad8e6a01 Environment-variable access.
repo/packages/model-runtime/src/providers/ollamacloud/index.test.ts:52
      delete process.env.DEBUG_OLLAMA_CLOUD_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d44312323c86e350 Environment-variable access.
repo/packages/model-runtime/src/providers/ollamacloud/index.test.ts:58
      process.env.DEBUG_OLLAMA_CLOUD_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #862ce975f74b3540 Environment-variable access.
repo/packages/model-runtime/src/providers/ollamacloud/index.test.ts:64
      process.env.DEBUG_OLLAMA_CLOUD_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #470af0ce564c0732 Environment-variable access.
repo/packages/model-runtime/src/providers/ollamacloud/index.test.ts:70
      process.env.DEBUG_OLLAMA_CLOUD_CHAT_COMPLETION = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7e57e51642831a3 Environment-variable access.
repo/packages/model-runtime/src/providers/ollamacloud/index.ts:20
    chatCompletion: () => process.env.DEBUG_OLLAMA_CLOUD_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #936ba2cfbcf0c610 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:243
        const originalDebugValue = process.env.DEBUG_OPENAI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f10bcb30a949bbec Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:246
        process.env.DEBUG_OPENAI_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0eebb1b0b25001cc Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:262
        process.env.DEBUG_OPENAI_CHAT_COMPLETION = originalDebugValue;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #58293ef70b50b737 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:540
      delete process.env.DEBUG_OPENAI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #85a3ac7e3b61f807 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:546
      const originalEnv = process.env.DEBUG_OPENAI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8d93a2588a0f46f8 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:547
      process.env.DEBUG_OPENAI_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #80cb8cc11dba344c Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:550
      process.env.DEBUG_OPENAI_CHAT_COMPLETION = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #15082962b2300538 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:554
      delete process.env.DEBUG_OPENAI_RESPONSES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2d5418de2bf1d3c1 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:560
      const originalEnv = process.env.DEBUG_OPENAI_RESPONSES;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #61ccef0afe8b33c8 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:561
      process.env.DEBUG_OPENAI_RESPONSES = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6514372c8fd1c6e8 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.test.ts:564
      process.env.DEBUG_OPENAI_RESPONSES = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e7a78f6ccee29da Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.ts:20
const oaiSearchContextSize = process.env.OPENAI_SEARCH_CONTEXT_SIZE; // low, medium, high

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #518338c803a43f07 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.ts:21
const enableServiceTierFlex = process.env.OPENAI_SERVICE_TIER_FLEX === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c28464c95e58b97 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.ts:67
    chatCompletion: () => process.env.DEBUG_OPENAI_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #769d66c51e38f449 Environment-variable access.
repo/packages/model-runtime/src/providers/openai/index.ts:68
    responses: () => process.env.DEBUG_OPENAI_RESPONSES === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #97a815e20667e97d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/opencodeCodingPlan/index.ts:104
    const res = await fetch(MODELS_DEV_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b82d820d7c2e8375 Environment-variable access.
repo/packages/model-runtime/src/providers/opencodeCodingPlan/index.ts:416
    chatCompletion: () => process.env.DEBUG_OPENCODE_GO_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d11c5e098f2fa7ee Environment-variable access.
repo/packages/model-runtime/src/providers/opencodeCodingPlan/index.ts:429
    chatCompletion: () => process.env.DEBUG_OPENCODE_GO_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4120a452c1fff898 Environment-variable access.
repo/packages/model-runtime/src/providers/opencodeZen/index.ts:26
    chatCompletion: () => process.env.DEBUG_OPENCODE_ZEN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #750f9a507f33d3d9 Environment-variable access.
repo/packages/model-runtime/src/providers/openrouter/index.test.ts:80
      delete process.env.DEBUG_OPENROUTER_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ab024c94b0ba84fd Environment-variable access.
repo/packages/model-runtime/src/providers/openrouter/index.test.ts:86
      process.env.DEBUG_OPENROUTER_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c08ae8b4e812e972 Environment-variable access.
repo/packages/model-runtime/src/providers/openrouter/index.test.ts:89
      delete process.env.DEBUG_OPENROUTER_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #219a1a9fc02c1021 Environment-variable access.
repo/packages/model-runtime/src/providers/openrouter/index.ts:93
    chatCompletion: () => process.env.DEBUG_OPENROUTER_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9106802c6b44c05c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/openrouter/index.ts:96
    const response = await fetch('https://openrouter.ai/api/v1/models');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #56a2bbdf267f7866 Environment-variable access.
repo/packages/model-runtime/src/providers/perplexity/index.ts:42
    chatCompletion: () => process.env.DEBUG_PERPLEXITY_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f142d3b866e83d1 Environment-variable access.
repo/packages/model-runtime/src/providers/ppio/index.ts:15
    chatCompletion: () => process.env.DEBUG_PPIO_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #19b34ed71883a943 Environment-variable access.
repo/packages/model-runtime/src/providers/qiniu/index.test.ts:37
      delete process.env.DEBUG_QINIU_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #be6b908bf2debae2 Environment-variable access.
repo/packages/model-runtime/src/providers/qiniu/index.test.ts:43
      process.env.DEBUG_QINIU_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5d57d2249433ea9c Environment-variable access.
repo/packages/model-runtime/src/providers/qiniu/index.test.ts:46
      delete process.env.DEBUG_QINIU_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #619bbb20392760bf Environment-variable access.
repo/packages/model-runtime/src/providers/qiniu/index.test.ts:50
      process.env.DEBUG_QINIU_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d83bd0ea0659d621 Environment-variable access.
repo/packages/model-runtime/src/providers/qiniu/index.test.ts:53
      delete process.env.DEBUG_QINIU_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49d3041b187d721c Environment-variable access.
repo/packages/model-runtime/src/providers/qiniu/index.ts:11
    chatCompletion: () => process.env.DEBUG_QINIU_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2c622c6609a34ff2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/qwen/createImage.ts:109
  const response = await fetch(url, {
    body: JSON.stringify({
      input,
      model,
      parameters,
    }),
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
      'X-DashScope-Async': 'enable',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ab991753ba253567 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/qwen/createImage.ts:187
  const response = await fetch(endpoint, {
    body: JSON.stringify({
      input: {
        messages: [
          {
            content,
            role: 'user',
          },
        ],
      },
      model,
      parameters,
    }),
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
      'X-DashScope-Async': 'enable',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8a7c4fc3b9369908 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/qwen/createImage.ts:259
  const response = await fetch(endpoint, {
    body: JSON.stringify({
      input: {
        messages: [
          {
            content,
            role: 'user',
          },
        ],
      },
      model,
      parameters: {
        n: 1,
        ...(typeof params.seed === 'number' ? { seed: params.seed } : {}),
        ...(params.promptExtend && { prompt_extend: params.promptExtend }),
        ...(params.watermark && { watermark: params.watermark }),
      },
    }),
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #fd60213056a8c544 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/qwen/createImage.ts:323
  const response = await fetch(endpoint, {
    headers: {
      Authorization: `Bearer ${apiKey}`,
    },
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cd27a1cdd9f151a8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/qwen/createVideo.ts:52
  const response = await fetch(endpoint, {
    headers: {
      Authorization: `Bearer ${apiKey}`,
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a65dfc4257d00c32 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/qwen/createVideo.ts:326
  const response = await fetch(url, {
    body: JSON.stringify({
      input,
      model,
      parameters,
    }),
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
      'X-DashScope-Async': 'enable',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3aaa28f5f26a206f Environment-variable access.
repo/packages/model-runtime/src/providers/qwen/index.ts:114
            search_strategy: process.env.QWEN_SEARCH_STRATEGY || 'standard', // standard or pro

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d69bb09b1492484 Environment-variable access.
repo/packages/model-runtime/src/providers/qwen/index.ts:126
    chatCompletion: () => process.env.DEBUG_QWEN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf1ff933283841ec Environment-variable access.
repo/packages/model-runtime/src/providers/replicate/index.ts:416
      process.env.DEBUG_REPLICATE === '1' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37bfa822f61421e3 Environment-variable access.
repo/packages/model-runtime/src/providers/replicate/index.ts:417
      process.env.DEBUG_REPLICATE_CHAT_COMPLETION === '1' ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdc44b1ae68a3f5a Environment-variable access.
repo/packages/model-runtime/src/providers/replicate/index.ts:418
      process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89efacff4577e429 Environment-variable access.
repo/packages/model-runtime/src/providers/sambanova/index.ts:8
    chatCompletion: () => process.env.DEBUG_SAMBANOVA_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bd76324a7c559ba7 Environment-variable access.
repo/packages/model-runtime/src/providers/search1api/index.test.ts:37
      delete process.env.DEBUG_SEARCH1API_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1431f4f7b74c7d18 Environment-variable access.
repo/packages/model-runtime/src/providers/search1api/index.test.ts:43
      process.env.DEBUG_SEARCH1API_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #13965da57a4f3d1f Environment-variable access.
repo/packages/model-runtime/src/providers/search1api/index.test.ts:46
      delete process.env.DEBUG_SEARCH1API_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50ef44890c7b1617 Environment-variable access.
repo/packages/model-runtime/src/providers/search1api/index.ts:38
    chatCompletion: () => process.env.DEBUG_SEARCH1API_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fa25dd6b54196d3 Environment-variable access.
repo/packages/model-runtime/src/providers/sensenova/index.ts:50
    chatCompletion: () => process.env.DEBUG_SENSENOVA_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #24f70960594469fb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/siliconcloud/createImage.ts:97
  const response = await fetch(endpoint, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f97394c20acc42cd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:38
  const response = await fetch(statusUrl, {
    body: JSON.stringify({ requestId }),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #eeb89a00e68366a3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/siliconcloud/createVideo.ts:123
  const response = await fetch(`${baseURL}/video/submit`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #edea1fc35eace309 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/siliconcloud/index.ts:22
  if (!defaultFetch) return fetch(input, init);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #49608a15da0dcd05 Environment-variable access.
repo/packages/model-runtime/src/providers/siliconcloud/index.ts:142
    chatCompletion: () => process.env.DEBUG_SILICONCLOUD_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #41a885b46ac63bd9 Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:43
      delete process.env.DEBUG_SPARK_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4d04d6b81cc9fe84 Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:49
      process.env.DEBUG_SPARK_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9495e83e4f2b6407 Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:52
      delete process.env.DEBUG_SPARK_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f44fa1bcf1317225 Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:56
      process.env.DEBUG_SPARK_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1f5766b10423ae5d Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:59
      delete process.env.DEBUG_SPARK_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b89fd3f846e438d9 Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:111
      delete process.env.SPARK_SEARCH_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #78dbda34906d3b6c Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:125
      process.env.SPARK_SEARCH_MODE = 'deep';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8d2db4935f7921de Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.test.ts:136
      delete process.env.SPARK_SEARCH_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81dec0003723343f Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.ts:46
                search_mode: process.env.SPARK_SEARCH_MODE || 'normal', // normal or deep

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49c57bd266538338 Environment-variable access.
repo/packages/model-runtime/src/providers/spark/index.ts:67
    chatCompletion: () => process.env.DEBUG_SPARK_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2b33616b5e54c14c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/stepfun/createImage.ts:59
    const res = await fetch(`${baseURL}/images/${endpoint}`, {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json',
      },
      body: JSON.stringify(body),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #5eea481608c77181 Environment-variable access.
repo/packages/model-runtime/src/providers/stepfun/index.test.ts:47
      delete process.env.DEBUG_STEPFUN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #06c698ba23a935ea Environment-variable access.
repo/packages/model-runtime/src/providers/stepfun/index.test.ts:52
      process.env.DEBUG_STEPFUN_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c22df5459aa9c362 Environment-variable access.
repo/packages/model-runtime/src/providers/stepfun/index.test.ts:54
      delete process.env.DEBUG_STEPFUN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #228caee079aab569 Environment-variable access.
repo/packages/model-runtime/src/providers/stepfun/index.ts:38
    chatCompletion: () => process.env.DEBUG_STEPFUN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1758998fee929503 Environment-variable access.
repo/packages/model-runtime/src/providers/straico/index.ts:40
    chatCompletion: () => process.env.DEBUG_STRAICO_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #8eef63938dfce900 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/straico/index.ts:44
    const response = await fetch(url, {
      headers: {
        Authorization: `Bearer ${client.apiKey}`,
      },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #679799cce65ebb2b Environment-variable access.
repo/packages/model-runtime/src/providers/streamlake/index.ts:19
    chatCompletion: () => process.env.DEBUG_STREAMLAKE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32768669c8e660c6 Environment-variable access.
repo/packages/model-runtime/src/providers/superGrok/index.ts:31
    chatCompletion: () => process.env.DEBUG_SUPERGROK_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aab5cd9b2028eced Environment-variable access.
repo/packages/model-runtime/src/providers/superGrok/index.ts:32
    responses: () => process.env.DEBUG_SUPERGROK_RESPONSES === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0883076aa1cd0c3e Environment-variable access.
repo/packages/model-runtime/src/providers/taichu/index.ts:21
    chatCompletion: () => process.env.DEBUG_TAICHU_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a13d10cdd0345888 Environment-variable access.
repo/packages/model-runtime/src/providers/tencentcloud/index.test.ts:40
      delete process.env.DEBUG_TENCENT_CLOUD_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f01c6fc470fd1f69 Environment-variable access.
repo/packages/model-runtime/src/providers/tencentcloud/index.test.ts:44
      process.env.DEBUG_TENCENT_CLOUD_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #635f324f1eabbc6e Environment-variable access.
repo/packages/model-runtime/src/providers/tencentcloud/index.test.ts:48
      delete process.env.DEBUG_TENCENT_CLOUD_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb755ec5f4c11e99 Environment-variable access.
repo/packages/model-runtime/src/providers/tencentcloud/index.ts:14
    chatCompletion: () => process.env.DEBUG_TENCENT_CLOUD_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cb32efb9878f8991 Environment-variable access.
repo/packages/model-runtime/src/providers/togetherai/index.test.ts:47
      delete process.env.DEBUG_TOGETHERAI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a29f2d2696bcffa3 Environment-variable access.
repo/packages/model-runtime/src/providers/togetherai/index.test.ts:51
      process.env.DEBUG_TOGETHERAI_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #71c7fd0d4376ca9f Environment-variable access.
repo/packages/model-runtime/src/providers/togetherai/index.test.ts:55
      delete process.env.DEBUG_TOGETHERAI_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #023392ddc28b9ade Environment-variable access.
repo/packages/model-runtime/src/providers/togetherai/index.ts:17
    chatCompletion: () => process.env.DEBUG_TOGETHERAI_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f22a4baa02360a20 Environment-variable access.
repo/packages/model-runtime/src/providers/upstage/index.ts:8
    chatCompletion: () => process.env.DEBUG_UPSTAGE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4b931fccdc17df70 Environment-variable access.
repo/packages/model-runtime/src/providers/v0/index.test.ts:61
      delete process.env.DEBUG_V0_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4efea858870dcdbd Environment-variable access.
repo/packages/model-runtime/src/providers/v0/index.test.ts:67
      process.env.DEBUG_V0_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59ab54410f8805bc Environment-variable access.
repo/packages/model-runtime/src/providers/v0/index.test.ts:73
      process.env.DEBUG_V0_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #185d12f4dc9393da Environment-variable access.
repo/packages/model-runtime/src/providers/v0/index.test.ts:79
      process.env.DEBUG_V0_CHAT_COMPLETION = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b041dc7d81f9af4e Environment-variable access.
repo/packages/model-runtime/src/providers/v0/index.ts:14
    chatCompletion: () => process.env.DEBUG_V0_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #06c77b69b7110c67 Environment-variable access.
repo/packages/model-runtime/src/providers/vercelaigateway/index.test.ts:51
      delete process.env.DEBUG_VERCELAIGATEWAY_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f80126e2096c5ea5 Environment-variable access.
repo/packages/model-runtime/src/providers/vercelaigateway/index.test.ts:57
      process.env.DEBUG_VERCELAIGATEWAY_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #84a6b98c44e4b5ab Environment-variable access.
repo/packages/model-runtime/src/providers/vercelaigateway/index.test.ts:60
      delete process.env.DEBUG_VERCELAIGATEWAY_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e015064aa86d7f88 Environment-variable access.
repo/packages/model-runtime/src/providers/vercelaigateway/index.test.ts:64
      process.env.DEBUG_VERCELAIGATEWAY_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #010bcd71aa770174 Environment-variable access.
repo/packages/model-runtime/src/providers/vercelaigateway/index.test.ts:67
      delete process.env.DEBUG_VERCELAIGATEWAY_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07fa3cbef1b9d4a4 Environment-variable access.
repo/packages/model-runtime/src/providers/vercelaigateway/index.ts:87
    chatCompletion: () => process.env.DEBUG_VERCELAIGATEWAY_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e136594f138d0f1 Environment-variable access.
repo/packages/model-runtime/src/providers/vllm/index.ts:13
    chatCompletion: () => process.env.DEBUG_VLLM_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e639805c53cdbe8 Environment-variable access.
repo/packages/model-runtime/src/providers/volcengine/index.ts:70
    chatCompletion: () => process.env.DEBUG_VOLCENGINE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a9b2c1f265af2a2 Environment-variable access.
repo/packages/model-runtime/src/providers/volcengine/index.ts:71
    responses: () => process.env.DEBUG_VOLCENGINE_RESPONSES === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #79ff0ada5351769b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/volcengine/video/createVideo.ts:75
  const response = await fetch(`${baseURL}/contents/generations/tasks`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b42a9a219058bd1b Environment-variable access.
repo/packages/model-runtime/src/providers/volcengineCodingPlan/index.ts:28
    chatCompletion: () => process.env.DEBUG_VOLCENGINE_CODING_PLAN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a530115b1906897c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/wenxin/createImage.ts:65
    const response = await fetch(endpoint, {
      body: JSON.stringify(requestBody),
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #80089751e44e8dcf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:35
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4d950f21026b47bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/wenxin/createVideo.ts:134
  const response = await fetch(`${baseURL}/video/generations`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #b480ee47ee1d3343 Environment-variable access.
repo/packages/model-runtime/src/providers/wenxin/index.test.ts:126
      delete process.env.DEBUG_WENXIN_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1429baf9131a2174 Environment-variable access.
repo/packages/model-runtime/src/providers/wenxin/index.test.ts:132
      process.env.DEBUG_WENXIN_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a464711c6012e8c9 Environment-variable access.
repo/packages/model-runtime/src/providers/wenxin/index.test.ts:138
      process.env.DEBUG_WENXIN_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b9d5593368b857b Environment-variable access.
repo/packages/model-runtime/src/providers/wenxin/index.ts:49
    chatCompletion: () => process.env.DEBUG_WENXIN_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #00b2ea35f4ded34d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/xai/createImage.ts:103
    const response = await fetch(endpoint, {
      body: JSON.stringify(requestBody),
      headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b45da5d451ab6c02 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/xai/createVideo.ts:33
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c6d955a318a75b6f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/xai/createVideo.ts:124
  const response = await fetch(`${baseURL}/videos/generations`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bca120a90b2c9ef6 Environment-variable access.
repo/packages/model-runtime/src/providers/xai/index.ts:149
    chatCompletion: () => process.env.DEBUG_XAI_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae07c9df5abc211e Environment-variable access.
repo/packages/model-runtime/src/providers/xai/index.ts:150
    responses: () => process.env.DEBUG_XAI_RESPONSES === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #56e5399ead878238 Environment-variable access.
repo/packages/model-runtime/src/providers/xiaomimimo/index.test.ts:277
      delete process.env.DEBUG_XIAOMIMIMO_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #90f6bb02ece0c379 Environment-variable access.
repo/packages/model-runtime/src/providers/xiaomimimo/index.test.ts:283
      process.env.DEBUG_XIAOMIMIMO_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f47b6bfd1605b094 Environment-variable access.
repo/packages/model-runtime/src/providers/xiaomimimo/index.test.ts:286
      delete process.env.DEBUG_XIAOMIMIMO_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84ca41b44edc4853 Environment-variable access.
repo/packages/model-runtime/src/providers/xiaomimimo/index.ts:107
    chatCompletion: () => process.env.DEBUG_XIAOMIMIMO_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7177a5338c194603 Environment-variable access.
repo/packages/model-runtime/src/providers/xinference/index.ts:18
    chatCompletion: () => process.env.DEBUG_XINFERENCE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4f27a2553dff46cc Environment-variable access.
repo/packages/model-runtime/src/providers/zenmux/index.test.ts:31
    delete process.env.DEBUG_ZENMUX_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #72066f185c334a14 Environment-variable access.
repo/packages/model-runtime/src/providers/zenmux/index.test.ts:36
    delete process.env.DEBUG_ZENMUX_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c5bdb67ba6e54153 Environment-variable access.
repo/packages/model-runtime/src/providers/zenmux/index.test.ts:41
      delete process.env.DEBUG_ZENMUX_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #623c1807d4f9dc59 Environment-variable access.
repo/packages/model-runtime/src/providers/zenmux/index.test.ts:42
      const debugResult = process.env.DEBUG_ZENMUX_CHAT_COMPLETION === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bf368fb7e731dc6b Environment-variable access.
repo/packages/model-runtime/src/providers/zenmux/index.test.ts:47
      process.env.DEBUG_ZENMUX_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #00f141207357bae7 Environment-variable access.
repo/packages/model-runtime/src/providers/zenmux/index.test.ts:48
      const debugResult = process.env.DEBUG_ZENMUX_CHAT_COMPLETION === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #194e5e9ccc3b1487 Environment-variable access.
repo/packages/model-runtime/src/providers/zenmux/index.ts:39
    chatCompletion: () => process.env.DEBUG_ZENMUX_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #414d7441946b5aae Environment-variable access.
repo/packages/model-runtime/src/providers/zeroone/index.test.ts:55
      delete process.env.DEBUG_ZEROONE_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #097a656d389ec6ef Environment-variable access.
repo/packages/model-runtime/src/providers/zeroone/index.test.ts:61
      process.env.DEBUG_ZEROONE_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a9e41704df651614 Environment-variable access.
repo/packages/model-runtime/src/providers/zeroone/index.test.ts:67
      process.env.DEBUG_ZEROONE_CHAT_COMPLETION = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c5219c7d1793b0bb Environment-variable access.
repo/packages/model-runtime/src/providers/zeroone/index.test.ts:73
      process.env.DEBUG_ZEROONE_CHAT_COMPLETION = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38eaf66bbb8429c6 Environment-variable access.
repo/packages/model-runtime/src/providers/zeroone/index.ts:14
    chatCompletion: () => process.env.DEBUG_ZEROONE_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e5cedcde9d91a0b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/zhipu/createImage.ts:37
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a9c2114434f245af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/zhipu/createImage.ts:131
  const response = await fetch(endpoint, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #af2bae20584fc560 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:39
  const response = await fetch(statusUrl, {
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ecab44110b52e397 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/zhipu/createVideo.ts:144
  const response = await fetch(`${baseURL}/videos/generations`, {
    body: JSON.stringify(body),
    headers: {
      'Authorization': `Bearer ${options.apiKey}`,
      'Content-Type': 'application/json',
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #3d3b09d8eaf17a36 Environment-variable access.
repo/packages/model-runtime/src/providers/zhipu/index.test.ts:44
      delete process.env.DEBUG_ZHIPU_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #588208cbf01b912f Environment-variable access.
repo/packages/model-runtime/src/providers/zhipu/index.test.ts:50
      process.env.DEBUG_ZHIPU_CHAT_COMPLETION = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #192fd1a950628320 Environment-variable access.
repo/packages/model-runtime/src/providers/zhipu/index.test.ts:53
      delete process.env.DEBUG_ZHIPU_CHAT_COMPLETION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d17bddfc6e3aebf8 Environment-variable access.
repo/packages/model-runtime/src/providers/zhipu/index.test.ts:112
        process.env.ZHIPU_SEARCH_ENGINE = 'search_pro';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a88f84f43bcef804 Environment-variable access.
repo/packages/model-runtime/src/providers/zhipu/index.test.ts:129
        delete process.env.ZHIPU_SEARCH_ENGINE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c497ad0fc8165b0 Environment-variable access.
repo/packages/model-runtime/src/providers/zhipu/index.ts:85
                search_engine: process.env.ZHIPU_SEARCH_ENGINE || 'search_std', // search_std, search_pro

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da5e5b0f9c6b0dbc Environment-variable access.
repo/packages/model-runtime/src/providers/zhipu/index.ts:215
    chatCompletion: () => process.env.DEBUG_ZHIPU_CHAT_COMPLETION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f60ac2cff052ddbe Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/model-runtime/src/providers/zhipu/index.ts:220
    const response = await fetch(url, {
      headers: {
        'Authorization': `Bearer ${client.apiKey}`,
        'Bigmodel-Organization': 'lobehub',
        'Bigmodel-Project': 'lobechat',
      },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #3b09cc10a32c3dd3 Filesystem access.
repo/packages/model-runtime/src/utils/modelConfigImport.test.ts:13
        readFile(path.resolve(utilsDir, file), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/server

npm first-party
medium pii_flow production #4f66fd77408e505e A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:45 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:48 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:45
      await client.publishJSON({
        body: payload,
        headers: {
          ...(process.env.VERCEL_AUTOMATION_BYPASS_SECRET && {
            'x-vercel-protection-bypass': process.env.VERCEL_AUTOMATION_BYPASS_SECRET,
          }),
        },
        url: resolvedUrl,
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #1161741ee2bb4c87 Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/apps/server/src/services/bot/BotMessageRouter.ts:798 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/bot/BotMessageRouter.ts:780 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/bot/BotMessageRouter.ts:798
        await thread.post(text);

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #aeb99ba27ef62cd2 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/desktopRelease/index.ts:122 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/desktopRelease/index.ts:120 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/desktopRelease/index.ts:122
  const res = await fetch(`https://api.github.com/repos/${owner}/${repo}/releases/latest`, {
    headers: {
      ...(token ? { Authorization: `Bearer ${token}` } : {}),
      'Accept': 'application/vnd.github+json',
      'User-Agent': 'lobehub-server',
    },
    next: { revalidate: 300, tags: [FetchCacheTag.DesktopRelease] },
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #9301a89257ca36e2 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/oauthDeviceFlow/index.ts:105 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/oauthDeviceFlow/index.ts:105 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/oauthDeviceFlow/index.ts:105
    const response = await fetch(config.tokenEndpoint, {
      body: new URLSearchParams({
        client_id: config.clientId,
        device_code: deviceCode,
        grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
      }).toString(),
      headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #b167f55a06d79c0e A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/oauthDeviceFlow/index.ts:169 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/oauthDeviceFlow/index.ts:169 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/oauthDeviceFlow/index.ts:169
    const response = await fetch(config.tokenEndpoint, {
      body: new URLSearchParams({
        client_id: config.clientId,
        grant_type: 'refresh_token',
        refresh_token: refreshToken,
      }).toString(),
      headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #f258a9888e8fdb30 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/oauthDeviceFlow/providers/githubCopilot.ts:55 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/oauthDeviceFlow/providers/githubCopilot.ts:55 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/oauthDeviceFlow/providers/githubCopilot.ts:55
    const response = await fetch(GithubCopilotOAuthService.TOKEN_EXCHANGE_URL, {
      headers: {
        'Accept': 'application/json',
        'Authorization': `token ${oauthToken}`,
        'User-Agent': 'LobeChat/1.0',
      },
      method: 'GET',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #ea6e36af0931f87c A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/anspire/index.ts:71 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/anspire/index.ts:74 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/anspire/index.ts:71
      response = await fetch(`${endpoint}?${searchParams.toString()}`, {
        headers: {
          'Accept': '*/*',
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Connection': 'keep-alive ',
          'Content-Type': 'application/json',
        },
        method: 'GET',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #a48cf7253cc3a191 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/bocha/index.ts:61 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/bocha/index.ts:64 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/bocha/index.ts:61
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #cb64e1ae1942118b A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/brave/index.ts:66 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/brave/index.ts:70 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/brave/index.ts:66
      response = await fetch(`${endpoint}?${searchParams.toString()}`, {
        headers: {
          'Accept': 'application/json',
          'Accept-Encoding': 'gzip',
          'X-Subscription-Token': this.apiKey ? this.apiKey : '',
        },
        method: 'GET',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #9fcfc2ba5a48b4b3 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/exa/index.ts:65 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/exa/index.ts:69 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/exa/index.ts:65
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Content-Type': 'application/json',
          'x-api-key': this.apiKey ? this.apiKey : '',
        },
        method: 'POST',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #afa649a48fc90fba A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/firecrawl/index.ts:66 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/firecrawl/index.ts:69 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/firecrawl/index.ts:66
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #3594d508facf3b8f A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/jina/index.ts:44 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/jina/index.ts:48 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/jina/index.ts:44
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Accept': 'application/json',
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
          'X-Respond-With': 'no-content',
        },
        method: 'POST',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #d6ac99802c1bba3c A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/kagi/index.ts:50 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/kagi/index.ts:52 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/kagi/index.ts:50
      response = await fetch(`${endpoint}?${searchParams.toString()}`, {
        headers: {
          Authorization: this.apiKey ? `Bot ${this.apiKey}` : '',
        },
        method: 'GET',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #f83a6ed0e1884e75 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/search1api/index.ts:82 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/search1api/index.ts:85 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/search1api/index.ts:82
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #d518a984b786353c A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/services/search/impls/tavily/index.ts:60 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/tavily/index.ts:63 → /tmp/closeopen-4_u_15or/repo/apps/server/src/services/search/impls/tavily/index.ts:60
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry production #1850eb20fd5d064c Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/apps/server/src/services/user/index.ts:38
    analytics?.identify(user.id, {
      email: user.email ?? undefined,
      firstName: user.firstName ?? undefined,
      lastName: user.lastName ?? undefined,
      phone: user.phone ?? undefined,
      username: user.username ?? undefined,
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #94e1ac797c6bbd07 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/apps/server/src/services/user/index.ts:45
    analytics?.track({
      name: 'user_register_completed',
      properties: {
        spm: 'user_service.init_user.user_created',
      },
      userId: user.id,
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #c9c827f080195184 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/apps/server/src/workflows/runGuard/qstashCancel.ts:93 · flow /tmp/closeopen-4_u_15or/repo/apps/server/src/workflows/runGuard/qstashCancel.ts:79 → /tmp/closeopen-4_u_15or/repo/apps/server/src/workflows/runGuard/qstashCancel.ts:93
  const response = await fetch(new URL('/v2/workflows/runs', qstashUrl), {
    body: JSON.stringify({ workflowUrl: [workflowUrlPrefix] }),
    headers: {
      'Authorization': `Bearer ${token}`,
      'Content-Type': 'application/json',
    },
    method: 'DELETE',
  });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 376 low-confidence finding(s)
low env_fs production #f230748055c4773c Environment-variable access.
repo/apps/server/src/agent-hono/handlers/finalizeAbandoned.ts:67
      if (process.env.QSTASH_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48b4f4182ea0444f Environment-variable access.
repo/apps/server/src/agent-hono/handlers/gatewayCron.ts:42
    appUrl: process.env.APP_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #355ffebcad182dd4 Environment-variable access.
repo/apps/server/src/agent-hono/handlers/gatewayCron.ts:191
  if (process.env.MESSAGE_GATEWAY_URL && process.env.MESSAGE_GATEWAY_SERVICE_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #526730bc6c1af947 Environment-variable access.
repo/apps/server/src/agent-hono/index.ts:55
  bearerSecretAuth(() => process.env.CRON_SECRET),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #620faac86c015644 Environment-variable access.
repo/apps/server/src/agent-hono/index.ts:62
  bearerSecretAuth(() => process.env.KEY_VAULTS_SECRET),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07790328f5c988e4 Environment-variable access.
repo/apps/server/src/agent-hono/middlewares/qstashOrApiKeyAuth.ts:28
  const apiKey = process.env.AGENT_EXEC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc2d7e26ba886b27 Environment-variable access.
repo/apps/server/src/featureFlags/index.ts:49
  process.env.NODE_ENV === 'development' ? { ...flags, workspace: true } : flags;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3cf908eca53a771e Environment-variable access.
repo/apps/server/src/globalConfig/genServerAiProviderConfig.test.ts:39
        delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dda563c43b7c071c Environment-variable access.
repo/apps/server/src/globalConfig/genServerAiProviderConfig.test.ts:100
    process.env.OPENAI_MODEL_LIST = '+gpt-4,+gpt-3.5-turbo';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2be84f66a56deb90 Environment-variable access.
repo/apps/server/src/globalConfig/genServerAiProviderConfig.test.ts:118
    process.env.CUSTOM_OPENAI_MODELS = '+custom-model';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #43bc7b7eca997ff5 Environment-variable access.
repo/apps/server/src/globalConfig/genServerAiProviderConfig.test.ts:134
    process.env.OPENAI_MODEL_LIST = '+gpt-4->deployment1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2fbfc72704c4f78 Environment-variable access.
repo/apps/server/src/globalConfig/genServerAiProviderConfig.ts:47
        process.env[providerConfig.modelListKey ?? `${providerUpperCase}_MODEL_LIST`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b1e86a9c386ca67 Environment-variable access.
repo/apps/server/src/globalConfig/index.ts:64
      fetchOnClient: isDesktop ? false : !process.env.OLLAMA_PROXY_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a72c47ba66405039 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.test.ts:7
const originalWorkflowParallelism = process.env[WORKFLOW_PARALLELISM_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #612f30280853e562 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.test.ts:12
      delete process.env[WORKFLOW_PARALLELISM_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b77ab00dad059e81 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.test.ts:16
    process.env[WORKFLOW_PARALLELISM_ENV] = originalWorkflowParallelism;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a4310dc13b2eb91c Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.test.ts:20
    delete process.env[WORKFLOW_PARALLELISM_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4ffcb2da1230521a Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.test.ts:26
    process.env[WORKFLOW_PARALLELISM_ENV] = '17';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #05b851db01d92195 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.test.ts:32
    process.env[WORKFLOW_PARALLELISM_ENV] = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #45eb9dee57f6b038 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.test.ts:36
    process.env[WORKFLOW_PARALLELISM_ENV] = 'abc';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32a627ab5feec058 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:107
  const apiKey = process.env.MEMORY_USER_MEMORY_GATEKEEPER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699ea30b209f5db4 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:108
  const baseURL = process.env.MEMORY_USER_MEMORY_GATEKEEPER_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c794a6dfca54eec Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:109
  const model = process.env.MEMORY_USER_MEMORY_GATEKEEPER_MODEL || DEFAULT_MINI_MODEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4702571c3a9a93d Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:110
  const provider = process.env.MEMORY_USER_MEMORY_GATEKEEPER_PROVIDER || DEFAULT_MINI_PROVIDER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a0ff88bc537bbab Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:111
  const language = process.env.MEMORY_USER_MEMORY_GATEKEEPER_LANGUAGE || 'English';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #863af39572cecdb8 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:123
  const model = process.env.MEMORY_USER_MEMORY_BENCHMARK_LOCOMO_AGENT_MODEL || fallback.model;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dc94bdf683f51ed Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:125
    process.env.MEMORY_USER_MEMORY_BENCHMARK_LOCOMO_AGENT_PROVIDER ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec786a85d7229794 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:130
    apiKey: process.env.MEMORY_USER_MEMORY_BENCHMARK_LOCOMO_AGENT_API_KEY ?? fallback.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0838a5d4a96fed17 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:131
    baseURL: process.env.MEMORY_USER_MEMORY_BENCHMARK_LOCOMO_AGENT_BASE_URL ?? fallback.baseURL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36bdb3abdb141101 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:132
    language: process.env.MEMORY_USER_MEMORY_BENCHMARK_LOCOMO_AGENT_LANGUAGE ?? fallback.language,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05bbf8390104d577 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:139
  const apiKey = process.env.MEMORY_USER_MEMORY_LAYER_EXTRACTOR_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #093b1b8ee033c5bc Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:140
  const baseURL = process.env.MEMORY_USER_MEMORY_LAYER_EXTRACTOR_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #567c9b30012c1bed Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:141
  const model = process.env.MEMORY_USER_MEMORY_LAYER_EXTRACTOR_MODEL || fallbackModel;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f291f74a48a8dc0e Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:142
  const provider = process.env.MEMORY_USER_MEMORY_LAYER_EXTRACTOR_PROVIDER || DEFAULT_MINI_PROVIDER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #004e60b17eb5b75e Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:145
    process.env.MEMORY_USER_MEMORY_LAYER_EXTRACTOR_CONTEXT_LIMIT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44b036d8c2035406 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:151
      const override = (process.env as Record<string, string | undefined>)[envKey];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6f135cfe0b02da9 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:176
  const model = process.env.MEMORY_USER_MEMORY_EMBEDDING_MODEL || fallbackModel || defaultModel;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4726a406436b0412 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:178
    process.env.MEMORY_USER_MEMORY_EMBEDDING_PROVIDER ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #480ffd1716df01aa Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:184
    apiKey: process.env.MEMORY_USER_MEMORY_EMBEDDING_API_KEY ?? fallbackApiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74cca6ec12542041 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:185
    baseURL: process.env.MEMORY_USER_MEMORY_EMBEDDING_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04b1f8cba9800f1b Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:188
    contextLimit: parseTokenLimitEnv(process.env.MEMORY_USER_MEMORY_EMBEDDING_CONTEXT_LIMIT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dcc40eac5cec761 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:199
  const model = process.env.MEMORY_USER_MEMORY_PERSONA_WRITER_MODEL || fallbackModel;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d22c003afcf8ddc Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:201
    process.env.MEMORY_USER_MEMORY_PERSONA_WRITER_PROVIDER ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28eb7ed48fde38f7 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:206
    apiKey: process.env.MEMORY_USER_MEMORY_PERSONA_WRITER_API_KEY ?? fallbackApiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7946f63db765630e Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:207
    baseURL: process.env.MEMORY_USER_MEMORY_PERSONA_WRITER_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fc1b9b0b69e736a Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:209
    contextLimit: parseTokenLimitEnv(process.env.MEMORY_USER_MEMORY_PERSONA_WRITER_CONTEXT_LIMIT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5bff7b5ebee2db9 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:216
  const accessKeyId = process.env.MEMORY_USER_MEMORY_EXTRACTOR_S3_ACCESS_KEY_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd0213d76653e279 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:217
  const secretAccessKey = process.env.MEMORY_USER_MEMORY_EXTRACTOR_S3_SECRET_ACCESS_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba00aa5c9482542f Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:218
  const bucketName = process.env.MEMORY_USER_MEMORY_EXTRACTOR_S3_BUCKET_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7a19be1edbb5674 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:219
  const region = process.env.MEMORY_USER_MEMORY_EXTRACTOR_S3_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #472cc1b5f737401c Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:220
  const endpoint = process.env.MEMORY_USER_MEMORY_EXTRACTOR_S3_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80a05092a4e51fba Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:221
  const forcePathStyle = process.env.MEMORY_USER_MEMORY_EXTRACTOR_S3_FORCE_PATH_STYLE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fb9f8979c91f7e3 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:222
  const pathPrefix = process.env.MEMORY_USER_MEMORY_EXTRACTOR_S3_PATH_PREFIX;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33f18166e32f355f Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:268
    enableBenchmarkLoCoMo: process.env.MEMORY_USER_MEMORY_FEATURE_FLAG_BENCHMARK_LOCOMO === 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ca0873fcf63adb9 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:270
  const concurrencyRaw = process.env.MEMORY_USER_MEMORY_CONCURRENCY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28d95211e730f84a Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:278
    process.env.MEMORY_USER_MEMORY_WORKFLOW_PROCESS_USER_TOPICS_PARALLELISM,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c32b72caef6b90 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:282
    process.env.MEMORY_USER_MEMORY_WORKFLOW_MAX_TOPICS_PER_USER_PER_RUN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86f3d9fe9e96613f Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:286
  const whitelistUsers = process.env.MEMORY_USER_MEMORY_WHITELIST_USERS?.split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb5855583d1bf631 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:290
  const webhookHeaders = process.env.MEMORY_USER_MEMORY_WEBHOOK_HEADERS?.split(',')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33d25175c9370ba2 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:300
  const upstashWorkflowExtraHeaders = process.env.MEMORY_USER_MEMORY_WORKFLOW_EXTRA_HEADERS?.split(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81071e2a81ed9434 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:313
    process.env.MEMORY_USER_MEMORY_GATEKEEPER_PREFERRED_PROVIDERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c2493acb46a99d1 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:316
    process.env.MEMORY_USER_MEMORY_GATEKEEPER_PREFERRED_MODELS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a91a74710e578efe Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:319
    process.env.MEMORY_USER_MEMORY_EMBEDDING_PREFERRED_PROVIDERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ef571d461a63ef6 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:322
    process.env.MEMORY_USER_MEMORY_EMBEDDING_PREFERRED_MODELS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6be0864070cd968 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:325
    process.env.MEMORY_USER_MEMORY_LAYER_EXTRACTOR_PREFERRED_PROVIDERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31b75f784764ca43 Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:328
    process.env.MEMORY_USER_MEMORY_LAYER_EXTRACTOR_PREFERRED_MODELS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #965d9513888516de Environment-variable access.
repo/apps/server/src/globalConfig/parseMemoryExtractionConfig.ts:348
      baseUrl: process.env.MEMORY_USER_MEMORY_WEBHOOK_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf4d1e4fcf6aaea8 Environment-variable access.
repo/apps/server/src/hono/dev.ts:6
const env = process.env.NODE_ENV || 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0a91b9b9f4cb9ec Environment-variable access.
repo/apps/server/src/hono/dev.ts:31
(process.env as Record<string, string | undefined>).NODE_ENV ||= 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #429494ef619bfe7f Environment-variable access.
repo/apps/server/src/hono/standalone.ts:15
  const parsed = Number.parseInt(process.env.HONO_PORT ?? process.env.PORT ?? '', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f8aa10fabb49d24c Environment-variable access.
repo/apps/server/src/hono/standalone.ts:72
const host = process.env.HONO_HOST || DEFAULT_HOST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0e0d0cc822df88dc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/AgentRuntime/GatewayStreamNotifier.ts:300
      const res = await fetch(urlJoin(this.gatewayUrl, path), {
        body: JSON.stringify(body),
        headers: {
          'Authorization': `Bearer ${this.serviceToken}`,
          'Content-Type': 'application/json',
        },
        method: 'POST',
        signal: controller.signal,
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e2b821733b9bfda7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/AgentRuntime/GatewayStreamNotifier.ts:330
      const res = await fetch(urlJoin(this.gatewayUrl, path), {
        body: JSON.stringify(body),
        headers: {
          'Authorization': `Bearer ${this.serviceToken}`,
          'Content-Type': 'application/json',
        },
        method: 'POST',
        signal: controller.signal,
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4ecfc9a6657a3bd9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/AssistantStore/index.ts:32
      res = await fetch(this.getAgentIndexUrl(locale as any), {
        cache: 'force-cache',
        next: { revalidate: CacheRevalidate.List, tags: [CacheTag.Discover, CacheTag.Assistants] },
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4babbafea2a49c00 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/AssistantStore/index.ts:38
        res = await fetch(this.getAgentIndexUrl(DEFAULT_LANG), {
          cache: 'force-cache',
          next: {
            revalidate: CacheRevalidate.List,
            tags: [CacheTag.Discover, CacheTag.Assistants],
          },
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f62cda65f051dd0b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/AssistantStore/index.ts:89
    let res = await fetch(this.getAgentUrl(identifier, lang), {
      cache: 'force-cache',
      next: {
        revalidate: CacheRevalidate.Details,
        tags: [CacheTag.Discover, CacheTag.Assistants],
      },
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cff4be3590026252 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/AssistantStore/index.ts:97
      res = await fetch(this.getAgentUrl(identifier, DEFAULT_LANG), {
        cache: 'force-cache',
        next: {
          revalidate: CacheRevalidate.Details,
          tags: [CacheTag.Discover, CacheTag.Assistants],
        },
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4a93325f64411a28 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/GitHub/index.ts:151
    const response = await fetch(zipUrl, {
      headers: {
        'User-Agent': this.userAgent,
      },
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9ad1cd8611a3a224 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/GitHub/index.ts:184
    const response = await fetch(rawUrl, {
      headers: {
        'User-Agent': this.userAgent,
      },
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #72011821dcedb9b7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/GitHub/index.ts:210
    const response = await fetch(rawUrl, {
      headers: {
        'User-Agent': this.userAgent,
      },
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #231f6bcbf61fad81 Environment-variable access.
repo/apps/server/src/modules/KeyVaultsEncrypt/index.test.ts:12
    originalSecret = process.env.KEY_VAULTS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59764b111b20f89c Environment-variable access.
repo/apps/server/src/modules/KeyVaultsEncrypt/index.test.ts:13
    process.env.KEY_VAULTS_SECRET = 'Q10pwdq00KXUu9R+c8A8p4PSlIRWi7KwgUophBtkHVk=';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #df6f74955d4b4b12 Environment-variable access.
repo/apps/server/src/modules/KeyVaultsEncrypt/index.test.ts:19
    process.env.KEY_VAULTS_SECRET = originalSecret;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #754f01e8430dfea9 Environment-variable access.
repo/apps/server/src/modules/KeyVaultsEncrypt/index.test.ts:41
    process.env.KEY_VAULTS_SECRET = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #892a836f7149604d Environment-variable access.
repo/apps/server/src/modules/KeyVaultsEncrypt/index.test.ts:52
    process.env.KEY_VAULTS_SECRET = Buffer.from('short').toString('base64');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #35f1db39749b0287 Environment-variable access.
repo/apps/server/src/modules/KeyVaultsEncrypt/index.test.ts:86
      process.env.KEY_VAULTS_SECRET = 'ofQiJCXLF8mYemwfMWLOHoHimlPu91YmLfU7YZ4lreQ=';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8f8a22c9c10283c8 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/apiKeyManager.test.ts:36
      process.env.API_KEY_SELECT_MODE = 'random';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #81164531f94cc771 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/apiKeyManager.test.ts:44
      process.env.API_KEY_SELECT_MODE = 'turn';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #067015a93a4860e9 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/apiKeyManager.test.ts:61
      process.env.API_KEY_SELECT_MODE = 'random';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #872d035d6455c0ca Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/apiKeyManager.test.ts:72
      process.env.API_KEY_SELECT_MODE = 'turn';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2764da254c44f605 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/apiKeyManager.test.ts:95
      process.env.API_KEY_SELECT_MODE = 'random';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a9ffe6f6fa59da8c Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/apiKeyManager.test.ts:107
      process.env.API_KEY_SELECT_MODE = 'turn';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f59d1fdaa37cb5e7 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/apiKeyManager.test.ts:120
      process.env.API_KEY_SELECT_MODE = nanoid();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c0e6af360e0514ff Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/index.test.ts:504
      process.env.OPENAI_PROXY_URL = 'https://proxy.example.com/v1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c5d1361ae050b1e9 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/index.test.ts:514
      process.env.OPENAI_PROXY_URL = 'https://proxy.example.com/v1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c9160f610d995fb Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/index.ts:202
      const baseURL = payload?.baseURL || process.env[`${upperProvider}_PROXY_URL`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7124124f878b125a Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/index.ts:208
      const baseURL = payload?.baseURL || process.env.OLLAMA_PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c88df2e90041cac5 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/index.ts:354
  const rawCredentials = payload.apiKey || process.env.VERTEXAI_CREDENTIALS || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #beb3f2807c583839 Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/index.ts:359
  const projectFromEnv = process.env.VERTEXAI_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #050a258ae6f4258e Environment-variable access.
repo/apps/server/src/modules/ModelRuntime/index.ts:365
    process.env.VERTEXAI_LOCATION ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #055783a52bac6e4b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/PluginStore/index.ts:22
      let res = await fetch(this.getPluginIndexUrl(locale as Locales), {
        next: {
          revalidate: 3600,
        },
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6ed86d8ab10d84d5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/modules/PluginStore/index.ts:28
        res = await fetch(this.getPluginIndexUrl(DEFAULT_LANG), {
          next: {
            revalidate: 3600,
          },
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #669361efe4648071 Environment-variable access.
repo/apps/server/src/routers/async/__tests__/caller.test.ts:173
      const originalEnv = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9968765f178e4401 Environment-variable access.
repo/apps/server/src/routers/async/__tests__/caller.test.ts:174
      process.env.VERCEL_AUTOMATION_BYPASS_SECRET = 'test-bypass-value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d3c723838141cdf0 Environment-variable access.
repo/apps/server/src/routers/async/__tests__/caller.test.ts:186
        process.env.VERCEL_AUTOMATION_BYPASS_SECRET = originalEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #444be4e053f5a11e Environment-variable access.
repo/apps/server/src/routers/async/__tests__/caller.test.ts:188
        delete process.env.VERCEL_AUTOMATION_BYPASS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9ffbfd0cd0206e6e Environment-variable access.
repo/apps/server/src/routers/async/__tests__/caller.test.ts:193
      delete process.env.VERCEL_AUTOMATION_BYPASS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3da3d64659cd28e1 Environment-variable access.
repo/apps/server/src/routers/async/caller.ts:22
  if (process.env.VERCEL_AUTOMATION_BYPASS_SECRET) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f355293014d96d1e Environment-variable access.
repo/apps/server/src/routers/async/caller.ts:23
    headers['x-vercel-protection-bypass'] = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7c03e359dcd6f5ca Environment-variable access.
repo/apps/server/src/routers/lambda/__tests__/integration/aiAgent/execAgent.integration.test.ts:28
process.env.OPENAI_API_KEY = 'sk-test-fake-api-key-for-testing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3965cd4bde145be9 Environment-variable access.
repo/apps/server/src/routers/lambda/__tests__/integration/aiAgent/execAgents.integration.test.ts:23
process.env.OPENAI_API_KEY = 'sk-test-fake-api-key-for-testing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #534826a0209d702a Environment-variable access.
repo/apps/server/src/routers/lambda/__tests__/integration/aiAgent/execGroupAgent.integration.test.ts:24
process.env.OPENAI_API_KEY = 'sk-test-fake-api-key-for-testing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d73e39e0e16315a0 Environment-variable access.
repo/apps/server/src/routers/lambda/__tests__/integration/aiAgent/multiRoundTools.integration.test.ts:25
process.env.OPENAI_API_KEY = 'sk-test-fake-api-key-for-testing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #037f100327c3aead Environment-variable access.
repo/apps/server/src/routers/lambda/__tests__/integration/aiAgent/serverCallAgent.integration.test.ts:28
process.env.OPENAI_API_KEY = 'sk-test-fake-api-key-for-testing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #269f674e768ad77d Environment-variable access.
repo/apps/server/src/routers/lambda/__tests__/integration/aiAgent/serverSubAgent.integration.test.ts:28
process.env.OPENAI_API_KEY = 'sk-test-fake-api-key-for-testing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #143871adabbb3380 Environment-variable access.
repo/apps/server/src/routers/lambda/composio.ts:228
      const callbackUrl = `${process.env.APP_URL || process.env.NEXTAUTH_URL || ''}/api/composio/oauth/callback`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9ac06255ca1c6dac Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:28
          process.env.OPENAI_MODEL_LIST =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9f9bb56617ca3601 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:37
          process.env.OPENAI_MODEL_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b4d369c4b9401952 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:41
          process.env.OPENAI_MODEL_LIST =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #502dc769700d1c27 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:50
          process.env.OPENAI_MODEL_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3c0c02bb5c10afe9 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:54
          process.env.OPENAI_MODEL_LIST =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #807813acb29cd346 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:65
          process.env.OPENAI_MODEL_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #24893d4882dde7cd Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:69
          process.env.OPENAI_MODEL_LIST = '-gpt-4';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #717c9b4f715109e6 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:77
          process.env.OPENAI_MODEL_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ff62c69d102125a8 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:81
          process.env.OPENAI_MODEL_LIST = '+gpt-4-1106-preview';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #13c236b16525bc19 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:91
          process.env.OPENAI_MODEL_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2fb262c2706b2a37 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:95
          process.env.OPENAI_MODEL_LIST = 'model1,model2,model3,model4';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b0c37f7e11e7b206 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:130
          process.env.OPENAI_MODEL_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #27565b38076b38a0 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:136
          process.env.OPENROUTER_MODEL_LIST =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #da9d79df0398229a Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:146
          process.env.OPENROUTER_MODEL_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6deeefdc2a38f374 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:151
        const originalApiKey = process.env.DEEPSEEK_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #63fdc042c84842af Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:152
        delete process.env.DEEPSEEK_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e86678a99be42822 Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:159
          delete process.env.DEEPSEEK_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fc52d200a72cd97f Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:161
          process.env.DEEPSEEK_API_KEY = originalApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #61a659516d12ddcf Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:169
      process.env.DEFAULT_AGENT_CONFIG =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cbfff5c7dc86a09d Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:181
      process.env.DEFAULT_AGENT_CONFIG = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b1a52d23da08745c Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:185
      process.env.DEFAULT_AGENT_CONFIG =

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3462021a2b188c8c Environment-variable access.
repo/apps/server/src/routers/lambda/config/index.test.ts:197
      process.env.DEFAULT_AGENT_CONFIG = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #8e674fd23f092f65 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/exporter.ts:37
  const response = await fetch(REGULAR_FONT_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f0761e450c253c4b Environment-variable access.
repo/apps/server/src/routers/lambda/image/index.ts:143
      if (process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63217a00638892b3 Environment-variable access.
repo/apps/server/src/routers/lambda/market/agent.ts:15
const MARKET_BASE_URL = process.env.MARKET_BASE_URL || 'https://market.lobehub.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3c68b8d9a159e414 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agent.ts:79
    const response = await fetch(userInfoUrl, {
      headers,
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #68bc4e5ce57af11c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agent.ts:171
    const response = await fetch(forkUrl, {
      body: JSON.stringify({
        identifier: item.identifier,
        name: item.name,
        status: item.status,
        versionNumber: item.versionNumber,
        visibility: item.visibility,
      }),
      headers,
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f13191f1da88c989 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agent.ts:535
        const response = await fetch(url, { headers, method: 'GET' });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9358b5b857ea8c0d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agent.ts:589
        const response = await fetch(forkSourceUrl, {
          headers,
          method: 'GET',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #37f7ee7635684548 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agent.ts:647
        const response = await fetch(forksUrl, {
          headers,
          method: 'GET',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8fee09d618378636 Environment-variable access.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:14
const MARKET_BASE_URL = process.env.MARKET_BASE_URL || 'https://market.lobehub.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #01c2b137daa50397 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:71
    const response = await fetch(userInfoUrl, {
      headers,
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #62688914d9fb987f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:262
        const response = await fetch(deprecateUrl, {
          headers,
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4ee7e299bd85082f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:336
        const response = await fetch(forkUrl, {
          body: JSON.stringify({
            identifier: input.identifier,
            name: input.name,
            status: input.status,
            versionNumber: input.versionNumber,
            visibility: input.visibility,
          }),
          headers,
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4ee2f537097e53a7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:424
        const response = await fetch(forkSourceUrl, {
          headers,
          method: 'GET',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f804f7283eccf355 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:482
        const response = await fetch(forksUrl, {
          headers,
          method: 'GET',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3532212674d1be59 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:565
        const response = await fetch(listUrl, {
          headers,
          method: 'GET',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #df65a58157f9e8fb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:652
        const response = await fetch(publishUrl, {
          headers,
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6c7dd28ef7e6e129 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/agentGroup.ts:810
        const response = await fetch(unpublishUrl, {
          headers,
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f7f588bca5782094 Environment-variable access.
repo/apps/server/src/routers/lambda/market/index.ts:707
          secure: process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #623f223f764306d3 Environment-variable access.
repo/apps/server/src/routers/lambda/market/index.ts:716
          secure: process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #58b739b8ee91b991 Environment-variable access.
repo/apps/server/src/routers/lambda/market/socialProfile.ts:10
const MARKET_BASE_URL = process.env.MARKET_BASE_URL || 'https://market.lobehub.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a1b8f54c783f2dc5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/socialProfile.ts:62
            const response = await fetch(`${MARKET_BASE_URL}/api/v1/user/claims`, {
              body: JSON.stringify({
                assetId: Number(skillId),
                assetType: 'skill',
              }),
              headers: {
                ...headers,
                'Content-Type': 'application/json',
              },
              method: 'POST',
            });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #665c4da7bae2dbf5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/socialProfile.ts:88
            const response = await fetch(`${MARKET_BASE_URL}/api/v1/user/claims`, {
              body: JSON.stringify({
                assetId: Number(pluginId),
                assetType: 'plugin',
              }),
              headers: {
                ...headers,
                'Content-Type': 'application/json',
              },
              method: 'POST',
            });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #449eb4c17e0cd55b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/socialProfile.ts:141
      const response = await fetch(`${MARKET_BASE_URL}/api/v1/user/claims/scan`, {
        headers,
        method: 'GET',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8584e0120c6491bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/routers/lambda/market/socialProfile.ts:195
        const response = await fetch(`${MARKET_BASE_URL}/api/v1/user/claims/submit-repo`, {
          body: JSON.stringify({
            branch: input.branch,
            gitUrl: input.gitUrl,
            type: input.type,
          }),
          headers: {
            ...headers,
            'Content-Type': 'application/json',
            ...(input.actAs === undefined
              ? {}
              : { 'x-lobe-owner-account-id': String(input.actAs) }),
          },
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3d61c0e21b162fb8 Environment-variable access.
repo/apps/server/src/routers/lambda/userMemories.ts:931
      if (process.env.NODE_ENV !== 'production' && process.env.DEV_DISABLE_AUTO_MEMORY === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d7b195baf95566d Environment-variable access.
repo/apps/server/src/routers/lambda/video/index.ts:139
      if (process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #352db08a06325928 Environment-variable access.
repo/apps/server/src/routers/lambda/video/index.ts:255
        const callbackBaseUrl = process.env.WEBHOOK_PROXY_URL || appEnv.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #588450960020f76e Environment-variable access.
repo/apps/server/src/services/agentDocuments/documentWork.ts:12
    return process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #25ac7b1b5e76852f Environment-variable access.
repo/apps/server/src/services/agentRuntime/AgentRuntimeService.test.ts:164
    process.env.AGENT_RUNTIME_BASE_URL = 'http://localhost:3010';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7c376665b75d72d2 Environment-variable access.
repo/apps/server/src/services/agentRuntime/AgentRuntimeService.test.ts:196
    delete process.env.AGENT_RUNTIME_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8f4c824e948fed5f Environment-variable access.
repo/apps/server/src/services/agentRuntime/AgentRuntimeService.test.ts:202
      delete process.env.AGENT_RUNTIME_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a2d0000c6b19e425 Environment-variable access.
repo/apps/server/src/services/agentRuntime/AgentRuntimeService.test.ts:208
      process.env.AGENT_RUNTIME_BASE_URL = 'http://custom:3000';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #469d4809f18d3560 Environment-variable access.
repo/apps/server/src/services/agentRuntime/AgentRuntimeService.ts:90
if (process.env.VERCEL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17e29212763383d8 Environment-variable access.
repo/apps/server/src/services/agentRuntime/AgentRuntimeService.ts:287
    const baseUrl = process.env.AGENT_RUNTIME_BASE_URL || appEnv.APP_URL || 'http://localhost:3010';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2afb069e3e942099 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:31
    : urlJoin(process.env.INTERNAL_APP_URL || process.env.APP_URL || '', url);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04e2450e47ad687f Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:35
      const qstashToken = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8790ff6a7ea888e6 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:48
          ...(process.env.VERCEL_AUTOMATION_BYPASS_SECRET && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0854a9f1615f276 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:49
            'x-vercel-protection-bypass': process.env.VERCEL_AUTOMATION_BYPASS_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2834a77efeba936e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/agentRuntime/hooks/HookDispatcher.ts:71
    const res = await fetch(url, {
      body: JSON.stringify(payload),
      headers: { 'Content-Type': 'application/json' },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #2b6bdc364a43b882 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/__tests__/HookDispatcher.test.ts:273
    const originalToken = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a8c4233727f6c457 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/__tests__/HookDispatcher.test.ts:278
      delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #41ea2ffbf3292d84 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/__tests__/HookDispatcher.test.ts:282
      if (originalToken === undefined) delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #480c0f15d908d344 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/__tests__/HookDispatcher.test.ts:283
      else process.env.QSTASH_TOKEN = originalToken;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8466ee7bd7fe14a6 Environment-variable access.
repo/apps/server/src/services/agentRuntime/hooks/__tests__/HookDispatcher.test.ts:305
      process.env.QSTASH_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3aa0a2797f5197c2 Environment-variable access.
repo/apps/server/src/services/agentRuntime/snapshotStore.ts:8
  const explicitValue = process.env.ENABLE_AGENT_S3_TRACING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22915671eae6120e Environment-variable access.
repo/apps/server/src/services/agentRuntime/snapshotStore.ts:12
  return process.env.NODE_ENV === 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c64bb203491a8ad Environment-variable access.
repo/apps/server/src/services/agentRuntime/snapshotStore.ts:49
  if (process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fe425a5d272f8b38 Filesystem access.
repo/apps/server/src/services/agentSignal/__tests__/promptBoundaries.test.ts:9
const read = (filePath: string) => readFileSync(path.join(root, filePath), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7a46da0efe848f35 Environment-variable access.
repo/apps/server/src/services/aiAgent/__tests__/execAgent.memory.test.ts:28
process.env.OPENAI_API_KEY = 'sk-test-fake-api-key-for-testing';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0bfcdcfe392ca422 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/aiAgent/ingestAttachment.ts:117
    const response = await fetch(source.url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8506f3e1c4f35a36 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/discord/api.ts:183
    const response = await fetch(
      `https://discord.com/api/v10/webhooks/${applicationId}/${interactionToken}/messages/@original`,
      {
        body: JSON.stringify({
          components: buildButtonComponents(buttons),
          content,
        }),
        headers: { 'Content-Type': 'application/json' },
        method: 'PATCH',
      },
    );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a56792eacac720d4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/discord/client.ts:533
      const res = await fetch('https://discord.com/api/v10/users/@me', {
        headers: { Authorization: `Bot ${credentials.botToken}` },
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9c0347fa4ba593d0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/discord/sendAttachments.ts:33
      const response = await fetch(attachment.fetchUrl, {
        signal: AbortSignal.timeout(15_000),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c11b7f8b709d7edc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/feishu/gateway.ts:101
      await fetch(this.options.webhookUrl, {
        body: JSON.stringify(webhookPayload),
        headers: { 'Content-Type': 'application/json' },
        method: 'POST',
        signal: AbortSignal.timeout(30_000),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c9f2fc736301f42f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/feishu/sendAttachments.ts:57
      const response = await fetch(attachment.fetchUrl, {
        signal: AbortSignal.timeout(15_000),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4287c64b15155485 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/api.ts:215
    const response = await fetch(responseUrl, {
      body: JSON.stringify({
        blocks: this.buildButtonGridBlocks(fallback, buttons),
        replace_original: true,
        text: fallback,
      }),
      headers: { 'content-type': 'application/json; charset=utf-8' },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e76c270abe110e89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/api.ts:452
    const response = await fetch(url, {
      headers: { Authorization: `Bearer ${this.botToken}` },
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #50ea46ecf5175588 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/api.ts:537
    const response = await fetch(uploadUrl, {
      body: new Uint8Array(buffer),
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #321a1d8acc82610a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/api.ts:589
    const response = await fetch(url, {
      body: params,
      headers: {
        'Authorization': `Bearer ${this.botToken}`,
        'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #71bb34bfca282f6f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/client.ts:480
      const res = await fetch(`${SLACK_API_BASE}/auth.test`, {
        headers: {
          'Authorization': `Bearer ${credentials.botToken}`,
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #187e6a2c7395ab0d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/client.ts:494
        const appRes = await fetch(`${SLACK_API_BASE}/apps.connections.open`, {
          headers: {
            'Authorization': `Bearer ${credentials.appToken}`,
            'Content-Type': 'application/x-www-form-urlencoded',
          },
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f7e17031c347bf59 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/gateway.ts:87
    const response = await fetch(`${SLACK_API_BASE}/apps.connections.open`, {
      headers: {
        'Authorization': `Bearer ${this.appToken}`,
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e2bd9bdeea28fdf0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/gateway.ts:245
    fetch(this.webhookUrl, {
      body: forwardedRequest.body,
      headers: forwardedRequest.headers,
      method: 'POST',
      signal: AbortSignal.timeout(30_000),
    }).catch((err) => {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4607a4ce7700fa87 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/slack/sendAttachments.ts:20
      const response = await fetch(attachment.fetchUrl, {
        signal: AbortSignal.timeout(15_000),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bd542a1eaca6d152 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/telegram/api.ts:346
    const response = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8a6d2bb4f78c73ff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/telegram/api.ts:423
      const response = await fetch(url, {
        body: payload,
        headers: { 'Content-Type': 'application/json' },
        method: 'POST',
        signal: AbortSignal.timeout(TELEGRAM_FETCH_TIMEOUT_MS),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8f6030eeb230dcaa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/telegram/api.ts:490
      const response = await fetch(url, {
        body: buildForm(),
        method: 'POST',
        // Let undici set the multipart boundary header automatically.
        signal: AbortSignal.timeout(TELEGRAM_FETCH_TIMEOUT_MS),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d2b0bfc137756ff1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/telegram/client.ts:143
      const response = await fetch(
        `${TELEGRAM_API_BASE}/bot${this.config.credentials.botToken}/deleteWebhook`,
        { method: 'POST' },
      );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1fd780d6917e7b6e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/telegram/client.ts:391
      const res = await fetch(`${TELEGRAM_API_BASE}/bot${credentials.botToken}/getMe`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cb6c20d0fa00b78f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/telegram/helpers.ts:39
  const response = await fetch(`${TELEGRAM_API_BASE}/bot${botToken}/setWebhook`, {
    body: JSON.stringify(params),
    headers: { 'Content-Type': 'application/json' },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9df6d4611d1948b6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/wechat/client.ts:284
      const response = await fetch(webhookUrl, {
        body: JSON.stringify(msg),
        headers: {
          ...(webhookToken ? { Authorization: `Bearer ${webhookToken}` } : {}),
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1fbfeb6c26ba3644 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/wechat/client.ts:428
        const token = await this.context.redisClient.get(redisKey);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #74ee22350a82062c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/bot/platforms/wechat/sendAttachments.ts:61
      const response = await fetch(attachment.fetchUrl, {
        signal: AbortSignal.timeout(15_000),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #d4ac9a94c735afd8 Environment-variable access.
repo/apps/server/src/services/changelog/index.test.ts:261
        process.env.DOC_S3_PUBLIC_DOMAIN = 'https://cdn.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba3566ea09a7da5 Environment-variable access.
repo/apps/server/src/services/changelog/index.ts:15
const docCdnPrefix = process.env.DOC_S3_PUBLIC_DOMAIN || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #232478f083ca2ef3 Environment-variable access.
repo/apps/server/src/services/changelog/index.ts:34
    branch: process.env.DOCS_BRANCH || 'main',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9eac14dcf566fff4 Environment-variable access.
repo/apps/server/src/services/changelog/index.ts:41
    urlTemplate: process.env.CHANGELOG_URL_TEMPLATE || URL_TEMPLATE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f532b5d52dbf7c6a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/changelog/index.ts:54
      const res = await fetch(url, {
        next: { revalidate: 3600, tags: [FetchCacheTag.Changelog] },
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3be680b92a7d7b69 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/changelog/index.ts:92
      const response = await fetch(url, {
        next: { revalidate: 3600, tags: [FetchCacheTag.Changelog] },
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1b3e2aa2bcb97681 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/changelog/index.ts:207
        const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d72c635e666bbbea Environment-variable access.
repo/apps/server/src/services/comfyui/core/comfyUIClientService.ts:70
        options.baseURL || process.env.COMFYUI_DEFAULT_URL || COMFYUI_DEFAULTS.BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5954394006d429b2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/comfyui/core/comfyUIConnectionService.ts:75
      const response = await fetch(url, {
        headers: {
          ...headers,
          'Content-Type': 'application/json',
        },
        method: 'GET',
        mode: 'cors',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d85730da3489f467 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/comfyui/core/imageService.ts:119
      const response = await fetch(imageUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #539624df184ae3a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/connector/oauth.ts:57
    const res = await fetch(mcpServerUrl, {
      headers: { accept: 'application/json, text/event-stream' },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #31da39c5dcd56e8d Environment-variable access.
repo/apps/server/src/services/desktopRelease/index.ts:120
  const token = options?.token || process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3ae3a0311ad4688e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/desktopRelease/index.ts:122
  const res = await fetch(`https://api.github.com/repos/${owner}/${repo}/releases/latest`, {
    headers: {
      ...(token ? { Authorization: `Bearer ${token}` } : {}),
      'Accept': 'application/vnd.github+json',
      'User-Agent': 'lobehub-server',
    },
    next: { revalidate: 300, tags: [FetchCacheTag.DesktopRelease] },
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #71709125a03e679b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/desktopRelease/index.ts:143
  const res = await fetch(urlJoin(baseUrl, manifestName), {
    next: { revalidate: 300, tags: [FetchCacheTag.DesktopRelease] },
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f0fda492e1486e17 Environment-variable access.
repo/apps/server/src/services/desktopRelease/index.ts:175
    options?.baseUrl || process.env.DESKTOP_UPDATE_SERVER_URL || process.env.UPDATE_SERVER_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #056a7494b0a52acb Environment-variable access.
repo/apps/server/src/services/discover/index.ts:106
      process.env.MARKET_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdc207be94904b40 Environment-variable access.
repo/apps/server/src/services/discover/index.ts:115
      if (process.env.VERCEL_PROJECT_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7e8c2a28e0c9e43a Environment-variable access.
repo/apps/server/src/services/discover/index.ts:116
        return process.env.VERCEL_PROJECT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0e4abb475ebc2d75 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/discover/index.ts:1358
        const res = await fetch(readmeUrl, {
          next: {
            tags: [CacheTag.Discover, CacheTag.Providers],
          },
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cfc5858961e89a48 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/file/index.ts:418
    const response = await fetch(externalUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #027c54fa3c6ba9df Environment-variable access.
repo/apps/server/src/services/gateway/GatewayManager.ts:253
      appUrl: process.env.APP_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3403ba6ea5f41d9e Environment-variable access.
repo/apps/server/src/services/gateway/index.ts:125
const isVercel = !!process.env.VERCEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2f5f06722ecfb865 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/gateway/runtimeStatus.ts:67
  const raw = await redisClient.get(getRuntimeStatusKey(platform, applicationId));

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3c6956f249c2337f Filesystem access.
repo/apps/server/src/services/generation/video.ts:74
        fs.readFile(String(tempVideoPath)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed950a483cfbe60c Filesystem access.
repo/apps/server/src/services/generation/video.ts:99
      const coverBuffer = await fs.readFile(String(tempCoverPath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #8298dae8725f3255 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/generation/video.ts:180
    const response = await fetch(url, {
      headers: options?.headers,
      signal: AbortSignal.timeout(VideoGenerationService.DOWNLOAD_TIMEOUT_MS),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #96b72aaadf172652 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:609
    const originalToken = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d7c3ab137de64f88 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:610
    const originalAppUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #07b3610d6435343e Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:646
      process.env.QSTASH_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3bf90301a2157f91 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:647
      process.env.APP_URL = 'https://app.test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #269a4cfefc240d1d Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:652
      if (originalToken === undefined) delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #40cee2e53cb59cfc Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:653
      else process.env.QSTASH_TOKEN = originalToken;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #80edd1e1f7033423 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:654
      if (originalAppUrl === undefined) delete process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d0a22d21ab67d75 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:655
      else process.env.APP_URL = originalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e19ab77217f672a0 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:703
    const originalToken = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e9efbbb15a8e7937 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:704
    const originalAppUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9f6d28d468e8e79c Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:754
      process.env.QSTASH_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1b6732436d49d687 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:755
      process.env.APP_URL = 'https://app.test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #68c3a47d8f948d68 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:761
      if (originalToken === undefined) delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #51f9fe254fdc7378 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:762
      else process.env.QSTASH_TOKEN = originalToken;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c62bcc602f16ed57 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:763
      if (originalAppUrl === undefined) delete process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #390316d8ef5813c2 Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/__tests__/index.test.ts:764
      else process.env.APP_URL = originalAppUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #836d0555b7dea4bd Environment-variable access.
repo/apps/server/src/services/heterogeneousAgent/sandboxRunner.ts:193
  const serverUrl = process.env.LOBEHUB_HETERO_SERVER_URL ?? appEnv.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #990d9eeaa47b00a1 Environment-variable access.
repo/apps/server/src/services/llmGenerationTracing/index.ts:262
  if (process.env.ENABLE_LLM_GENERATION_TRACING_S3 === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda4f2dcfdf903bf Environment-variable access.
repo/apps/server/src/services/llmGenerationTracing/index.ts:273
  if (process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ef576d2416cc66d Environment-variable access.
repo/apps/server/src/services/market/index.ts:13
const MARKET_BASE_URL = process.env.MARKET_BASE_URL || 'https://market.lobehub.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7edac946ee356418 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/market/index.ts:210
    const response = await fetch(userInfoUrl, {
      // @ts-ignore
      headers: this.market.headers,
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #325ee35614d26257 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/market/index.ts:735
    const response = await fetch(uploadUrl, {
      body: formData,
      headers: authHeaders,
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #922050012ddf5f3e Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:65
  const originalServiceUserId = process.env.MEMORY_EXTRACTION_HOURLY_TASK_USER_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0750ceadc4b1170f Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:66
  const originalQstashToken = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a6190c9744f0f641 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:73
    process.env.MEMORY_EXTRACTION_HOURLY_TASK_USER_ID = 'service-account-user';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4e6f4a74fb5280bd Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:74
    process.env.QSTASH_TOKEN = 'test-qstash-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #04de875d626e6a59 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:96
      delete process.env.MEMORY_EXTRACTION_HOURLY_TASK_USER_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b43508d58582e736 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:98
      process.env.MEMORY_EXTRACTION_HOURLY_TASK_USER_ID = originalServiceUserId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d3a20d5f07c76637 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:102
      delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6a1afc3bc3092d56 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:104
      process.env.QSTASH_TOKEN = originalQstashToken;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d027f99bebfebe83 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/__tests__/extract.workflow.test.ts:257
    delete process.env.MEMORY_EXTRACTION_HOURLY_TASK_USER_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c23740e20460f98 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/extract.ts:2765
  const token = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f14e16601e1a3e5 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/extract.ts:2770
  if (process.env.QSTASH_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c70cb2a3a7930042 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/extract.ts:2771
    (config as Record<string, unknown>).url = process.env.QSTASH_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d24a6b9bfca09048 Environment-variable access.
repo/apps/server/src/services/memory/userMemory/extract.ts:2844
    const userId = process.env.MEMORY_EXTRACTION_HOURLY_TASK_USER_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #236b80552edbae58 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/oauth/slackOAuth.ts:29
  const url = new URL(SLACK_AUTHORIZE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #21774bde2e638e4d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/oauth/slackOAuth.ts:86
  const response = await fetch(SLACK_OAUTH_ACCESS_URL, {
    body,
    headers: { 'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8' },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #da137909c256412b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/oauth/slackOAuth.ts:110
  const response = await fetch(SLACK_AUTH_REVOKE_URL, {
    body,
    headers: { 'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8' },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #da3821f7e853ea1d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/oauth/slackOAuth.ts:144
  const response = await fetch(SLACK_OAUTH_ACCESS_URL, {
    body,
    headers: { 'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8' },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c47e66b5ce0a7feb Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/platforms/discord/oauth.ts:81
  const url = new URL(DISCORD_AUTHORIZE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b86d77d912096f04 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/platforms/discord/oauth.ts:108
  const tokenResponse = await fetch(DISCORD_TOKEN_URL, {
    body,
    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #624eaa6e38d51bc2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/platforms/discord/oauth.ts:132
    const userResponse = await fetch(`${DISCORD_API_BASE}/users/@me`, {
      headers: { Authorization: `Bearer ${data.access_token}` },
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d1565092b766b418 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/server/src/services/messenger/platforms/slack/oauth.ts:103
  const url = new URL('https://slack.com/app/open');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #761fd066ba5b39c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/oauthDeviceFlow/index.ts:72
    const response = await fetch(config.deviceCodeEndpoint, {
      body: new URLSearchParams({
        client_id: config.clientId,
        scope: config.scopes.join(' '),
      }).toString(),
      headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d5c055b5a2b0d433 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/oauthDeviceFlow/index.ts:105
    const response = await fetch(config.tokenEndpoint, {
      body: new URLSearchParams({
        client_id: config.clientId,
        device_code: deviceCode,
        grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
      }).toString(),
      headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4ddeb41fa5f7435f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/oauthDeviceFlow/index.ts:169
    const response = await fetch(config.tokenEndpoint, {
      body: new URLSearchParams({
        client_id: config.clientId,
        grant_type: 'refresh_token',
        refresh_token: refreshToken,
      }).toString(),
      headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #75629619c02d2dab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/oauthDeviceFlow/providers/githubCopilot.ts:30
    const response = await fetch(GithubCopilotOAuthService.GITHUB_USER_API, {
      headers: {
        'Accept': 'application/json',
        'Authorization': `token ${oauthToken}`,
        'User-Agent': 'LobeChat/1.0',
      },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e672a884c66acd5f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/oauthDeviceFlow/providers/githubCopilot.ts:55
    const response = await fetch(GithubCopilotOAuthService.TOKEN_EXCHANGE_URL, {
      headers: {
        'Accept': 'application/json',
        'Authorization': `token ${oauthToken}`,
        'User-Agent': 'LobeChat/1.0',
      },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #a3add24066917f1a Environment-variable access.
repo/apps/server/src/services/queue/__tests__/QueueService.test.ts:128
      delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1abfe4f1b8ae90ae Environment-variable access.
repo/apps/server/src/services/queue/__tests__/QueueService.test.ts:139
      process.env.QSTASH_TOKEN = 'test-qstash-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c250c5de01a94086 Environment-variable access.
repo/apps/server/src/services/queue/__tests__/QueueService.test.ts:148
      delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3a5c91c29cdca273 Environment-variable access.
repo/apps/server/src/services/queue/__tests__/QueueService.test.ts:153
      process.env.QSTASH_TOKEN = 'test-qstash-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #522b8bb5d1e38da2 Environment-variable access.
repo/apps/server/src/services/queue/__tests__/QueueService.test.ts:161
      delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f27ceca57e4a529c Environment-variable access.
repo/apps/server/src/services/queue/impls/index.ts:26
    const qstashToken = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a7cbf16b8f912ece Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/sandbox/providers/onlyboxes.ts:660
    const response = await fetch(`${this.baseUrl}${path}`, {
      ...init,
      headers,
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3192f16d9672099f Environment-variable access.
repo/apps/server/src/services/search/impls/anspire/index.ts:21
    return process.env.ANSPIRE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #54282dfe45e34b7c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/anspire/index.ts:71
      response = await fetch(`${endpoint}?${searchParams.toString()}`, {
        headers: {
          'Accept': '*/*',
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Connection': 'keep-alive ',
          'Content-Type': 'application/json',
        },
        method: 'GET',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8be2761add8c12ec Environment-variable access.
repo/apps/server/src/services/search/impls/bocha/index.ts:28
    return process.env.BOCHA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1ec629de79267150 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/bocha/index.ts:61
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #3342af652507c16b Environment-variable access.
repo/apps/server/src/services/search/impls/brave/index.test.ts:30
    process.env.BRAVE_API_KEY = 'test-brave-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7848e7eb81ccd80a Environment-variable access.
repo/apps/server/src/services/search/impls/brave/index.test.ts:35
    delete process.env.BRAVE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3a9fee245462d924 Environment-variable access.
repo/apps/server/src/services/search/impls/brave/index.test.ts:145
      delete process.env.BRAVE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5af2734282cf96dc Environment-variable access.
repo/apps/server/src/services/search/impls/brave/index.ts:28
    return process.env.BRAVE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #922220703427a941 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/brave/index.ts:66
      response = await fetch(`${endpoint}?${searchParams.toString()}`, {
        headers: {
          'Accept': 'application/json',
          'Accept-Encoding': 'gzip',
          'X-Subscription-Token': this.apiKey ? this.apiKey : '',
        },
        method: 'GET',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #ed6b0d715e953b7f Environment-variable access.
repo/apps/server/src/services/search/impls/exa/index.test.ts:27
    process.env.EXA_API_KEY = 'test-exa-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #94f0750c5be73f03 Environment-variable access.
repo/apps/server/src/services/search/impls/exa/index.test.ts:32
    delete process.env.EXA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #23022f0fd65732b7 Environment-variable access.
repo/apps/server/src/services/search/impls/exa/index.test.ts:153
      delete process.env.EXA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed9c36dc5a289ea0 Environment-variable access.
repo/apps/server/src/services/search/impls/exa/index.ts:21
    return process.env.EXA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5d405cd2f97d81b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/exa/index.ts:65
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Content-Type': 'application/json',
          'x-api-key': this.apiKey ? this.apiKey : '',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1854ae67eb40b9f6 Environment-variable access.
repo/apps/server/src/services/search/impls/firecrawl/index.ts:28
    return process.env.FIRECRAWL_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a94b1eee3af88f54 Environment-variable access.
repo/apps/server/src/services/search/impls/firecrawl/index.ts:33
    return process.env.FIRECRAWL_URL || 'https://api.firecrawl.dev/v2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #dd29bf6d128e7deb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/firecrawl/index.ts:66
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #91697da459b31d75 Environment-variable access.
repo/apps/server/src/services/search/impls/google/index.ts:28
    return process.env.GOOGLE_PSE_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33223a54c3d7fbb9 Environment-variable access.
repo/apps/server/src/services/search/impls/google/index.ts:32
    return process.env.GOOGLE_PSE_ENGINE_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #addcaf6e86788771 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/google/index.ts:71
      response = await fetch(`${endpoint}?${searchParams.toString()}`, {
        method: 'GET',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #99fea7b118432096 Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:21
    delete process.env.JINA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #80c74c0341bb975d Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:22
    delete process.env.JINA_READER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cc732771b38b61f1 Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:23
    delete process.env.JINA_USE_CN_DOMAINS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bfb19b3f66d42201 Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:28
    delete process.env.JINA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #363afb423ee23643 Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:29
    delete process.env.JINA_READER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e7f7334dfa0643c0 Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:30
    delete process.env.JINA_USE_CN_DOMAINS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ed872cc11c4e2f63 Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:34
    process.env.JINA_READER_API_KEY = 'test-jina-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #85349e02098802fa Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.test.ts:79
    process.env.JINA_USE_CN_DOMAINS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9224668ca2556fe Environment-variable access.
repo/apps/server/src/services/search/impls/jina/index.ts:22
    return process.env.JINA_READER_API_KEY || process.env.JINA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a5fd1ba06c3d47fc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/jina/index.ts:44
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Accept': 'application/json',
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
          'X-Respond-With': 'no-content',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b4226422345a93f5 Environment-variable access.
repo/apps/server/src/services/search/impls/kagi/index.ts:21
    return process.env.KAGI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a2206ed23400a04b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/kagi/index.ts:50
      response = await fetch(`${endpoint}?${searchParams.toString()}`, {
        headers: {
          Authorization: this.apiKey ? `Bot ${this.apiKey}` : '',
        },
        method: 'GET',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #2cde34afbe45fdc0 Environment-variable access.
repo/apps/server/src/services/search/impls/search1api/index.integration.test.ts:7
const apiKey = process.env.SEARCH1API_SEARCH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f07f27b53fb84eb4 Environment-variable access.
repo/apps/server/src/services/search/impls/search1api/index.test.ts:39
    process.env.SEARCH1API_SEARCH_API_KEY = 'test-search1api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e7435eb93e00fc0d Environment-variable access.
repo/apps/server/src/services/search/impls/search1api/index.test.ts:40
    delete process.env.SEARCH1API_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5f1c24df947bafd1 Environment-variable access.
repo/apps/server/src/services/search/impls/search1api/index.test.ts:45
    delete process.env.SEARCH1API_SEARCH_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #93f6d432b2f4768b Environment-variable access.
repo/apps/server/src/services/search/impls/search1api/index.test.ts:46
    delete process.env.SEARCH1API_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7dc56f1f22fc6eb Environment-variable access.
repo/apps/server/src/services/search/impls/search1api/index.ts:41
    return process.env.SEARCH1API_SEARCH_API_KEY || process.env.SEARCH1API_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4618f80ab10e762c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/search1api/index.ts:82
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c3db4601608d7ba4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/searxng/client.ts:62
      const response = await fetch(urlJoin(this.baseUrl, `/search?${searchParams}`));

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #4bff460035edc45e Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.test.ts:27
    process.env.TAVILY_API_KEY = 'test-tavily-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6886ec1da71c1f09 Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.test.ts:28
    delete process.env.TAVILY_SEARCH_DEPTH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0f3f2b5a69d04d5 Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.test.ts:33
    delete process.env.TAVILY_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9751c0c2a1f7037d Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.test.ts:34
    delete process.env.TAVILY_SEARCH_DEPTH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #52dcc2ec5cbed52c Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.test.ts:147
      process.env.TAVILY_SEARCH_DEPTH = 'advanced';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #75ddac0490ccf98a Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.test.ts:170
      delete process.env.TAVILY_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #346e27c32749109c Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.ts:21
    return process.env.TAVILY_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10b180c8570be656 Environment-variable access.
repo/apps/server/src/services/search/impls/tavily/index.ts:40
      search_depth: process.env.TAVILY_SEARCH_DEPTH || 'basic', // basic or advanced

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #21ad852df827835a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/services/search/impls/tavily/index.ts:60
      response = await fetch(endpoint, {
        body: JSON.stringify(body),
        headers: {
          'Authorization': this.apiKey ? `Bearer ${this.apiKey}` : '',
          'Content-Type': 'application/json',
        },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #cc0cc7e56e495ee1 Filesystem access.
repo/apps/server/src/services/skill/importer.ts:116
      const buffer = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2bf2f37ced55d289 Filesystem access.
repo/apps/server/src/services/skill/parser.test.ts:825
      await writeFile(testZipPath, zipped);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3595277781478d95 Filesystem access.
repo/apps/server/src/services/skill/parser.test.ts:851
      await writeFile(invalidZipPath, Buffer.from([1, 2, 3, 4]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1161370dab6c7731 Filesystem access.
repo/apps/server/src/services/skill/parser.ts:61
      const buffer = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fcb5561bd35bd80 Environment-variable access.
repo/apps/server/src/services/taskScheduler/impls/index.ts:24
    const baseUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc4b37aa4b1f0303 Environment-variable access.
repo/apps/server/src/services/taskTemplate/index.ts:23
  process.env.VERCEL_PROJECT_ID || process.env.VERCEL_PROJECT_PRODUCTION_URL || appEnv.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b315a4617dbdf6f7 Filesystem access.
repo/apps/server/src/utils/tempFileManager.ts:29
      writeFileSync(filePath, data);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #29a1d64a1b71813a Environment-variable access.
repo/apps/server/src/utils/url.test.ts:25
    process.env.VERCEL = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #daa0ffc547856ec4 Environment-variable access.
repo/apps/server/src/utils/url.test.ts:26
    process.env.VERCEL_ENV = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6ac7312a9eff1361 Environment-variable access.
repo/apps/server/src/utils/url.test.ts:35
    process.env.VERCEL = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b876911380aad2e6 Environment-variable access.
repo/apps/server/src/utils/url.test.ts:36
    process.env.VERCEL_ENV = 'preview';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #566757179ff0c8f7 Environment-variable access.
repo/apps/server/src/utils/url.test.ts:37
    process.env.VERCEL_URL = 'preview-url.vercel.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1fb0b2f50d6052ed Environment-variable access.
repo/apps/server/src/utils/url.test.ts:46
    process.env.VERCEL = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0103c8b844f07573 Environment-variable access.
repo/apps/server/src/utils/url.test.ts:47
    process.env.VERCEL_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #580a7f13cac53f4c Environment-variable access.
repo/apps/server/src/utils/url.ts:3
const isVercelPreview = process.env.VERCEL === '1' && process.env.VERCEL_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96202db2368d2b89 Environment-variable access.
repo/apps/server/src/utils/url.ts:5
const vercelPreviewUrl = `https://${process.env.VERCEL_URL}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #603dc262cb63d29d Environment-variable access.
repo/apps/server/src/workflows-hono/middlewares/qstashAuth.ts:27
  if (process.env.QSTASH_CURRENT_SIGNING_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f53386f639c80dc4 Environment-variable access.
repo/apps/server/src/workflows-hono/qstashClient.ts:13
    token: process.env.QSTASH_TOKEN!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebfc7a77c4eb6067 Environment-variable access.
repo/apps/server/src/workflows-hono/task/handlers/scheduleDispatch.ts:106
    if (!process.env.APP_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #412a0a14f2de6e64 Environment-variable access.
repo/apps/server/src/workflows-hono/task/handlers/scheduleDispatch.ts:109
    const url = `${process.env.APP_URL.replace(/\/$/, '')}${SCHEDULE_EXECUTE_PATH}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b08226f18901d41c Environment-variable access.
repo/apps/server/src/workflows/agentEvalRun/index.ts:127
  const baseUrl = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95bc0745cc773abc Environment-variable access.
repo/apps/server/src/workflows/agentSignal/run.ts:104
  if (process.env.NODE_ENV !== 'development') return null;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dfcd40c42cb558d2 Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:6
  const originalQstashToken = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #df65d954c06eaa56 Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:7
  const originalQstashUrl = process.env.QSTASH_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #92b490526147f83a Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:10
    process.env.QSTASH_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d009ae970ba53bfb Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:11
    delete process.env.QSTASH_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e5d7ae7707df7853 Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:21
    if (originalQstashToken === undefined) delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #95cad8fddde194f7 Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:22
    else process.env.QSTASH_TOKEN = originalQstashToken;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4d71e3180e2e6a80 Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:24
    if (originalQstashUrl === undefined) delete process.env.QSTASH_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2ecea7d8c617b9d2 Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:25
    else process.env.QSTASH_URL = originalQstashUrl;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #944051f1de2efbb4 Environment-variable access.
repo/apps/server/src/workflows/runGuard/__tests__/qstashCancel.test.ts:136
    delete process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #667b3f719d74fc13 Environment-variable access.
repo/apps/server/src/workflows/runGuard/qstashCancel.ts:79
  const token = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2c060b2688b50d46 Environment-variable access.
repo/apps/server/src/workflows/runGuard/qstashCancel.ts:83
  const qstashUrl = process.env.QSTASH_URL || DEFAULT_QSTASH_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9da46c099e14454c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/server/src/workflows/runGuard/qstashCancel.ts:93
  const response = await fetch(new URL('/v2/workflows/runs', qstashUrl), {
    body: JSON.stringify({ workflowUrl: [workflowUrlPrefix] }),
    headers: {
      'Authorization': `Bearer ${token}`,
      'Content-Type': 'application/json',
    },
    method: 'DELETE',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #44c51c194ecce29c Filesystem access.
repo/apps/server/viteNodeServer.config.ts:22
    return `export default ${JSON.stringify(readFileSync(filepath, 'utf8'))};`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm)

npm first-party
medium telemetry production #b6a00b0fcffa2cb5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/components/Analytics/HomePageTracker.tsx:15
      analytics.track({
        name: 'main_page_view',
        properties: {
          spm: 'homepage.main_page.view',
        },
      });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c83242a26178b8d7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/features/AgentSetting/store/action.ts:316
        analytics.track({
          name: 'agent_meta_updated',
          properties: {
            assistant_avatar: mergedMeta.avatar,
            assistant_background_color: mergedMeta.backgroundColor,
            assistant_description: mergedMeta.description,
            assistant_name: mergedMeta.title,
            assistant_tags: mergedMeta.tags,
            is_inbox: id === 'inbox',
            session_id: id || 'unknown',
            timestamp: Date.now(),
            user_id: useUserStore.getState().user?.id || 'anonymous',
          },
        });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #262fbfea1882a905 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/features/Billboard/Carousel.tsx:146
      analytics?.track({
        name: 'billboard_cta_clicked',
        properties: {
          billboard_slug: billboardSlug,
          item_id: item.id,
          link_url: item.linkUrl,
          position,
          spm: 'billboard.cta.clicked',
        },
      });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3d0a8fb5cb48294b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/features/Billboard/Carousel.tsx:245
      void analytics.track({
        name: 'billboard_served',
        properties: {
          billboard_slug: set.slug,
          item_count: set.items.length,
          spm: 'billboard.card.served',
        },
      });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3c74a1b8b6decc5d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/features/Billboard/index.tsx:48
      analytics?.track({
        name: 'billboard_dismissed',
        properties: {
          billboard_slug: billboard.slug,
          item_count: billboard.items.length,
          spm: 'billboard.dismiss.clicked',
        },
      });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #df4c1eec4cee4bd8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/features/User/UserLoginOrSignup/trackLoginOrSignupClicked.ts:23
    await analytics.track({
      name: 'login_or_signup_clicked',
      properties: {
        ...(lhCid && { lh_cid: lhCid }),
        ...(provider && { provider }),
        spm,
      },
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #d4e3795ff5601c76 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/src/layout/AuthProvider/MarketAuth/oidc.ts:150 · flow /tmp/closeopen-4_u_15or/repo/src/layout/AuthProvider/MarketAuth/oidc.ts:142 → /tmp/closeopen-4_u_15or/repo/src/layout/AuthProvider/MarketAuth/oidc.ts:150
    const response = await fetch(tokenUrl, {
      body: body.toString(),
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry production #d307834975a18f28 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/libs/analytics/productUsageEvent.ts:27
    await analytics.track(event);

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d15d92a4f67aa85b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/routes/(main)/home/_layout/Footer/index.tsx:177
        analytics?.track({ name: eventName, properties });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8db31f04c5563d4f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/routes/(main)/home/_layout/Footer/index.tsx:188
        analytics?.track({
          name: 'home_footer_menu_clicked',
          properties: { key, spm: `homepage.footer.${key}.clicked` },
        });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #faccf7b165f3bd3f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/routes/(main)/home/_layout/Footer/index.tsx:451
        analytics?.track({
          name: 'home_footer_menu_opened',
          properties: { keys: trackedMenuKeys.join(','), spm: 'homepage.footer.opened' },
        });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #bf00ab6d36f53da9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/routes/(mobile)/(home)/features/SessionListContent/List/index.tsx:65
                analytics?.track({
                  name: 'switch_session',
                  properties: {
                    assistant_name: session.meta?.title || 'Untitled Agent',
                    assistant_tags: session.meta?.tags || [],
                    group_id: sessionGroupId,
                    group_name: groupName,
                    session_id: id,
                    spm: 'homepage.chat.session_list_item.click',
                    user_id: userId || 'anonymous',
                  },
                });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a99536ad9e83a37a Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/services/onboardingFeedback/index.ts:62
    options.analytics?.track({
      name: FEEDBACK_EVENT_NAME,
      properties: {
        rating: payload.rating,
        spm: FEEDBACK_SPM,
      },
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4afd642d787bffce Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/services/onboardingMetrics/index.ts:34
    client.track({ name, properties });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #8b454b92018714fc Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/store/agent/slices/agent/action.ts:152
      analytics.track({
        name: 'new_agent_created',
        properties: {
          agent_id: result.agentId,
          assistant_name: params.config?.title || 'Untitled Agent',
          assistant_tags: params.config?.tags || [],
          user_id: userId || 'anonymous',
        },
      });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ffa6f1bfc834fc67 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/src/store/session/slices/session/action.ts:80
      analytics.track({
        name: 'new_agent_created',
        properties: {
          assistant_name: newSession.meta?.title || 'Untitled Agent',
          assistant_tags: newSession.meta?.tags || [],
          session_id: id,
          user_id: userId || 'anonymous',
        },
      });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4b8f7cd6b5be80d4 Structural telemetry/analytics emit (event capture or batched event insert). Confirm user consent and what payload is sent to the destination.
repo/src/store/user/slices/common/action.ts:201
            analytics?.identify(data.userId || '', {
              email: data.email,
              firstName: data.firstName,
              lastName: data.lastName,
              username: data.username,
            });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 762 low-confidence finding(s)
low env_fs test-only Excluded from app score #b74740efd6449ca5 Filesystem access.
repo/.agents/scripts/check/autofix.ts:39
        return [file, await readFile(path.join(rootDir(), file), 'utf8')];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5cd06b5a50767334 Filesystem access.
repo/.agents/scripts/check/autofix.ts:62
      current = await readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8b08592446323227 Filesystem access.
repo/.agents/scripts/check/autofix.ts:69
    await writeFile(origCopy, original);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #afd4cc54b4d14980 Filesystem access.
repo/.agents/scripts/check/autofix.ts:85
  await writeFile(diffFile, diffs.map((entry) => entry.diff).join('\n\n') + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bf020bbf26eb002d Filesystem access.
repo/.agents/scripts/check/check.test.ts:84
    const pkg = JSON.parse(await readFile(path.join(repoRoot, 'package.json'), 'utf8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d29b66d90e2372a1 Filesystem access.
repo/.agents/scripts/check/delegate.ts:29
    content = await readFile(gitPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b405c4a052ac9036 Filesystem access.
repo/.agents/scripts/check/delegate.ts:41
    const pkg = JSON.parse(await readFile(path.join(hostRoot, 'package.json'), 'utf8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4874c9182088177b Filesystem access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm-analyze.mjs:99
  const raw = await readFile(tracePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59a962a5c275876d Filesystem access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm-analyze.mjs:204
  const raw = await readFile(resultPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5324dfdc23ce3015 Filesystem access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm-analyze.mjs:209
    await writeFile(resultPath, `${JSON.stringify(result, null, 2)}\n`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6bfb13ddd01b5885 Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:99
    checkItemId: process.env.AGENT_BROWSER_KLM_CHECK || process.env.KLM_CHECK_ITEM_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2052cbefaef26330 Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:100
    label: process.env.AGENT_BROWSER_KLM_LABEL || process.env.KLM_LABEL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2eddfe3f680362a4 Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:101
    phaseId: process.env.AGENT_BROWSER_KLM_PHASE || process.env.KLM_PHASE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #572498a1c7f7e54f Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:102
    surface: process.env.AGENT_BROWSER_KLM_SURFACE || process.env.KLM_SURFACE || 'web',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dc92c9f9460883e0 Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:103
    commandTimeoutMs: parseNumber(process.env.AGENT_BROWSER_KLM_COMMAND_TIMEOUT_MS, undefined),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7d9feffd4cc7588e Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:105
      process.env.AGENT_BROWSER_KLM_TRACE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #637cd685359e52ad Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:106
      process.env.INTERACTION_TRACE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d427d4b0d1d52bb9 Environment-variable access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:109
  let binary = process.env.AGENT_BROWSER_BIN || 'agent-browser';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #166c86145f88faca Filesystem access.
repo/.agents/skills/agent-testing/scripts/agent-browser-klm.mjs:325
    const text = readFileSync(file, 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bb2661b9e6b346e6 Filesystem access.
repo/.agents/skills/agent-testing/scripts/cdp-capture.cjs:36
    const meta = JSON.parse(fs.readFileSync(metaPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #8e8bb9fd51def401 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/.agents/skills/agent-testing/scripts/cdp-capture.cjs:91
    const req = http.get({ host: '127.0.0.1', port: PORT, path }, (r) => {
      let d = '';
      r.on('data', (c) => (d += c));
      r.on('end', () => {
        try {
          res(JSON.parse(d));
        } catch (e) {
          rej(e);
        }
      });
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #8d60df502be0ade4 Filesystem access.
repo/.agents/skills/agent-testing/scripts/cdp-capture.cjs:164
  fs.writeFileSync(OUT, buf);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0edd8f39af8243d8 Filesystem access.
repo/.agents/skills/agent-testing/scripts/fixture.mjs:101
  writeFileSync(join(dir, 'check.json'), JSON.stringify(template, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3096455fca878ae6 Filesystem access.
repo/.agents/skills/agent-testing/scripts/fixture.mjs:111
    const check = JSON.parse(readFileSync(checkFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #811999544e917f3d Filesystem access.
repo/.agents/skills/agent-testing/scripts/fixture.mjs:132
    const check = JSON.parse(readFileSync(checkFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #97e126df4b428092 Filesystem access.
repo/.agents/skills/agent-testing/scripts/fixture.mjs:187
  writeFileSync(join(dir, 'result.json'), JSON.stringify(result, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fc2c9d6448ea691c Filesystem access.
repo/.agents/skills/agent-testing/scripts/fixture.mjs:188
  writeFileSync(join(dir, 'report.md'), `${opts.title || slug}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2f609827be542734 Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/apply-cutoffs.ts:17
const map: Record<string, string> = JSON.parse(readFileSync(mapPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2fed3f52fd85dd08 Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/apply-cutoffs.ts:28
  const lines = readFileSync(path, 'utf8').split('\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2d210108b2100e9e Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/apply-cutoffs.ts:65
    writeFileSync(path, out.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #03089f2092bba6e2 Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/apply-family.ts:5
  readFileSync('/tmp/family-map.json', 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c55742f5073f716a Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/apply-family.ts:14
  const lines = readFileSync(path, 'utf8').split('\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #543251249785b997 Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/apply-family.ts:45
    writeFileSync(path, out.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #321d9e15b9734247 Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/derive-family.ts:11
const ids: string[] = JSON.parse(readFileSync('/tmp/model-ids.json', 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9bf7d173de7fa8e3 Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/derive-family.ts:235
  writeFileSync('/tmp/family-map.json', JSON.stringify(map, null, 1));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bd686c39ecaa77e3 Filesystem access.
repo/.agents/skills/model-bank-metadata/scripts/extract-model-ids.ts:22
writeFileSync(out, JSON.stringify([...ids].sort(), null, 1));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1530b9a08f412c6d Filesystem access.
repo/.agents/verify/scripts/agent-gateway/analyze-events.ts:32
const raw = readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #02a2930c0035e68e Filesystem access.
repo/.agents/verify/scripts/agent-gateway/analyze.mjs:29
const raw = JSON.parse(fs.readFileSync(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3146b66cbb300f1b Environment-variable access.
repo/.agents/verify/scripts/agent-gateway/local-gateway-probe.mjs:26
const WS_BASE = process.env.GATEWAY_WS || 'ws://localhost:8787';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8683833647dd530b Filesystem access.
repo/.agents/verify/scripts/agent-gateway/local-gateway-probe.mjs:30
  const m = readFileSync(p, 'utf8').match(/^JWKS_KEY=(.*)$/m);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a5a76f0e6563483b Environment-variable access.
repo/.agents/verify/scripts/agent-gateway/local-gateway-probe.mjs:34
  process.env.JWKS_KEY?.trim() ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7cf29cc6236267c6 Environment-variable access.
repo/.agents/verify/scripts/agent-gateway/local-gateway-probe.mjs:35
  fromFile(process.env.JWKS_SOURCE) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1b883587f6ead823 Filesystem access.
repo/.agents/verify/scripts/agent-gateway/run.ts:153
  writeFileSync(dumpPath, json, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #38ea1697899cc608 Environment-variable access.
repo/.agents/verify/scripts/check-s3.mjs:11
const endpoint = process.env.S3_ENDPOINT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #927571d5cad87377 Environment-variable access.
repo/.agents/verify/scripts/check-s3.mjs:12
const bucket = process.env.S3_BUCKET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1aaf1f28f08b69a1 Environment-variable access.
repo/.agents/verify/scripts/check-s3.mjs:21
    accessKeyId: process.env.S3_ACCESS_KEY_ID || 'S3RVER',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #acab9b63450a8c56 Environment-variable access.
repo/.agents/verify/scripts/check-s3.mjs:22
    secretAccessKey: process.env.S3_SECRET_ACCESS_KEY || 'S3RVER',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ff580c8853f4bc5a Environment-variable access.
repo/.agents/verify/scripts/check-s3.mjs:25
  forcePathStyle: process.env.S3_ENABLE_PATH_STYLE !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #42b821367be112b2 Environment-variable access.
repo/.agents/verify/scripts/check-s3.mjs:26
  region: process.env.S3_REGION || 'us-east-1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a6779b7f931d6048 Environment-variable access.
repo/.agents/verify/scripts/start-s3.mjs:8
const port = Number(process.env.S3_DEV_PORT || 29_000);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9731d33f74dbe74b Environment-variable access.
repo/.agents/verify/scripts/start-s3.mjs:9
const address = process.env.S3_DEV_ADDRESS || '127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3bbf8ada6ef8df0a Environment-variable access.
repo/.agents/verify/scripts/start-s3.mjs:10
const bucket = process.env.S3_BUCKET || 'agent-testing-bucket';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #876ff7670d6f8b95 Environment-variable access.
repo/.agents/verify/scripts/start-s3.mjs:11
const directory = path.resolve(process.env.S3_DATA_DIR || '.records/data/agent-testing-s3');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3245b3bf3b8b94bb Environment-variable access.
repo/.agents/verify/scripts/start-s3.mjs:14
for (const candidate of [process.env.APP_URL, process.env.S3_ALLOWED_ORIGIN]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0c0b34f0ec3801e7 Environment-variable access.
repo/.agents/verify/scripts/start-s3.mjs:23
for (const candidatePort of [process.env.PORT, process.env.SPA_PORT, process.env.VITE_DEV_PORT]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #b93c55b82880f690 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/.github/scripts/auto-close-duplicates.ts:35
  const response = await fetch(`https://api.github.com${endpoint}`, {
    headers: {
      'Accept': 'application/vnd.github.v3+json',
      'Authorization': `Bearer ${token}`,
      'User-Agent': 'auto-close-duplicates-script',
      ...(body && { 'Content-Type': 'application/json' }),
    },
    method,
    ...(body && { body: JSON.stringify(body) }),
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #a4d4fdbdddd80af8 Environment-variable access.
repo/.github/scripts/auto-close-duplicates.ts:94
  const token = process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59f57ff2e299e10d Environment-variable access.
repo/.github/scripts/auto-close-duplicates.ts:100
  const owner = process.env.GITHUB_REPOSITORY_OWNER || 'lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #67d7559331ec6a8e Environment-variable access.
repo/.github/scripts/auto-close-duplicates.ts:101
  const repo = process.env.GITHUB_REPOSITORY_NAME || 'lobe-chat';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #4e28ca10a5d882ff PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:150 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:150
    console.log(`[DEBUG] Issue #${issue.number} has ${comments.length} comments`);

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #4e42b732df873ffc PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:158 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:158
    console.log(
      `[DEBUG] Issue #${issue.number} has ${dupeComments.length} duplicate detection comments`,
    );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #135ee62c0cfd3925 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:170 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:170
    console.log(
      `[DEBUG] Issue #${
        issue.number
      } - most recent duplicate comment from: ${dupeCommentDate.toISOString()}`,
    );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #c37ded42838de404 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:180 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:180
    console.log(
      `[DEBUG] Issue #${issue.number} - duplicate comment is old enough (${Math.floor(
        (Date.now() - dupeCommentDate.getTime()) / (1000 * 60 * 60 * 24),
      )} days)`,
    );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #812bc38911f9e820 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:189 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:189
    console.log(
      `[DEBUG] Issue #${issue.number} - ${commentsAfterDupe.length} comments after duplicate detection`,
    );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #690f4fe1b3729f4b PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:206 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:206
    console.log(
      `[DEBUG] Issue #${issue.number} - duplicate comment has ${reactions.length} reactions`,
    );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #518c75ac569ca86d PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:213 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:213
    console.log(
      `[DEBUG] Issue #${issue.number} - author thumbs down reaction: ${authorThumbsDown}`,
    );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #1524c40aa3756b5e PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:237 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:237
      console.log(
        `[INFO] Auto-closing issue #${issue.number} as duplicate of #${duplicateIssueNumber}: ${issueUrl}`,
      );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #54828f7845aca33a PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-close-duplicates.ts:241 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:94 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-close-duplicates.ts:241
      console.log(
        `[SUCCESS] Successfully closed issue #${issue.number} as duplicate of #${duplicateIssueNumber}`,
      );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low egress test-only Excluded from app score #57df1c624d4dc58f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/.github/scripts/auto-handle-mcp-submission.ts:59
  const response = await fetch(`https://api.github.com${endpoint}`, {
    headers: {
      'Accept': 'application/vnd.github+json',
      'Authorization': `Bearer ${token}`,
      'User-Agent': 'auto-handle-mcp-submission-script',
      ...(body ? { 'Content-Type': 'application/json' } : {}),
    },
    method,
    ...(body ? { body: JSON.stringify(body) } : {}),
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #d3d85269677cf090 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/.github/scripts/auto-handle-mcp-submission.ts:119
  const res = await fetch(
    `https://api.github.com/repos/${owner}/${repo}/labels/${encodeURIComponent(name)}`,
    {
      headers: {
        'Accept': 'application/vnd.github+json',
        'Authorization': `Bearer ${token}`,
        'User-Agent': 'auto-handle-mcp-submission-script',
      },
    },
  );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #c2fcf2dcd8009184 Environment-variable access.
repo/.github/scripts/auto-handle-mcp-submission.ts:157
  const token = process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #670223c9b849222a Environment-variable access.
repo/.github/scripts/auto-handle-mcp-submission.ts:160
  const owner = process.env.GITHUB_REPOSITORY_OWNER || 'lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #99e27e4a7b95a583 Environment-variable access.
repo/.github/scripts/auto-handle-mcp-submission.ts:161
  const repo = process.env.GITHUB_REPOSITORY_NAME || 'lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #97b2b92a8a268a8a Environment-variable access.
repo/.github/scripts/auto-handle-mcp-submission.ts:162
  const issueNumber = Number(process.env.ISSUE_NUMBER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #a6d68be69d95a070 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-handle-mcp-submission.ts:184 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-handle-mcp-submission.ts:157 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-handle-mcp-submission.ts:184
  console.log(`[INFO] Classification: ${kind} — ${reason}`);

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #1d6739b94c463b14 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-handle-mcp-submission.ts:185 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-handle-mcp-submission.ts:157 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-handle-mcp-submission.ts:185
  if (repoUrl) console.log(`[INFO] Extracted repo: ${repoUrl}`);

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low pii_flow test-only Excluded from app score #abe337fd72fa61ea PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/auto-handle-mcp-submission.ts:235 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-handle-mcp-submission.ts:157 → /tmp/closeopen-4_u_15or/repo/.github/scripts/auto-handle-mcp-submission.ts:235
    console.log(
      `[DONE] ${delivery} delivery — left open for manual handling (no comment, no close)`,
    );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #5354f16834e45fca Environment-variable access.
repo/.github/scripts/create-failure-issue.js:13
    validateEnv: process.env.ERROR_VALIDATE_ENV || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #11f29616f816ef40 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:14
    rebaseAttempt: process.env.ERROR_REBASE_ATTEMPT || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #55d1a74998baf0ac Environment-variable access.
repo/.github/scripts/create-failure-issue.js:15
    createBranch: process.env.ERROR_CREATE_BRANCH || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bfafb9436a34b8de Environment-variable access.
repo/.github/scripts/create-failure-issue.js:16
    installDeps: process.env.ERROR_INSTALL_DEPS || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #18bbfb15de1175b3 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:17
    runI18n: process.env.ERROR_RUN_I18N || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #92ebe6f905fb541b Environment-variable access.
repo/.github/scripts/create-failure-issue.js:18
    commitPush: process.env.ERROR_COMMIT_PUSH || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #953ef911ac936667 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:23
    validateEnv: process.env.STEP_VALIDATE_ENV || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5306ac2f42d7e7ee Environment-variable access.
repo/.github/scripts/create-failure-issue.js:24
    checkBranch: process.env.STEP_CHECK_BRANCH || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5864787afc546b3b Environment-variable access.
repo/.github/scripts/create-failure-issue.js:25
    rebaseAttempt: process.env.STEP_REBASE_ATTEMPT || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #938ba38b3b0974f1 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:26
    createBranch: process.env.STEP_CREATE_BRANCH || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a2b46c8c3d2a3cea Environment-variable access.
repo/.github/scripts/create-failure-issue.js:27
    installDeps: process.env.STEP_INSTALL_DEPS || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #377dafdc627cf503 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:28
    runI18n: process.env.STEP_RUN_I18N || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b9bc864e67fbfc34 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:29
    commitPush: process.env.STEP_COMMIT_PUSH || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c542b46efcbda257 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:30
    createPr: process.env.STEP_CREATE_PR || 'Not run',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0cbb2c911a39a3f0 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:77
- **Runner OS:** ${process.env.RUNNER_OS || 'Unknown'}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0fbf215eed429e7 Environment-variable access.
repo/.github/scripts/create-failure-issue.js:78
- **Bun Version:** ${process.env.BUN_VERSION || 'Default'}

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #9eddb8cd049f2369 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/.github/scripts/should-run-dedupe.ts:39
  const response = await fetch(`https://api.github.com${endpoint}`, {
    headers: {
      'Accept': 'application/vnd.github+json',
      'Authorization': `Bearer ${token}`,
      'User-Agent': 'should-run-dedupe-script',
    },
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #c1b268d700e2083c Environment-variable access.
repo/.github/scripts/should-run-dedupe.ts:63
  const outputPath = process.env.GITHUB_OUTPUT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d6059dd2fde41890 Environment-variable access.
repo/.github/scripts/should-run-dedupe.ts:105
  const token = process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d5f278b40d390be2 Environment-variable access.
repo/.github/scripts/should-run-dedupe.ts:108
  const repository = process.env.GITHUB_REPOSITORY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a1f23091b540ebd8 Environment-variable access.
repo/.github/scripts/should-run-dedupe.ts:110
  const owner = process.env.GITHUB_REPOSITORY_OWNER || repositoryOwner || 'lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d74a50215703990 Environment-variable access.
repo/.github/scripts/should-run-dedupe.ts:111
  const repo = process.env.GITHUB_REPOSITORY_NAME || repositoryName || 'lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bf346b030e94f495 Environment-variable access.
repo/.github/scripts/should-run-dedupe.ts:112
  const issueNumber = Number(process.env.ISSUE_NUMBER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #38bffa3144ade5c0 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/.github/scripts/should-run-dedupe.ts:121 · flow /tmp/closeopen-4_u_15or/repo/.github/scripts/should-run-dedupe.ts:105 → /tmp/closeopen-4_u_15or/repo/.github/scripts/should-run-dedupe.ts:121
  console.log(
    `[INFO] Dedupe preflight for ${owner}/${repo}#${issueNumber}: ${
      decision.shouldDedupe ? 'run' : 'skip'
    } - ${decision.reason}`,
  );

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs production #679ffac07024a632 Filesystem access.
repo/.i18nrc.js:37
      fs.readFileSync(path.join(__dirname, 'docs/glossary.mdx'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ff9f2883b8ad1660 Environment-variable access.
repo/apps/cli/e2e/agent-fs-vfs.e2e.test.ts:16
const AGENT_ID = process.env.AGENT_FS_E2E_AGENT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3de201948b9ffcbb Environment-variable access.
repo/apps/cli/e2e/agent-fs-vfs.e2e.test.ts:17
const CLI = process.env.LH_CLI_PATH || 'LOBEHUB_CLI_HOME=.lobehub-dev bun src/index.ts';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7d0e04f3928d5ed5 Environment-variable access.
repo/apps/cli/e2e/agent-fs-vfs.e2e.test.ts:23
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1cff6d82c1b09b4b Environment-variable access.
repo/apps/cli/e2e/agent-signal.e2e.test.ts:26
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #edd950c52fed4b47 Environment-variable access.
repo/apps/cli/e2e/agent-signal.e2e.test.ts:27
const AGENT_ID = process.env.AGENT_SIGNAL_AGENT_ID || process.env.AGENT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #743943fac337b427 Filesystem access.
repo/apps/cli/e2e/agent-signal.e2e.test.ts:33
const golden = JSON.parse(readFileSync(goldenPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #69db66314a236f13 Environment-variable access.
repo/apps/cli/e2e/agent-signal.e2e.test.ts:38
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5978a0e611ce8159 Environment-variable access.
repo/apps/cli/e2e/agent.e2e.test.ts:18
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ed895c6e552bcb16 Environment-variable access.
repo/apps/cli/e2e/agent.e2e.test.ts:24
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #99a2cb66af137489 Environment-variable access.
repo/apps/cli/e2e/doc.e2e.test.ts:19
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4a58cba95eb7cb57 Environment-variable access.
repo/apps/cli/e2e/doc.e2e.test.ts:25
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #190b420057d99547 Filesystem access.
repo/apps/cli/e2e/doc.e2e.test.ts:146
      fs.writeFileSync(tmpFile, '# File Content\nFrom body-file flag');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b5c0b43be4f9a5c1 Filesystem access.
repo/apps/cli/e2e/doc.e2e.test.ts:197
      fs.writeFileSync(tmpFile, '# Created from file\nTest content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #689067e0244eb776 Filesystem access.
repo/apps/cli/e2e/doc.e2e.test.ts:229
      fs.writeFileSync(tmpFile, JSON.stringify(docs));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #731d31973b850d57 Environment-variable access.
repo/apps/cli/e2e/file.e2e.test.ts:17
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d3716d0fed8f0e02 Environment-variable access.
repo/apps/cli/e2e/file.e2e.test.ts:23
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ffe9ebc17b057c26 Filesystem access.
repo/apps/cli/e2e/file.e2e.test.ts:88
      fs.writeFileSync(tmpFile, 'hello from lh e2e upload');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2ec94fda900814c0 Filesystem access.
repo/apps/cli/e2e/file.e2e.test.ts:101
      fs.writeFileSync(tmpFile, 'hello from lh e2e --file upload');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f620421314010bbb Environment-variable access.
repo/apps/cli/e2e/generate.e2e.test.ts:14
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7972ec8a5c591349 Environment-variable access.
repo/apps/cli/e2e/generate.e2e.test.ts:20
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0ebfa10d0ef0026c Environment-variable access.
repo/apps/cli/e2e/kb.e2e.test.ts:19
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9ee0422bb53380c4 Environment-variable access.
repo/apps/cli/e2e/kb.e2e.test.ts:25
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #366b703007b50af8 Filesystem access.
repo/apps/cli/e2e/kb.e2e.test.ts:221
      fs.writeFileSync(tmpFile, 'E2E upload test content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #89e8c064c386da36 Environment-variable access.
repo/apps/cli/e2e/memory.e2e.test.ts:16
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3885173a4a908bde Environment-variable access.
repo/apps/cli/e2e/memory.e2e.test.ts:22
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0215dd8170c0c6b0 Environment-variable access.
repo/apps/cli/e2e/message.e2e.test.ts:14
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #956dbfff30232285 Environment-variable access.
repo/apps/cli/e2e/message.e2e.test.ts:20
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5786471388d407ff Environment-variable access.
repo/apps/cli/e2e/model.e2e.test.ts:17
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #49efc15bca7935b3 Environment-variable access.
repo/apps/cli/e2e/model.e2e.test.ts:24
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7d724a8ed945af34 Environment-variable access.
repo/apps/cli/e2e/plugin.e2e.test.ts:14
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f70c1cb6a4d9b0fa Environment-variable access.
repo/apps/cli/e2e/plugin.e2e.test.ts:20
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bb665c228bcf5de6 Environment-variable access.
repo/apps/cli/e2e/provider.e2e.test.ts:16
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #42121bce99f303f8 Environment-variable access.
repo/apps/cli/e2e/provider.e2e.test.ts:22
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f75f4231231a1036 Environment-variable access.
repo/apps/cli/e2e/search.e2e.test.ts:14
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #37cc6c773193cbd6 Environment-variable access.
repo/apps/cli/e2e/search.e2e.test.ts:20
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f253bfe5dc4ca774 Environment-variable access.
repo/apps/cli/e2e/skill.e2e.test.ts:16
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7772468cc4c1d6fd Environment-variable access.
repo/apps/cli/e2e/skill.e2e.test.ts:22
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #40ea8dd889240dbe Environment-variable access.
repo/apps/cli/e2e/topic.e2e.test.ts:16
const CLI = process.env.LH_CLI_PATH || 'lh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c39569be7e13257c Environment-variable access.
repo/apps/cli/e2e/topic.e2e.test.ts:22
    env: { ...process.env, PATH: `${process.env.HOME}/.bun/bin:${process.env.PATH}` },

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bf8fda73c645fa02 Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm-analyze.mjs:99
  const raw = await readFile(tracePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8d59cd3c938019f6 Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm-analyze.mjs:204
  const raw = await readFile(resultPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8eee7455cc0d4e1a Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm-analyze.mjs:209
    await writeFile(resultPath, `${JSON.stringify(result, null, 2)}\n`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0ace5ccc4691f1e Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:99
    checkItemId: process.env.AGENT_BROWSER_KLM_CHECK || process.env.KLM_CHECK_ITEM_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #53974e12cd2b6c4a Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:100
    label: process.env.AGENT_BROWSER_KLM_LABEL || process.env.KLM_LABEL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #672813f98f898807 Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:101
    phaseId: process.env.AGENT_BROWSER_KLM_PHASE || process.env.KLM_PHASE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2d4812f511cfb4fd Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:102
    surface: process.env.AGENT_BROWSER_KLM_SURFACE || process.env.KLM_SURFACE || 'web',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e25b42bead2daf70 Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:103
    commandTimeoutMs: parseNumber(process.env.AGENT_BROWSER_KLM_COMMAND_TIMEOUT_MS, undefined),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6492c0aa2ee06092 Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:105
      process.env.AGENT_BROWSER_KLM_TRACE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #408a6d0d6f2903fc Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:106
      process.env.INTERACTION_TRACE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1ebc4f32c3fcb89c Environment-variable access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:109
  let binary = process.env.AGENT_BROWSER_BIN || 'agent-browser';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a898394f54224dbf Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/agent-browser-klm.mjs:325
    const text = readFileSync(file, 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #09464cf47094c53d Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/cdp-capture.cjs:36
    const meta = JSON.parse(fs.readFileSync(metaPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #457c9ca06c8f66f3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/skills/agent-testing/scripts/cdp-capture.cjs:91
    const req = http.get({ host: '127.0.0.1', port: PORT, path }, (r) => {
      let d = '';
      r.on('data', (c) => (d += c));
      r.on('end', () => {
        try {
          res(JSON.parse(d));
        } catch (e) {
          rej(e);
        }
      });
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #3e4cda5906f1d103 Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/cdp-capture.cjs:164
  fs.writeFileSync(OUT, buf);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #62bc094735b256cb Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/fixture.mjs:101
  writeFileSync(join(dir, 'check.json'), JSON.stringify(template, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #76cc05cd593693c7 Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/fixture.mjs:111
    const check = JSON.parse(readFileSync(checkFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dbbf362550d1bfd2 Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/fixture.mjs:132
    const check = JSON.parse(readFileSync(checkFile, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d58cf0efd709e96 Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/fixture.mjs:187
  writeFileSync(join(dir, 'result.json'), JSON.stringify(result, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3f101346196a65a5 Filesystem access.
repo/apps/cli/skills/agent-testing/scripts/fixture.mjs:188
  writeFileSync(join(dir, 'report.md'), `${opts.title || slug}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d0b5976acdc83f7 Environment-variable access.
repo/apps/cli/src/api/client.ts:22
  const envJwt = process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8aaffdf58a8539b2 Environment-variable access.
repo/apps/cli/src/api/client.ts:32
  const envApiKey = process.env[CLI_API_KEY_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cd899dc6284815b8 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:19
  const originalJwt = process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #74499a8fc77ec2f2 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:20
  const originalWorkspaceId = process.env.LOBEHUB_WORKSPACE_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #30be36418a2dd90c Environment-variable access.
repo/apps/cli/src/api/http.test.ts:24
    delete process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8041328b246e22f9 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:25
    delete process.env.LOBEHUB_WORKSPACE_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dc04d423ee8fe5f9 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:29
    if (originalJwt === undefined) delete process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #aa1da6791412765e Environment-variable access.
repo/apps/cli/src/api/http.test.ts:30
    else process.env.LOBEHUB_JWT = originalJwt;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #13a3b9bddda99fb0 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:32
    if (originalWorkspaceId === undefined) delete process.env.LOBEHUB_WORKSPACE_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1cc6862018e4e52b Environment-variable access.
repo/apps/cli/src/api/http.test.ts:33
    else process.env.LOBEHUB_WORKSPACE_ID = originalWorkspaceId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9d45883f406cf315 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:37
    process.env.LOBEHUB_JWT = 'env-jwt';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5232fd9a881ffd2e Environment-variable access.
repo/apps/cli/src/api/http.test.ts:38
    process.env.LOBEHUB_WORKSPACE_ID = 'workspace-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c7ab91c386748466 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:56
    process.env.LOBEHUB_WORKSPACE_ID = 'workspace-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6edd485d03a44aa8 Environment-variable access.
repo/apps/cli/src/api/http.test.ts:71
    process.env.LOBEHUB_JWT = 'env-jwt';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4b3d0a448bc4912f Environment-variable access.
repo/apps/cli/src/api/http.test.ts:72
    process.env.LOBEHUB_WORKSPACE_ID = 'workspace-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bea1b1ceea90fec9 Environment-variable access.
repo/apps/cli/src/api/http.ts:16
  const envJwt = process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95202a631d4e8294 Environment-variable access.
repo/apps/cli/src/api/http.ts:33
    if (process.env[CLI_API_KEY_ENV]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38e25e6f25f853c4 Environment-variable access.
repo/apps/cli/src/api/http.ts:80
  const envJwt = process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85a42a371fc649ea Environment-variable access.
repo/apps/cli/src/api/http.ts:90
  const envApiKey = process.env[CLI_API_KEY_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d19f31f9326e72c Environment-variable access.
repo/apps/cli/src/api/workspace.ts:10
  const fromEnv = process.env.LOBEHUB_WORKSPACE_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #72054eb957d7a2f9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/auth/apiKey.ts:16
  const response = await fetch(`${normalizedServerUrl}/api/v1/users/me?includeCount=0`, {
    headers: {
      Authorization: `Bearer ${apiKey}`,
    },
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #979ff8a3d5e94827 Filesystem access.
repo/apps/cli/src/auth/credentials.test.ts:63
      const raw = fs.readFileSync(credentialsFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c7d206c9d7080403 Filesystem access.
repo/apps/cli/src/auth/credentials.test.ts:93
      fs.writeFileSync(credentialsFile, JSON.stringify(testCredentials));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dcf77a46c336d844 Filesystem access.
repo/apps/cli/src/auth/credentials.test.ts:100
      const raw = fs.readFileSync(credentialsFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3c6870369f201b9e Filesystem access.
repo/apps/cli/src/auth/credentials.test.ts:106
      fs.writeFileSync(credentialsFile, 'not-valid-base64-or-json!!!');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b28619b741fdbc3 Environment-variable access.
repo/apps/cli/src/auth/credentials.ts:12
const LOBEHUB_DIR_NAME = process.env.LOBEHUB_CLI_HOME || '.lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9ce1f1bad203431 Filesystem access.
repo/apps/cli/src/auth/credentials.ts:48
  fs.writeFileSync(CREDENTIALS_FILE, encrypted, { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e23b92b47b2e2f20 Filesystem access.
repo/apps/cli/src/auth/credentials.ts:53
    const data = fs.readFileSync(CREDENTIALS_FILE, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0bf5fd5244dde5b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/auth/refresh.ts:52
    const res = await fetch(`${serverUrl}/oidc/token`, {
      body: new URLSearchParams({
        client_id: CLIENT_ID,
        grant_type: 'refresh_token',
        refresh_token: refreshToken,
      }),
      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #7e3860b1e777bb5f Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:16
    (process.env.LOBEHUB_SERVER || 'https://app.lobehub.com').replace(/\/$/, ''),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3cba32deb9fc0e30 Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:37
  const originalApiKey = process.env.LOBEHUB_CLI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9f25a45f1d81450e Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:38
  const originalJwt = process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c814c75b5fad6645 Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:39
  const originalServer = process.env.LOBEHUB_SERVER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4d6796d60d075d3e Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:45
    delete process.env.LOBEHUB_CLI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #587c3e8076583eda Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:46
    delete process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #302a6db1b23fb980 Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:47
    delete process.env.LOBEHUB_SERVER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f1384f4ab6b0069a Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:51
    process.env.LOBEHUB_CLI_API_KEY = originalApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #329ed55564b7266f Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:52
    process.env.LOBEHUB_JWT = originalJwt;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d9aa27c74070a117 Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:53
    process.env.LOBEHUB_SERVER = originalServer;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8087a2d0c87f276b Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:109
      process.env.LOBEHUB_CLI_API_KEY = 'sk-lh-test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a02c027c92b8b61a Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:124
      process.env.LOBEHUB_CLI_API_KEY = 'sk-lh-test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a54100856eb51f3d Environment-variable access.
repo/apps/cli/src/auth/resolveToken.test.ts:125
      process.env.LOBEHUB_SERVER = 'https://self-hosted.example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d275c803b9f5bc3d Environment-variable access.
repo/apps/cli/src/auth/resolveToken.ts:38
  const envJwt = process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9b902f7d185b6b6 Environment-variable access.
repo/apps/cli/src/auth/resolveToken.ts:73
  const envApiKey = process.env[CLI_API_KEY_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e9f038be58b67daf Filesystem access.
repo/apps/cli/src/commands/agent.test.ts:162
    await writeFile(graphFile, JSON.stringify(graph), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ec1a4ab8bc88b8a Filesystem access.
repo/apps/cli/src/commands/agent.ts:22
  const content = await readFile(graphFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #710203659577b216 Filesystem access.
repo/apps/cli/src/commands/agent/spaceFs.ts:275
    return readFileSync(options.contentFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e76c6cf533be0056 Filesystem access.
repo/apps/cli/src/commands/botMessage.test.ts:99
    await writeFile(filePath, 'hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be61a2a7e1185edd Filesystem access.
repo/apps/cli/src/commands/botMessage.ts:87
  const bytes = await readFile(raw);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bd3d2b4430a8b457 Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:8
  const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #933081010e2c5622 Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:16
    delete process.env.LOBEHUB_COMP_CWORD;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6c810c31c97e1596 Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:17
    process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #faf1a57aa4969c2f Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:39
    process.env.SHELL = '/bin/zsh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #314266286bad8ad1 Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:58
    process.env.LOBEHUB_COMP_CWORD = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #952082eb60f8f7c3 Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:67
    process.env.LOBEHUB_COMP_CWORD = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d21c25f9bc4a7ed2 Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:76
    process.env.LOBEHUB_COMP_CWORD = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9653a1337be58a90 Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:85
    process.env.LOBEHUB_COMP_CWORD = '2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cf7aceabdf5b37be Environment-variable access.
repo/apps/cli/src/commands/completion.test.ts:94
    process.env.LOBEHUB_COMP_CWORD = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4313a2511d4669fb Environment-variable access.
repo/apps/cli/src/commands/completion.ts:23
      const currentWordIndex = parseCompletionWordIndex(process.env.LOBEHUB_COMP_CWORD, words);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2174ed5ac3902c27 Environment-variable access.
repo/apps/cli/src/commands/connect.ts:106
      const isServiceChild = options.serviceChild || process.env.LOBEHUB_CONNECT_SERVICE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #767c3698e48ee7df Environment-variable access.
repo/apps/cli/src/commands/connect.ts:108
        options.daemonChild || isServiceChild || process.env.LOBEHUB_DAEMON === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd33479afae4ad98 Environment-variable access.
repo/apps/cli/src/commands/connect.ts:369
  const channel = process.env.LOBEHUB_CLI_CHANNEL || 'cli';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33c92cd0d44aa05c Filesystem access.
repo/apps/cli/src/commands/doc.ts:18
    return fs.readFileSync(options.bodyFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ae2f6eddf9008f8 Filesystem access.
repo/apps/cli/src/commands/doc.ts:168
        const raw = fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d7613ee008b1617b Filesystem access.
repo/apps/cli/src/commands/file.test.ts:220
      fs.writeFileSync(tmpFile, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #435a066fd7424e94 Filesystem access.
repo/apps/cli/src/commands/file.test.ts:257
      fs.writeFileSync(tmpFile, '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ea80c467253270e5 Filesystem access.
repo/apps/cli/src/commands/file.test.ts:281
      fs.writeFileSync(tmpFile, 'dedup me');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #13444ee2df53907c Filesystem access.
repo/apps/cli/src/commands/generate.test.ts:376
      await fsWriteFile(bigPath, Buffer.alloc(4 * 1024 * 1024));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7501ac4e0db952c Filesystem access.
repo/apps/cli/src/commands/generate/asr.ts:59
            await writeFile(tempPath, downloaded.bytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d58f7c7d81784c5 Filesystem access.
repo/apps/cli/src/commands/generate/asr.ts:90
            const bytes = await readFile(localPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6d5c79ef8be8f53b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/commands/generate/asr.ts:142
  const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #aff10b446fe27f17 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/commands/generate/index.ts:173
            const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e85c5604d2f68f2c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/commands/generate/text.ts:71
        const res = await fetch(`${serverUrl}/webapi/chat/${provider}`, {
          body: JSON.stringify(payload),
          headers,
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1a2a5c43fbdc3338 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/commands/generate/tts.ts:40
        const res = await fetch(`${serverUrl}/webapi/tts/openai`, {
          body: JSON.stringify(payload),
          headers,
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #7b01a0ebba12a18c Filesystem access.
repo/apps/cli/src/commands/generate/tts.ts:54
        writeFileSync(options.output, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f1583b314ebf3218 Filesystem access.
repo/apps/cli/src/commands/hetero.test.ts:463
    await writeFile(
      file,
      JSON.stringify([
        { text: 'analyze', type: 'text' },
        { source: { type: 'url', url: 'https://x/y.png' }, type: 'image' },
      ]),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5f40db05de7ca656 Filesystem access.
repo/apps/cli/src/commands/hetero.test.ts:1304
    const meta = JSON.parse(await readFile(path.join(sessionDir, 'meta.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4bc2c59e97f609f6 Filesystem access.
repo/apps/cli/src/commands/hetero.test.ts:1308
    const stderrDump = await readFile(path.join(sessionDir, 'attempt-1.stderr.log'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac75c55455daf258 Filesystem access.
repo/apps/cli/src/commands/hetero.ts:149
  return readFile(location, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f7b01529d2795fb Filesystem access.
repo/apps/cli/src/commands/hetero.ts:291
      await writeFile(
        path.join(dir, 'meta.json'),
        `${JSON.stringify({ ...meta, operationId, startedAt: new Date().toISOString() }, null, 2)}\n`,
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19b86bb6f53dc8eb Environment-variable access.
repo/apps/cli/src/commands/hetero.ts:397
      process.env.LOBEHUB_ASSISTANT_MESSAGE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd4e19e29215bec2 Filesystem access.
repo/apps/cli/src/commands/hetero.ts:432
    await writeFile(
      askMcpConfigPath,
      JSON.stringify({
        mcpServers: {
          lobe_cc: {
            alwaysLoad: true,
            type: 'http',
            url: askServer.urlForOperation(operationId),
          },
        },
      }),
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c4b109b404f23a39 Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:44
  const originalApiKey = process.env.LOBEHUB_CLI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #261a613d64f6ca08 Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:45
  const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4daace4b4d02c44c Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:46
  const originalPathext = process.env.PATHEXT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #19d5050420424141 Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:47
  const originalSystemRoot = process.env.SystemRoot;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6a86ca63a88cb73c Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:54
    delete process.env.LOBEHUB_CLI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b4e39f1936c713ba Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:60
    process.env.LOBEHUB_CLI_API_KEY = originalApiKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8ca722ad06a5aa88 Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:61
    process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ee0d4d91906dbe03 Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:62
    process.env.PATHEXT = originalPathext;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #701ce92b09c89e69 Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:63
    process.env.SystemRoot = originalSystemRoot;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a72cdd2dc72cd420 Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:145
    process.env.LOBEHUB_CLI_API_KEY = 'sk-lh-env-test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #588584dccfb893ad Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:187
    process.env.LOBEHUB_CLI_API_KEY = 'sk-lh-env-test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0833e9327d0060f Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:346
    process.env.PATH = 'C:\\Tools';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e2bf7ad2b84a229c Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:347
    process.env.PATHEXT = '.EXE;.CMD';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5acb16bf9a6bb61d Environment-variable access.
repo/apps/cli/src/commands/login.test.ts:348
    process.env.SystemRoot = 'C:\\Windows';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1272ba0bea03d53a Environment-variable access.
repo/apps/cli/src/commands/login.ts:65
      const apiKey = process.env[CLI_API_KEY_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b2d504d6a97c964d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/commands/login.ts:98
        const res = await fetch(`${serverUrl}/oidc/device/auth`, {
          body: new URLSearchParams({
            client_id: CLIENT_ID,
            resource: 'urn:lobehub:chat',
            scope: SCOPES,
          }),
          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b6fbbbab1f694ed8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/commands/login.ts:151
          const res = await fetch(`${serverUrl}/oidc/token`, {
            body: new URLSearchParams({
              client_id: CLIENT_ID,
              device_code: deviceAuth.device_code,
              grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
            }),
            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
            method: 'POST',
          });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #7e3e01adc5506066 Environment-variable access.
repo/apps/cli/src/commands/login.ts:270
  const pathValue = process.env.PATH || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a20c321036a2a950 Environment-variable access.
repo/apps/cli/src/commands/login.ts:275
    const pathext = (process.env.PATHEXT || '.COM;.EXE;.BAT;.CMD').split(';').filter(Boolean);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aadbcba6a58d7dfe Environment-variable access.
repo/apps/cli/src/commands/login.ts:280
    const systemRoot = process.env.SystemRoot || process.env.WINDIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c083cb9217ac6885 Filesystem access.
repo/apps/cli/src/commands/migrate/openclaw.test.ts:71
  fs.writeFileSync(fullPath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1abb91c99ec4c04e Filesystem access.
repo/apps/cli/src/commands/migrate/openclaw.test.ts:277
      fs.writeFileSync(binPath, Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x00, 0x00, 0x01]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddf03426d9f9221d Filesystem access.
repo/apps/cli/src/commands/migrate/openclaw.ts:198
    const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec0dd9259a4d4924 Filesystem access.
repo/apps/cli/src/commands/migrate/openclaw.ts:231
    ig.add(fs.readFileSync(gitignorePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b401d0ec935eb988 Filesystem access.
repo/apps/cli/src/commands/migrate/openclaw.ts:432
            const content = fs.readFileSync(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f7a0d0cc542841a Filesystem access.
repo/apps/cli/src/commands/topic.ts:149
        const content = fs.readFileSync(options.file, 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fddfab8fb230fa15 Environment-variable access.
repo/apps/cli/src/commands/update.ts:31
  const ua = process.env.npm_config_user_agent;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #613c1b87a94a608d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/commands/update.ts:88
  const res = await fetch(url, { headers: { accept: 'application/json' } });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #4169331c9ae03691 Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:215
    expect(readFileSync(path.join(skillDir, 'SKILL.md'), 'utf8')).toBe('# Verify SKILL');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9b125dc785772262 Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:216
    expect(readFileSync(path.join(skillDir, 'references/plan-format.md'), 'utf8')).toBe('plan');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c74d207b730f4f94 Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:217
    expect(readFileSync(path.join(skillDir, 'surfaces/cli.md'), 'utf8')).toBe('cli');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f85c9b1d66984878 Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:233
    expect(readFileSync(skillFile, 'utf8')).toBe('# Verify SKILL');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b16c3b8e5000dbe0 Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:236
    expect(readFileSync(skillFile, 'utf8')).toBe('# Updated SKILL');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9217d599f38e91f7 Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:470
    writeFileSync(path.join(dir, 'result.json'), JSON.stringify({ cases: [] }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e1aa3c8d56bd9e2a Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:471
    process.env.LOBEHUB_TOPIC_ID = 'topic-1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0ab034829f06232 Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:476
    delete process.env.LOBEHUB_TOPIC_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #be8d84a8ade6100e Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:507
    writeFileSync(
      path.join(dir, 'result.json'),
      JSON.stringify({
        cases: [],
        context: { question: 'How mature is X?', sourceCount: 8 },
        scenario: 'research',
      }),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #76d60aec71b77b4a Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:531
    writeFileSync(
      path.join(dir, 'result.json'),
      JSON.stringify({
        cases: [],
        context: { question: 'How mature is X?' },
        scenario: 'research',
      }),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e45f178c3434682f Filesystem access.
repo/apps/cli/src/commands/verify.test.ts:553
    writeFileSync(path.join(dir, 'result.json'), JSON.stringify({ cases: [], scenario: 'poetry' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f7df07a3d57126d4 Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:683
    process.env.LOBEHUB_AGENT_ID = 'agt_1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7823f9713340796b Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:684
    process.env.LOBEHUB_TOPIC_ID = 'tpc_1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #32c41555396aeb14 Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:685
    process.env.LOBEHUB_OPERATION_ID = 'op_1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9d1284314ee9de7b Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:698
    process.env.LOBEHUB_OPERATION_ID = 'op_authoring_run';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #301b4d12c5f70d78 Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:706
    delete process.env.LOBEHUB_AGENT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1dce4f8db51530f7 Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:707
    delete process.env.LOBEHUB_TOPIC_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #be1675e056585add Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:708
    delete process.env.LOBEHUB_OPERATION_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #509e69e47135c8e7 Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:740
    process.env.LOBEHUB_TOPIC_ID = 'tpc_1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3c90eae9958e66cb Environment-variable access.
repo/apps/cli/src/commands/verify.test.ts:746
    delete process.env.LOBEHUB_TOPIC_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89498553ba15df2c Filesystem access.
repo/apps/cli/src/commands/verify.ts:98
    const buffer = readFileSync(file);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aee7f45538698dee Environment-variable access.
repo/apps/cli/src/commands/verify.ts:437
    agentId: firstString(process.env.LOBEHUB_AGENT_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8e404940f1c0365 Environment-variable access.
repo/apps/cli/src/commands/verify.ts:438
    operationId: firstString(process.env.LOBEHUB_OPERATION_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18a42f5d62be2e84 Environment-variable access.
repo/apps/cli/src/commands/verify.ts:439
    topicId: firstString(process.env.LOBEHUB_TOPIC_ID),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2efbbe5a558d8969 Environment-variable access.
repo/apps/cli/src/commands/verify.ts:514
  const topicId = firstString(process.env.LOBEHUB_TOPIC_ID);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08a53c58ceee6fef Filesystem access.
repo/apps/cli/src/commands/verify.ts:571
          writeFileSync(dest, content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1ffa2fdd199d13e Filesystem access.
repo/apps/cli/src/commands/verify.ts:1424
          result = JSON.parse(readFileSync(resultPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c87205d757ec86d4 Filesystem access.
repo/apps/cli/src/commands/verify.ts:1433
        const content = existsSync(reportMdPath) ? readFileSync(reportMdPath, 'utf8') : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a86d7319391891f6 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:38
  writeFileSync(path.join(dir, 'SKILL.md'), '# agent-testing');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0518558ff23b8d2 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:39
  writeFileSync(path.join(dir, 'scripts', 'run.sh'), '#!/bin/sh\necho hi\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d16002db1f3b947a Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:40
  writeFileSync(path.join(dir, 'scripts', 'analyze.mjs'), 'console.log(1)');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #412ac9559b070f37 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:41
  writeFileSync(path.join(dir, 'scripts', 'note.txt'), 'not executable');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8895e898b38f88d8 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:89
    expect(readFileSync(path.join(target, 'SKILL.md'), 'utf8')).toBe('# agent-testing');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e5e2cb17f1e811f5 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:91
    const meta = JSON.parse(readFileSync(path.join(target, '.skill-meta.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dcdf0e925d27aed8 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:109
    const meta = JSON.parse(readFileSync(path.join(target, '.skill-meta.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2e91b6225f33a6c5 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:131
    const meta = JSON.parse(readFileSync(path.join(target, '.skill-meta.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ee8b4563cce93d15 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:192
    writeFileSync(path.join(bundleDir, 'SKILL.md'), '# agent-testing v2');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #136d2f2f0d606107 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:197
    expect(readFileSync(path.join(target, 'SKILL.md'), 'utf8')).toBe('# agent-testing v2');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #40c00658e2640114 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:198
    const meta = JSON.parse(readFileSync(path.join(target, '.skill-meta.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #530f4efa007d6cbc Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:235
    writeFileSync(path.join(target, 'SKILL.md'), '# hand-written predecessor');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c56122ee74fc2598 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:239
    expect(readFileSync(path.join(target, 'SKILL.md'), 'utf8')).toBe('# hand-written predecessor');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3cfacc4164f2721c Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:243
    expect(readFileSync(path.join(target, 'SKILL.md'), 'utf8')).toBe('# agent-testing');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #69032d93f53e80e5 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:252
    writeFileSync(path.join(target, 'SKILL.md'), '# hand-written predecessor');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c772a8215959da06 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:253
    writeFileSync(path.join(target, '.skill-meta.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8a8f44222b2c61fb Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:260
    expect(readFileSync(path.join(target, 'SKILL.md'), 'utf8')).toBe('# agent-testing');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7ed7fad3a00a6858 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:267
    writeFileSync(path.join(target, 'SKILL.md'), '# someone else’s skill');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7cea8841812b76d4 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:268
    writeFileSync(
      path.join(target, '.skill-meta.json'),
      JSON.stringify({ name: 'other', version: '999.0.0' }),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4fe8319c8b7b7c4b Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:275
    expect(readFileSync(path.join(target, 'SKILL.md'), 'utf8')).toBe('# someone else’s skill');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #591a0ab2dc3aaac5 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:279
    expect(readFileSync(path.join(target, 'SKILL.md'), 'utf8')).toBe('# agent-testing');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5e6a73c6e6957803 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:303
    expect(readFileSync(path.join(cwd, '.gitignore'), 'utf8')).toBe('.records/\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a9d3145a22ac23aa Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:309
    writeFileSync(path.join(cwd, '.gitignore'), 'node_modules/\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ab230207f9b04848 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:313
    const content = readFileSync(path.join(cwd, '.gitignore'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e635e662ebbbaf5b Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:318
    expect(readFileSync(path.join(cwd, '.gitignore'), 'utf8')).toBe(content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #913b11332f132a34 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:324
    writeFileSync(path.join(cwd, '.gitignore'), 'dist/\n.records/\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0c7b0e8fa2a532c4 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:328
    expect(readFileSync(path.join(cwd, '.gitignore'), 'utf8')).toBe('dist/\n.records/\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6168db1bd3d21a18 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:336
    writeFileSync(path.join(verifyAdapterDir, 'PROJECT.md'), 'existing adapter content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0daf947846992549 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.test.ts:340
    expect(readFileSync(path.join(verifyAdapterDir, 'PROJECT.md'), 'utf8')).toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0eb7dc8a15c1a3a6 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.ts:72
    const parsed = JSON.parse(readFileSync(metaPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a9a8b7ef04cabbe Filesystem access.
repo/apps/cli/src/commands/verifyInstall.ts:93
  writeFileSync(path.join(skillDir, '.skill-meta.json'), JSON.stringify(meta, null, 2) + '\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb7b9131358b62c5 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.ts:162
    writeFileSync(gitignorePath, `${GITIGNORE_ENTRY}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fee42952b6831e3 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.ts:166
  const content = readFileSync(gitignorePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #202c8f67cd964b31 Filesystem access.
repo/apps/cli/src/commands/verifyInstall.ts:174
  writeFileSync(
    gitignorePath,
    content + (needsLeadingNewline ? '\n' : '') + `${GITIGNORE_ENTRY}\n`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f42fee124e4bc2bb Filesystem access.
repo/apps/cli/src/daemon/manager.test.ts:72
      await writeFile(path.join(mockDir, 'daemon.pid'), 'not-a-number');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e48792c6a90ac560 Filesystem access.
repo/apps/cli/src/daemon/manager.test.ts:217
      const content = fs.readFileSync(getLogPath(), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7180dbd1e3c59210 Filesystem access.
repo/apps/cli/src/daemon/manager.test.ts:228
      await writeFile(logPath, bigContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #94699520be88f6b9 Filesystem access.
repo/apps/cli/src/daemon/manager.test.ts:240
      await writeFile(logPath, 'small content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6f6ae2a29e4abe70 Filesystem access.
repo/apps/cli/src/daemon/manager.test.ts:245
      expect(fs.readFileSync(logPath, 'utf8')).toBe('small content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6c94aa342b89907 Filesystem access.
repo/apps/cli/src/daemon/manager.ts:40
    const raw = fs.readFileSync(getPidPath(), 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69ab54ef00d1ad4e Filesystem access.
repo/apps/cli/src/daemon/manager.ts:50
  fs.writeFileSync(getPidPath(), String(pid), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ed98e7505b1dd94 Filesystem access.
repo/apps/cli/src/daemon/manager.ts:123
  fs.writeFileSync(getStatusPath(), JSON.stringify(status, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32aea59e3ff8bc86 Filesystem access.
repo/apps/cli/src/daemon/manager.ts:128
    return JSON.parse(fs.readFileSync(getStatusPath(), 'utf8')) as DaemonStatus;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a2a0624f442b93 Filesystem access.
repo/apps/cli/src/daemon/taskRegistry.ts:26
    return JSON.parse(fs.readFileSync(getRegistryPath(), 'utf8')) as Record<string, TaskEntry>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22d23b6fc37dc82d Filesystem access.
repo/apps/cli/src/daemon/taskRegistry.ts:35
  fs.writeFileSync(getRegistryPath(), JSON.stringify(entries, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84967d229859295a Filesystem access.
repo/apps/cli/src/man/generate.ts:14
  writeFile(`${outputDir}lh.1`, generateRootManPage(program, cliVersion)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93b6e8a3539d02f2 Filesystem access.
repo/apps/cli/src/man/generate.ts:15
  writeFile(`${outputDir}lobe.1`, generateAliasManPage('lh')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8de441d86681b350 Filesystem access.
repo/apps/cli/src/man/generate.ts:16
  writeFile(`${outputDir}lobehub.1`, generateAliasManPage('lh')),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #39389cb4536b921b Filesystem access.
repo/apps/cli/src/service/connect.test.ts:52
    fs.writeFileSync(entryPath, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1f9db2f688a1033f Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:60
    delete process.env.LOBEHUB_CLI_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d53e207709a9e9d2 Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:61
    delete process.env.LOBEHUB_CLI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e2fdd419931fd071 Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:62
    delete process.env.LOBEHUB_JWT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c859ff1d0df5081f Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:63
    delete process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #aaef1d3ad7e6982c Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:64
    delete process.env.AWS_SECRET_ACCESS_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #120d1e14be7dd80a Filesystem access.
repo/apps/cli/src/service/connect.test.ts:103
    expect(fs.readFileSync(unitPath, 'utf8')).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1b752c37bdbf3e7a Filesystem access.
repo/apps/cli/src/service/connect.test.ts:106
    expect(fs.readFileSync(unitPath, 'utf8')).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #332c6cffdc3a09cf Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:142
    process.env.ANTHROPIC_API_KEY = 'anthropic-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1ea1c410c85badea Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:143
    process.env.AWS_SECRET_ACCESS_KEY = 'aws-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d751eddd7585449 Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:144
    process.env.LOBEHUB_CLI_API_KEY = 'test-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #89a64cb56aa73982 Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:145
    process.env.QUOTED_ENV = 'value with "quotes", \\slashes, and $dollars';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a4b913bdfa4a2981 Filesystem access.
repo/apps/cli/src/service/connect.test.ts:150
    const envFile = fs.readFileSync(envFilePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #82f0dd79066a8c58 Environment-variable access.
repo/apps/cli/src/service/connect.test.ts:168
    process.env.LOBEHUB_CLI_API_KEY = 'rotated-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e6f9036640c112de Filesystem access.
repo/apps/cli/src/service/connect.test.ts:172
    expect(fs.readFileSync(path.join(tmpDir, '.lobehub', 'connect-service.env'), 'utf8')).toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f17701bb5e1e6957 Environment-variable access.
repo/apps/cli/src/service/connect.ts:35
    process.env.LOBEHUB_CONNECT_SERVICE_UNIT_DIR ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a5079a62d7e1d78 Environment-variable access.
repo/apps/cli/src/service/connect.ts:41
  return path.join(os.homedir(), process.env.LOBEHUB_CLI_HOME || '.lobehub');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ad9fb75418e5a62 Filesystem access.
repo/apps/cli/src/service/connect.ts:144
  fs.writeFileSync(envFilePath, `${lines.join('\n')}\n`, { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b025b87f44aac9b Environment-variable access.
repo/apps/cli/src/service/connect.ts:162
  if (process.env.LOBEHUB_JWT || process.env[CLI_API_KEY_ENV] || loadCredentials()) return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5681b6088686f90 Filesystem access.
repo/apps/cli/src/service/connect.ts:176
  fs.writeFileSync(path.join(getUserServiceDir(), SERVICE_NAME), renderUnit(), { mode: 0o644 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ec9be1a64fcea9c7 Environment-variable access.
repo/apps/cli/src/settings/index.test.ts:19
const originalServer = process.env.LOBEHUB_SERVER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #417b40f56eca42af Environment-variable access.
repo/apps/cli/src/settings/index.test.ts:41
    delete process.env.LOBEHUB_SERVER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2a3a95f508d2df83 Environment-variable access.
repo/apps/cli/src/settings/index.test.ts:46
    process.env.LOBEHUB_SERVER = originalServer;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #37368e4354599837 Filesystem access.
repo/apps/cli/src/settings/index.test.ts:71
    fs.writeFileSync(settingsFile, '{invalid json');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6e9cbbac0288fc0e Environment-variable access.
repo/apps/cli/src/settings/index.test.ts:86
    process.env.LOBEHUB_SERVER = 'https://env.example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #076e7df8ae84a6a4 Environment-variable access.
repo/apps/cli/src/settings/index.ts:15
const LOBEHUB_DIR_NAME = process.env.LOBEHUB_CLI_HOME || '.lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb7fe63ce211c39a Environment-variable access.
repo/apps/cli/src/settings/index.ts:31
  const envServerUrl = normalizeUrl(process.env.LOBEHUB_SERVER);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c81dbbfc097c0268 Environment-variable access.
repo/apps/cli/src/settings/index.ts:38
  const envUrl = normalizeUrl(process.env.AGENT_GATEWAY_URL);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d13ae8c0030ca5a3 Filesystem access.
repo/apps/cli/src/settings/index.ts:64
  fs.writeFileSync(SETTINGS_FILE, JSON.stringify(normalized, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05d60cc6624f4d1d Filesystem access.
repo/apps/cli/src/settings/index.ts:76
    const existing = fs.readFileSync(CONNECTION_ID_FILE, 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8598594bfee746 Filesystem access.
repo/apps/cli/src/settings/index.ts:85
    fs.writeFileSync(CONNECTION_ID_FILE, id, { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1080ae69a2380af3 Filesystem access.
repo/apps/cli/src/settings/index.ts:99
    const data = fs.readFileSync(WORKSPACE_ENROLLMENTS_FILE, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a28c11d7d7a4bb8 Filesystem access.
repo/apps/cli/src/settings/index.ts:115
    fs.writeFileSync(WORKSPACE_ENROLLMENTS_FILE, JSON.stringify(workspaceIds, null, 2), {
      mode: 0o600,
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d92a8212493731eb Filesystem access.
repo/apps/cli/src/settings/index.ts:139
    const data = fs.readFileSync(SETTINGS_FILE, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f6230fef99599e8c Filesystem access.
repo/apps/cli/src/tools/file.test.ts:40
    await writeFile(filePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f8492a3a208189b3 Filesystem access.
repo/apps/cli/src/tools/file.test.ts:54
    expect(fs.readFileSync(filePath, 'utf8')).toBe('written');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c47c061b1ce72102 Filesystem access.
repo/apps/cli/src/tools/file.test.ts:59
    await writeFile(filePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8c9ae5fd5fcdb313 Filesystem access.
repo/apps/cli/src/tools/file.test.ts:72
    await writeFile(path.join(tmpDir, 'a.txt'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c57dad3f50f12e87 Filesystem access.
repo/apps/cli/src/tools/file.test.ts:80
    await writeFile(path.join(tmpDir, 'a.ts'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5c1dd966271d9ab9 Filesystem access.
repo/apps/cli/src/tools/file.test.ts:81
    await writeFile(path.join(tmpDir, 'b.js'), 'b');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #95ff02d05c794ce3 Filesystem access.
repo/apps/cli/src/tools/file.test.ts:90
    await writeFile(path.join(tmpDir, 'search.txt'), 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #46e8efe717b9d06b Filesystem access.
repo/apps/cli/src/tools/file.test.ts:99
    await writeFile(path.join(tmpDir, 'config.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d0d11667807cf5d Filesystem access.
repo/apps/cli/src/tools/getAgentProfile.ts:32
    const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b298f0defa7a87a Filesystem access.
repo/apps/cli/src/tools/getAgentProfile.ts:126
    const content = fs.readFileSync(soulPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e42ada31b10c95e Environment-variable access.
repo/apps/cli/src/tools/heteroTask.ts:16
const LOBEHUB_DIR_NAME = process.env.LOBEHUB_CLI_HOME || '.lobehub';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ef08e5ab3f0a082 Filesystem access.
repo/apps/cli/src/tools/heteroTask.ts:21
    const data = JSON.parse(fs.readFileSync(HERMES_SESSIONS_FILE, 'utf8')) as Record<

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #45b620a959f02808 Filesystem access.
repo/apps/cli/src/tools/heteroTask.ts:34
    data = JSON.parse(fs.readFileSync(HERMES_SESSIONS_FILE, 'utf8')) as Record<string, string>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11605bbe0e6c4021 Filesystem access.
repo/apps/cli/src/tools/heteroTask.ts:40
  fs.writeFileSync(HERMES_SESSIONS_FILE, JSON.stringify(data), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d12129763daeed0 Environment-variable access.
repo/apps/cli/src/tools/heteroTask.ts:171
    const openclawAgent = process.env.OPENCLAW_AGENT_ID ?? 'main';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5d30a96b1ca4d2fb Filesystem access.
repo/apps/cli/src/tools/index.test.ts:35
    await writeFile(filePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6fe4d8125337b8eb Filesystem access.
repo/apps/cli/src/tools/index.test.ts:56
    expect(fs.readFileSync(filePath, 'utf8')).toBe('written');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9987c8f9f2445bfd Filesystem access.
repo/apps/cli/src/tools/index.test.ts:61
    await writeFile(filePath, 'legacy hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f213b46da1c20196 Filesystem access.
repo/apps/cli/src/tools/index.test.ts:114
    await writeFile(filePath, 'old content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6cee1057fea0887e Filesystem access.
repo/apps/cli/src/tools/index.test.ts:127
    expect(fs.readFileSync(filePath, 'utf8')).toBe('new content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #67a55fbffc177811 Filesystem access.
repo/apps/cli/src/tools/index.test.ts:139
    await writeFile(filePath, 'content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #781575617a221a65 Filesystem access.
repo/apps/cli/src/tools/index.test.ts:157
    await writeFile(path.join(tmpDir, 'grep.txt'), `${pattern} here`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a33946a6ae51f52d Environment-variable access.
repo/apps/cli/src/tools/isolatedWorker.ts:8
  ISOLATED_TOOL_APIS.has(apiName) && process.env[TOOL_WORKER_ENV] !== '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b82ebe576fa7781 Filesystem access.
repo/apps/cli/src/tools/localSystemRuntime.ts:141
      return runtime.readFile({
        endLine: p.loc?.[1],
        path: p.path,
        startLine: p.loc?.[0],
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8557f69ea15d3f50 Filesystem access.
repo/apps/cli/src/tools/localSystemRuntime.ts:149
      return runtime.writeFile(args as WriteFileParams);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9f0222fbb2b4208a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/utils/agentStream.ts:40
  const res = await fetch(url, { headers });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0c76166c745ee412 Environment-variable access.
repo/apps/cli/src/utils/completion.ts:120
  const fallbackShell = process.env.SHELL?.split('/').pop() || 'zsh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f38e0679c9374ed2 Filesystem access.
repo/apps/cli/src/utils/skillLocator.test.ts:21
  writeFileSync(
    path.join(cliRoot, 'package.json'),
    JSON.stringify({ name: '@lobehub/cli', version }),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #abcc5a1aab38d32e Filesystem access.
repo/apps/cli/src/utils/skillLocator.test.ts:51
    writeFileSync(
      path.join(cliRoot, 'src', 'package.json'),
      JSON.stringify({ name: 'not-the-cli' }),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dfe18177c0d2255a Filesystem access.
repo/apps/cli/src/utils/skillLocator.test.ts:73
    writeFileSync(path.join(skillDir, 'SKILL.md'), '# agent-testing');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4905f563c58a527 Filesystem access.
repo/apps/cli/src/utils/skillLocator.ts:21
        const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4e6b8f3ac44b3da Filesystem access.
repo/apps/cli/src/utils/skillLocator.ts:56
  const pkg = JSON.parse(readFileSync(path.join(cliRoot, 'package.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #fac199963b8f774b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/cli/src/utils/uploadLocalFile.ts:92
    const uploadRes = await fetch(presignedUrl, {
      body: buffer,
      headers: { 'Content-Type': fileType },
      method: 'PUT',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #450a4944b82ce0e6 Filesystem access.
repo/apps/cli/src/utils/uploadLocalFile.ts:143
  const fileBuffer = fs.readFileSync(resolved);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81691545ff5d9d8c Environment-variable access.
repo/apps/cli/tsdown.config.ts:12
  minify: !!process.env.MINIFY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0183383be917d2f6 Filesystem access.
repo/apps/desktop/electron-builder.mjs:24
const packageJSON = JSON.parse(await fs.readFile(path.join(__dirname, 'package.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f189feac6d438e7d Environment-variable access.
repo/apps/desktop/electron-builder.mjs:26
const channel = process.env.UPDATE_CHANNEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e516f3b021cdf22e Environment-variable access.
repo/apps/desktop/electron-builder.mjs:28
const hasAppleCertificate = Boolean(process.env.CSC_LINK);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9774ff43512cb261 Environment-variable access.
repo/apps/desktop/electron-builder.mjs:31
const updateServerUrl = process.env.UPDATE_SERVER_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6369d8e434cc6394 Environment-variable access.
repo/apps/desktop/electron-builder.mjs:82
  process.env.CSC_IDENTITY_AUTO_DISCOVERY = 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97cbfb7ec8792bef Filesystem access.
repo/apps/desktop/electron-builder.mjs:132
      await fs.readFile(path.resolve(__dirname, '../cli/package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #612e06864aaba09a Filesystem access.
repo/apps/desktop/electron-builder.mjs:134
    await fs.writeFile(
      path.resolve(__dirname, 'resources/cli-package.json'),
      JSON.stringify({ name: cliPkg.name, type: 'module', version: cliPkg.version }),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d71667fb0c568b45 Environment-variable access.
repo/apps/desktop/electron-builder.mjs:326
    releaseNotes: process.env.RELEASE_NOTES || undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #533d168864c4da9c Filesystem access.
repo/apps/desktop/module-deps.config.mjs:31
    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fd59696e45533f0 Environment-variable access.
repo/apps/desktop/native-deps.config.mjs:27
  return process.env.npm_config_platform || os.platform();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #831fbed2b5644905 Environment-variable access.
repo/apps/desktop/scripts/dev.mjs:16
const cdpPort = Number(process.env.LOBE_DESKTOP_CDP_PORT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #286d99d490ec7d54 Environment-variable access.
repo/apps/desktop/scripts/dev.mjs:30
  vitePort: Number(process.env.LOBE_DESKTOP_VITE_PORT) || 5173,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #845e7923fb10539a Environment-variable access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:58
  const configuredArch = process.env.npm_config_arch;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #809e5c1a992bdaee Filesystem access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:76
    const installedVersion = readFileSync(
      path.join(electronDir, 'dist', 'version'),
      'utf8',
    ).replace(/^v/, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8243564c9e658e65 Filesystem access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:80
    const installedPath = readFileSync(path.join(electronDir, 'path.txt'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0c98499881898744 Environment-variable access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:135
  const platform = process.env.npm_config_platform || process.platform;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a4c3840193c52b5b Environment-variable access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:153
    cacheRoot: process.env.electron_config_cache,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cf464ecfd9e86fae Environment-variable access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:155
      process.env.electron_use_remote_checksums ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #550223532f007275 Environment-variable access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:156
      process.env.npm_config_electron_use_remote_checksums

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #302a5f4ab022c007 Filesystem access.
repo/apps/desktop/scripts/fix-electron-runtime.mjs:168
  writeFileSync(path.join(electronDir, 'path.txt'), platformPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #57906c90ea828d8b Filesystem access.
repo/apps/desktop/scripts/i18nWorkflow/utils.ts:9
  const data = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fa0f5c55141fb23c Filesystem access.
repo/apps/desktop/scripts/i18nWorkflow/utils.ts:15
  writeFileSync(filePath, jsonStr, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #845aabcc190106bb Environment-variable access.
repo/apps/desktop/vite.main.config.ts:22
  const updateChannel = process.env.UPDATE_CHANNEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda7f66bba4f05ad Environment-variable access.
repo/apps/desktop/vite.main.config.ts:25
    process.env.DESKTOP_EXTERNAL_NAVIGATION_HOSTS ?? (isCloudDesktop ? 'stripe.com' : '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef5666b03b509dda Environment-variable access.
repo/apps/desktop/vite.main.config.ts:107
      'process.env.UPDATE_CHANNEL': JSON.stringify(process.env.UPDATE_CHANNEL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f8e90a4fe24747a Environment-variable access.
repo/apps/desktop/vite.main.config.ts:108
      'process.env.UPDATE_SERVER_URL': JSON.stringify(process.env.UPDATE_SERVER_URL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59b44f1744cbd597 Filesystem access.
repo/apps/desktop/vite.renderer.config.ts:165
      return injectDynamicBusinessFeatureFlag(readFileSync(sourcePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e1865996793f128e Filesystem access.
repo/apps/desktop/vite.shared.test.ts:24
    await writeFile(
      extensionPath,
      `export const extendDesktopViteConfig = ({ config, target }) => ({
  ...config,
  define: { __TEST_TARGET__: JSON.stringify(target) },
});
`,
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c194a515a8ae2589 Environment-variable access.
repo/apps/desktop/vite.shared.ts:15
export const isCloudDesktopBuild = () => process.env.CLOUD_DESKTOP === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59fb7a8a6f78f607 Environment-variable access.
repo/apps/desktop/vite.shared.ts:21
export const DEV_VITE_PORT = Number(process.env.LOBE_DESKTOP_VITE_PORT) || 5173;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce2781a16b33b560 Filesystem access.
repo/apps/desktop/vite.shared.ts:28
  readFileSync(path.resolve(__dirname, 'package.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cec4629813f85fa Environment-variable access.
repo/apps/desktop/vite.shared.ts:71
  const configuredPath = process.env.LOBE_DESKTOP_VITE_CONFIG_EXTENSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93b00c8fbd600d76 Environment-variable access.
repo/apps/desktop/vite.shared.ts:74
    : process.env.CLOUD_DESKTOP === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca6a34948d9750ce Environment-variable access.
repo/drizzle.config.ts:10
let connectionString = process.env.DATABASE_URL!;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #63cfeead97142e8e Environment-variable access.
repo/next.config.ts:3
const isVercel = !!process.env.VERCEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc4984333317fc9c Filesystem access.
repo/plugins/vite/envRestartKeys.ts:36
      for (const line of readFileSync(file, 'utf8').split('\n')) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d193a0d08e3dd4ea Filesystem access.
repo/plugins/vite/markdownImport.test.ts:15
    await writeFile(markdownPath, markdownContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e930150163ddaf5 Filesystem access.
repo/plugins/vite/markdownImport.ts:35
      const content = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6894eb352f78df2 Environment-variable access.
repo/plugins/vite/routeChunkPreload.ts:387
function appendDeploymentQuery(href: string, deploymentId = process.env.VERCEL_DEPLOYMENT_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6ad58aef854126d Environment-variable access.
repo/plugins/vite/routeChunkPreload.ts:566
        const deploymentId = process.env.VERCEL_DEPLOYMENT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d6af8af644cb677 Environment-variable access.
repo/plugins/vite/sharedRendererConfig.ts:199
const isDev = process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9890ec4161181db7 Environment-variable access.
repo/plugins/vite/sharedRendererConfig.ts:200
const enableRouteChunkPreload = process.env.LOBE_ROUTE_CHUNK_PRELOAD !== 'false';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2b5d1d267d541a2 Environment-variable access.
repo/plugins/vite/sharedRendererConfig.ts:241
    '__CI__': process.env.CI === 'true' ? 'true' : 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c1751d269dbcb33 Environment-variable access.
repo/plugins/vite/sharedRendererConfig.ts:242
    '__DEV__': process.env.NODE_ENV !== 'production' ? 'true' : 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2661e2ff7a4e1d06 Environment-variable access.
repo/plugins/vite/sharedRendererConfig.ts:245
    '__REACT_SCAN__': process.env.REACT_SCAN === 'true' ? 'true' : 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e24d0c60f8831b8e Environment-variable access.
repo/plugins/vite/vercelSkewProtection.ts:28
  const id = deploymentId || process.env.VERCEL_DEPLOYMENT_ID || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dbdfc28e1f3ac7d1 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:35
        (key) => process.env[key],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ac1505fdd09ab896 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:54
      ].filter((key) => process.env[key]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #52c83260c9c15624 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:59
    getVars: () => (process.env['NEXT_PUBLIC_SERVICE_MODE'] ? ['NEXT_PUBLIC_SERVICE_MODE'] : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8750236f332b3a33 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:65
    getVars: () => (process.env['ACCESS_CODE'] ? ['ACCESS_CODE'] : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6db9f67065813b66 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:72
      process.env['NEXT_PUBLIC_ENABLE_BETTER_AUTH'] ? ['NEXT_PUBLIC_ENABLE_BETTER_AUTH'] : [],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0b4f125c859cde49 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:78
    getVars: () => ['NEXT_PUBLIC_AUTH_URL', 'AUTH_URL'].filter((key) => process.env[key]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2ba665802480e150 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:104
      ].filter((key) => process.env[key]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1029036f1496d655 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:120
        (key) => process.env[key],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #befcd950944dd5f5 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:127
    getVars: () => (process.env['OIDC_JWKS_KEY'] ? ['OIDC_JWKS_KEY'] : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c1406e2c689a0005 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:133
    getVars: () => (process.env['APP_URL']?.endsWith('/') ? ['APP_URL'] : []),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bbbac5e712e37e77 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:141
      const providers = process.env['AUTH_SSO_PROVIDERS'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4f1b248126c0e731 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:142
      if (providers.includes('casdoor') && !process.env['CASDOOR_WEBHOOK_SECRET']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #908fd8c8fecd0ddc Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:155
      const providers = process.env['AUTH_SSO_PROVIDERS'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #215a9aa93a6ee20b Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:156
      if (providers.includes('logto') && !process.env['LOGTO_WEBHOOK_SIGNING_KEY']) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dc4e38984d1b15bc Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:183
      ].filter((key) => process.env[key]),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1f31309b2fb429c4 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:192
        process.env['SMTP_HOST'] || process.env['EMAIL_SERVICE_PROVIDER'] === 'resend';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #80dad65624a2935b Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.js:193
      const hasEmailVerification = process.env['AUTH_EMAIL_VERIFICATION'] === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bb2f579f3be809ab Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:35
    process.env.NEXT_AUTH_SECRET = 'test-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dec7dc4ab4feb88a Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:45
    process.env.NEXTAUTH_SECRET = 'test-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3770d751761e9394 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:54
    process.env.CLERK_SECRET_KEY = 'test-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a4083f3ee9ae98ec Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:63
    process.env.ACCESS_CODE = 'test-code';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6b4e34a082154f7c Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:72
    process.env.APP_URL = 'https://example.com/';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ee25155285a9a1f9 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:81
    process.env.APP_URL = 'https://example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5ba5f497f819976c Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:91
      process.env.AUTH_SSO_PROVIDERS = 'casdoor';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5a444d303378a3a4 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:102
      process.env.AUTH_SSO_PROVIDERS = 'logto';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e7a0e9be6faddfeb Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:113
      process.env.AUTH_SSO_PROVIDERS = 'casdoor';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0954363893664ea Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:114
      process.env.CASDOOR_WEBHOOK_SECRET = 'test-secret';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #99d55431a15bb9b6 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:124
      process.env.AUTH_SSO_PROVIDERS = 'logto';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #676276b9024a3700 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:125
      process.env.LOGTO_WEBHOOK_SIGNING_KEY = 'test-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dc7b0f9243da45d6 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:135
      process.env.AUTH_SSO_PROVIDERS = 'google';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4eed4775e78965e9 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:147
      process.env.AUTH_SSO_PROVIDERS = 'logto'; // warning

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #44e5a06e55a9fae5 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:148
      process.env.ACCESS_CODE = 'test-code'; // error

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5e2e28f5e839f40a Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:161
      process.env.ACCESS_CODE = 'test-code';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8d215c79efd42996 Environment-variable access.
repo/scripts/_shared/checkDeprecatedAuth.test.ts:171
      process.env.ACCESS_CODE = 'test-code';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3ab2df4b04d32211 Filesystem access.
repo/scripts/cdnWorkflow/index.ts:47
      this.cache = JSON.parse(readFileSync(CACHE_FILE, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2b70adea2e7dc753 Filesystem access.
repo/scripts/cdnWorkflow/index.ts:56
      writeFileSync(CACHE_FILE, JSON.stringify(this.cache, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #62587c785ce1c996 Filesystem access.
repo/scripts/cdnWorkflow/index.ts:65
      const mdx = readFileSync(post, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a1b133af88bd44bf Environment-variable access.
repo/scripts/cdnWorkflow/index.ts:119
        cdnLinks[link] = cdnUrl.replaceAll(process.env.DOC_S3_PUBLIC_DOMAIN || '', '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #54078ecf7f7845d4 Filesystem access.
repo/scripts/cdnWorkflow/index.ts:147
      const mdx = readFileSync(post, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bae79860a56f47fe Filesystem access.
repo/scripts/cdnWorkflow/index.ts:170
      writeFileSync(post, matter.stringify(content, data));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8d913c8af1fcca23 Environment-variable access.
repo/scripts/cdnWorkflow/uploader.ts:10
if (!process.env.DOC_S3_ACCESS_KEY_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c46af353f44c3522 Environment-variable access.
repo/scripts/cdnWorkflow/uploader.ts:16
if (!process.env.DOC_S3_SECRET_ACCESS_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #81bc30159775a9bd Environment-variable access.
repo/scripts/cdnWorkflow/uploader.ts:22
if (!process.env.DOC_S3_PUBLIC_DOMAIN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #79aa04ef7ac5c469 Environment-variable access.
repo/scripts/cdnWorkflow/uploader.ts:44
    accessKeyId: process.env.DOC_S3_ACCESS_KEY_ID || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #77622f28163dc338 Environment-variable access.
repo/scripts/cdnWorkflow/uploader.ts:47
    pathPrefix: process.env.DOC_S3_PUBLIC_DOMAIN || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e7d237f198bd3bde Environment-variable access.
repo/scripts/cdnWorkflow/uploader.ts:50
    secretAccessKey: process.env.DOC_S3_SECRET_ACCESS_KEY || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #c2d8af6ef00e0674 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/cdnWorkflow/utils.ts:65
    const response = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #dd4cbbdc776d2427 Filesystem access.
repo/scripts/changelogWorkflow/buildStaticChangelog.ts:119
      const data = readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2cfb0d5c332a16e1 Filesystem access.
repo/scripts/changelogWorkflow/generateChangelog.ts:160
  const version = JSON.parse(readFileSync(pkgPath, 'utf8')).version;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cb60018f2e2df2d9 Filesystem access.
repo/scripts/changelogWorkflow/generateChangelog.ts:199
  const currentFile = readFileSync(changelogPath, 'utf8').trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #96cf8ebb357633d5 Filesystem access.
repo/scripts/changelogWorkflow/generateChangelog.ts:205
  writeFileSync(changelogPath, newContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c64e7d6b15d9a5a3 Environment-variable access.
repo/scripts/clerk-to-betterauth/_internal/config.ts:9
  const mode = process.env.CLERK_TO_BETTERAUTH_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8f6ec674c0e0b87c Environment-variable access.
repo/scripts/clerk-to-betterauth/_internal/config.ts:29
  const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c12b1a476ea0e564 Environment-variable access.
repo/scripts/clerk-to-betterauth/_internal/config.ts:43
  const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ceec1fb2fe87db07 Environment-variable access.
repo/scripts/clerk-to-betterauth/_internal/config.ts:53
  const driver = process.env.CLERK_TO_BETTERAUTH_DATABASE_DRIVER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f138ed19f4a28ee1 Filesystem access.
repo/scripts/clerk-to-betterauth/_internal/load-data-from-files.ts:50
  const csv = await readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #91e3af2af5c31375 Filesystem access.
repo/scripts/clerk-to-betterauth/_internal/load-data-from-files.ts:59
    const file = await readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #033ae7aa8abbc534 Environment-variable access.
repo/scripts/clerk-to-betterauth/export-clerk-users-with-api.ts:19
const CONCURRENCY = Number(process.env.CLERK_EXPORT_CONCURRENCY ?? 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d684d05db85036c8 Environment-variable access.
repo/scripts/clerk-to-betterauth/export-clerk-users-with-api.ts:20
const MAX_RETRIES = Number(process.env.CLERK_EXPORT_RETRIES ?? 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #bb44346bbba12617 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/clerk-to-betterauth/export-clerk-users-with-api.ts:34
  const response = await fetch(`${CLERK_API_BASE}${endpoint}`, {
    headers: {
      Authorization: `Bearer ${secretKey}`,
    },
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #d1860d393dfb312d Filesystem access.
repo/scripts/clerk-to-betterauth/export-clerk-users-with-api.ts:203
  await writeFile(outputPath, JSON.stringify(clerkUsers, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2753601892defe92 Environment-variable access.
repo/scripts/clerk-to-betterauth/index.ts:9
const BATCH_SIZE = Number(process.env.CLERK_TO_BETTERAUTH_BATCH_SIZE) || 300;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #18cbedace9ec5879 Environment-variable access.
repo/scripts/clerk-to-betterauth/index.ts:12
  process.argv.includes('--dry-run') || process.env.CLERK_TO_BETTERAUTH_DRY_RUN === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b94018941c9bc58 Filesystem access.
repo/scripts/countEnWord.ts:48
    const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #9fe98e1d178dcb25 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/create-test-tasks.js:7
  fetch(`/trpc/lambda/${path}`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    credentials: 'include',
    body: JSON.stringify({ json }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #4c77601fa07f8116 Filesystem access.
repo/scripts/docsWorkflow/autoCDN.ts:44
      this.cache = JSON.parse(readFileSync(CACHE_FILE, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2c00974269e65fc7 Filesystem access.
repo/scripts/docsWorkflow/autoCDN.ts:53
      writeFileSync(CACHE_FILE, JSON.stringify(this.cache, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5dac3407589dabbf Filesystem access.
repo/scripts/docsWorkflow/autoCDN.ts:62
      const mdx = readFileSync(post, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #884042c4bf245434 Environment-variable access.
repo/scripts/docsWorkflow/autoCDN.ts:98
        cdnLinks[link] = cdnUrl.replaceAll(process.env.DOC_S3_PUBLIC_DOMAIN || '', '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6183f30c21f9e89a Filesystem access.
repo/scripts/docsWorkflow/autoCDN.ts:126
      const mdx = readFileSync(post, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2489e8ea3ace5bf2 Filesystem access.
repo/scripts/docsWorkflow/autoCDN.ts:149
      writeFileSync(post, matter.stringify(content, data));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #620a19cb3658b489 Filesystem access.
repo/scripts/docsWorkflow/utils.ts:14
  const md = readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6bbf9508918713f1 Filesystem access.
repo/scripts/docsWorkflow/utils.ts:18
  writeFileSync(path, result, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #93db0fb6fd634d65 Filesystem access.
repo/scripts/docsWorkflow/utils.ts:27
  const md = readFileSync(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d2cacc009a872e44 Environment-variable access.
repo/scripts/docsWorkflow/utils.ts:87
    const githubToken = process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #b17f8c445fd365f6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/docsWorkflow/utils.ts:96
    const response = await fetch(url, { headers });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #d4f90b1dc3744c5e A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent. Non-production path — not application runtime.
repo/scripts/docsWorkflow/utils.ts:96 · flow /tmp/closeopen-4_u_15or/repo/scripts/docsWorkflow/utils.ts:87 → /tmp/closeopen-4_u_15or/repo/scripts/docsWorkflow/utils.ts:96
    const response = await fetch(url, { headers });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs test-only Excluded from app score #ce24573d24b6eba4 Filesystem access.
repo/scripts/electronWorkflow/buildDesktopChannel.ts:65
    return await fs.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9a1dfbed5bbbf88d Filesystem access.
repo/scripts/electronWorkflow/buildDesktopChannel.ts:73
  await fs.writeFile(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ce6ec45dbb50755f Filesystem access.
repo/scripts/electronWorkflow/mergeMacReleaseFiles.js:44
      const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0487275cf05293cf Filesystem access.
repo/scripts/electronWorkflow/mergeMacReleaseFiles.js:58
    fs.writeFileSync(filePath, content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1d1ece7227c9fa09 Filesystem access.
repo/scripts/hotfixWorkflow/index.ts:32
    const pkg = JSON.parse(fs.readFileSync(PACKAGE_JSON_PATH, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #797727dd3d0000ce Filesystem access.
repo/scripts/i18nWorkflow/analyzeUnusedKeys.ts:175
    const content = fs.readFileSync(file, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #04c5084c453f7797 Filesystem access.
repo/scripts/i18nWorkflow/analyzeUnusedKeys.ts:448
  fs.writeFileSync(
    reportPath,
    JSON.stringify(
      {
        generatedAt: new Date().toISOString(),
        statistics: {
          totalKeys: allKeysCount,
          unusedKeys: unusedKeys.length,
          usageRate: ((usedKeysCount / allKeysCount) * 100).toFixed(2) + '%',
          usedKeys: usedKeysCount,
        },
        unusedKeys: unusedKeys.map((k) => ({
          filePath: k.filePath,
          fullKey: k.fullKey,
          key: k.key,
          namespace: k.namespace,
        })),
        unusedKeysByNamespace: Array.from(byNamespace.entries()).map(([ns, keys]) => ({
          count: keys.length,
          keys: keys.map((k) => k.key),
          namespace: ns,
        })),
      },
      null,
      2,
    ),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e37b6a7ecdb7fe81 Filesystem access.
repo/scripts/i18nWorkflow/cleanUnusedKeys.ts:137
          fs.writeFileSync(filePath, newContent, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #669796a19cdf56ea Filesystem access.
repo/scripts/i18nWorkflow/cleanUnusedKeys.ts:193
        const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4960809f614d8fa8 Filesystem access.
repo/scripts/i18nWorkflow/cleanUnusedKeys.ts:213
            fs.writeFileSync(filePath, JSON.stringify(translations, null, 2) + '\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5832bb7b88d75f39 Filesystem access.
repo/scripts/i18nWorkflow/cleanUnusedKeys.ts:277
  const reportContent = fs.readFileSync(reportPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #468a1a79d673e78c Filesystem access.
repo/scripts/i18nWorkflow/flattenLocaleKeys.ts:78
  writeFileSync(filePath, formatted, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b89df6e22b2e288 Filesystem access.
repo/scripts/i18nWorkflow/flattenLocaleKeys.ts:87
  writeFileSync(filePath, formatted, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6c283573edeeeed7 Filesystem access.
repo/scripts/i18nWorkflow/flattenLocaleKeys.ts:116
      const raw = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3e74e3e6b24dc3d8 Filesystem access.
repo/scripts/i18nWorkflow/utils.ts:13
  const data = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d6819fd9ccb7c08 Filesystem access.
repo/scripts/i18nWorkflow/utils.ts:19
  writeFileSync(filePath, jsonStr, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #47b3abfbf70766b9 Filesystem access.
repo/scripts/i18nWorkflow/utils.ts:28
  writeFileSync(filePath, formatted, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cd51f1b95ef29474 Filesystem access.
repo/scripts/mdxWorkflow/index.ts:17
      const mdx = readFileSync(post, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ff435f8362f76941 Filesystem access.
repo/scripts/mdxWorkflow/index.ts:48
      writeFileSync(post, matter.stringify(formatedContent, data));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #63283dd01e00986b Filesystem access.
repo/scripts/migrate-spa-navigation.ts:39
  const content = await readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4536f36a46de8df4 Filesystem access.
repo/scripts/migrate-spa-navigation.ts:105
    await writeFile(fullPath, newContent, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5261de37421f5cb8 Environment-variable access.
repo/scripts/migrateServerDB/docker.cjs:7
if (!process.env.DATABASE_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2b007a865c6c86be Environment-variable access.
repo/scripts/migrateServerDB/docker.cjs:11
const client = new Pool({ connectionString: process.env.DATABASE_URL });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b9952c0481c4ccd9 Environment-variable access.
repo/scripts/migrateServerDB/index.ts:16
const env = process.env.NODE_ENV || 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #634945a3b68da8e4 Environment-variable access.
repo/scripts/migrateServerDB/index.ts:27
  if (process.env.DATABASE_DRIVER === 'node') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4a366dc8c4219bd0 Environment-variable access.
repo/scripts/migrateServerDB/index.ts:38
const connectionString = process.env.DATABASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #30cff8d74e189af9 Environment-variable access.
repo/scripts/mobileSpaWorkflow/index.ts:17
  const value = process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2d5cb749f27529bb Environment-variable access.
repo/scripts/mobileSpaWorkflow/index.ts:27
  const keyPrefix = (process.env.MOBILE_S3_KEY_PREFIX || `mobile/${timestamp}`).replaceAll(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #21466a926e58476b Environment-variable access.
repo/scripts/mobileSpaWorkflow/index.ts:60
    region: process.env.MOBILE_S3_REGION || 'auto',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #70647047c492e51a Filesystem access.
repo/scripts/mobileSpaWorkflow/template.ts:11
  const html = readFileSync(sourcePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #16b546ef9d56c5d3 Filesystem access.
repo/scripts/mobileSpaWorkflow/template.ts:24
  writeFileSync(outputPath, output, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4a72a8cdc0a55754 Filesystem access.
repo/scripts/mobileSpaWorkflow/upload.ts:49
      const buffer = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #00c8ffdb57c63be1 Environment-variable access.
repo/scripts/nextauth-to-betterauth/_internal/config.ts:10
  const mode = process.env.NEXTAUTH_TO_BETTERAUTH_MODE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4d7150e3ad53fcf6 Environment-variable access.
repo/scripts/nextauth-to-betterauth/_internal/config.ts:20
  const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #10a3cc3dab57959e Environment-variable access.
repo/scripts/nextauth-to-betterauth/_internal/config.ts:30
  const driver = process.env.NEXTAUTH_TO_BETTERAUTH_DATABASE_DRIVER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f762fc346b6f61aa Environment-variable access.
repo/scripts/nextauth-to-betterauth/_internal/config.ts:36
  return Number(process.env.NEXTAUTH_TO_BETTERAUTH_BATCH_SIZE) || 300;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #eee58b71c10854b8 Environment-variable access.
repo/scripts/nextauth-to-betterauth/_internal/config.ts:40
  return process.argv.includes('--dry-run') || process.env.NEXTAUTH_TO_BETTERAUTH_DRY_RUN === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #fb3fd9c17195edbe Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/readmeWorkflow/utlis.ts:9
  const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #fa9eaf8a918f5b2d Filesystem access.
repo/scripts/readmeWorkflow/utlis.ts:38
  return readFileSync(getReadmePath(lang), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2f77a89d171a9c1e Filesystem access.
repo/scripts/readmeWorkflow/utlis.ts:42
  writeFileSync(getReadmePath(lang), content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #45ad8b73e66c6825 Environment-variable access.
repo/scripts/registerDesktopEnv.cjs:18
const isDesktop = process.env.DESKTOP_BUILD === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b9ae274120982b34 Filesystem access.
repo/scripts/releaseWorkflow/index.ts:28
    const pkg = JSON.parse(fs.readFileSync(PACKAGE_JSON_PATH, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cc01170db003e0f9 Filesystem access.
repo/scripts/replaceComponentImports.ts:90
  const content = readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2d7a3d29e12f3551 Filesystem access.
repo/scripts/replaceComponentImports.ts:132
      writeFileSync(filePath, newContent, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #858c1c224571d7f2 Environment-variable access.
repo/scripts/resetOnboarding/index.ts:19
const env = process.env.NODE_ENV || 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #17ecb904cc9e3727 Environment-variable access.
repo/scripts/resetOnboarding/index.ts:33
  if (!process.env.DATABASE_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2840e7015d998480 Environment-variable access.
repo/scripts/seedUserInfo/index.ts:17
const env = process.env.NODE_ENV || 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #15d27a6836777648 Environment-variable access.
repo/scripts/seedUserInfo/index.ts:39
  if (!process.env.DATABASE_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9908e6ee6c697f58 Environment-variable access.
repo/scripts/serverLauncher/startServer.js:88
    process.env.ENABLE_PROXY_DNS === '1'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0e8c5fa5fe22b461 Filesystem access.
repo/scripts/serverLauncher/startServer.js:111
  await fs.writeFile(PROXYCHAINS_CONF_PATH, configContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f8a4d29ddde46abe Environment-variable access.
repo/scripts/serverLauncher/startServer.js:131
  const KEY_VAULTS_SECRET = process.env.KEY_VAULTS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #18393b5d8c961af2 Environment-variable access.
repo/scripts/serverLauncher/startServer.js:134
  const port = process.env.PORT || 3210;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #e1aa0c8db8ce2279 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/serverLauncher/startServer.js:141
      const res = await fetch(url, {
        method: 'POST',
        headers: {
          'Authorization': `Bearer ${KEY_VAULTS_SECRET}`,
          'Content-Type': 'application/json',
        },
        body: JSON.stringify({}),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #9df02b75a72bdf77 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/serverLauncher/startServer.js:141 · flow /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:131 → /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:141
      const res = await fetch(url, {
        method: 'POST',
        headers: {
          'Authorization': `Bearer ${KEY_VAULTS_SECRET}`,
          'Content-Type': 'application/json',
        },
        body: JSON.stringify({}),
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #6f6e7d830b89b8d7 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/scripts/serverLauncher/startServer.js:155 · flow /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:131 → /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:155
      console.warn(`⚠️ Gateway: Received status ${res.status}, retrying...`);

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #b3b1982b01375dec Environment-variable access.
repo/scripts/serverLauncher/startServer.js:168
  const QSTASH_URL = process.env.QSTASH_URL || 'https://qstash-eu-central-1.upstash.io';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bc55d371b96bfb50 Environment-variable access.
repo/scripts/serverLauncher/startServer.js:170
  const QSTASH_TOKEN = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #399dd78e9c12af55 Environment-variable access.
repo/scripts/serverLauncher/startServer.js:176
  const APP_URL = process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #be4ac08164c2fad6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/scripts/serverLauncher/startServer.js:185
    const res = await fetch(url, {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${QSTASH_TOKEN}`,
        'Content-Type': 'application/json',
        'Upstash-Method': 'POST',
        'Upstash-Cron': '*/10 * * * *',
        'Upstash-Schedule-Id': 'lobe-task-schedule-dispatch',
      },
      body: JSON.stringify({}),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow test-only Excluded from app score #605e0a0baab9797a A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/scripts/serverLauncher/startServer.js:185 · flow /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:170 → /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:185
    const res = await fetch(url, {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${QSTASH_TOKEN}`,
        'Content-Type': 'application/json',
        'Upstash-Method': 'POST',
        'Upstash-Cron': '*/10 * * * *',
        'Upstash-Schedule-Id': 'lobe-task-schedule-dispatch',
      },
      body: JSON.stringify({}),
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #ade748ecb1bd087c PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process. Non-production path — not application runtime.
repo/scripts/serverLauncher/startServer.js:200 · flow /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:170 → /tmp/closeopen-4_u_15or/repo/scripts/serverLauncher/startServer.js:200
      console.error(`❌ QStash: Failed to create schedule. Status ${res.status}`);

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

low env_fs test-only Excluded from app score #aa91d92c0c0f5526 Environment-variable access.
repo/scripts/serverLauncher/startServer.js:209
  const PROXY_URL = process.env.PROXY_URL || ''; // Default empty string to avoid undefined errors

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #77eaff19c004a6a0 Environment-variable access.
repo/scripts/serverLauncher/startServer.js:226
  if (process.env.DATABASE_DRIVER) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #209654f21473cba3 Environment-variable access.
repo/scripts/vercelIgnoredBuildStep.js:4
const branchName = process.env.VERCEL_GIT_COMMIT_REF || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30ea096b419949c0 Environment-variable access.
repo/src/app/(backend)/_deprecated/createBizOpenAI/createAzureOpenai.ts:16
  const OPENAI_PROXY_URL = process.env.OPENAI_PROXY_URL || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ccbd25587edc3c4 Environment-variable access.
repo/src/app/(backend)/_deprecated/createBizOpenAI/createOpenai.ts:9
  const OPENAI_PROXY_URL = process.env.OPENAI_PROXY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dde23d7abd8a2452 Environment-variable access.
repo/src/app/(backend)/api/dev/agent-tracing/route.ts:9
  if (process.env.NODE_ENV !== 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c78e0e8ee4010a4f Filesystem access.
repo/src/app/(backend)/api/dev/agent-tracing/route.ts:21
      const content = await fs.readFile(fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec51438a8fa46884 Environment-variable access.
repo/src/app/(backend)/api/dev/test-push/route.ts:19
  if (process.env.NODE_ENV !== 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22877496c781a403 Environment-variable access.
repo/src/app/(backend)/api/webhooks/memory-user-memory/pipelines/extract/chat-topic/cancel/route.ts:37
  const token = process.env.QSTASH_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74327cd779c20dec Environment-variable access.
repo/src/app/(backend)/api/webhooks/memory-user-memory/pipelines/extract/chat-topic/cancel/route.ts:41
  if (process.env.QSTASH_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e322c5ce140ea7a Environment-variable access.
repo/src/app/(backend)/api/webhooks/memory-user-memory/pipelines/extract/chat-topic/cancel/route.ts:42
    (config as Record<string, unknown>).url = process.env.QSTASH_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67c657de23e0b75d Environment-variable access.
repo/src/app/(backend)/market/oidc/[[...segments]]/route.ts:7
const MARKET_BASE_URL = process.env.MARKET_BASE_URL || 'https://market.lobehub.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d245af2af16e9d74 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/app/(backend)/market/oidc/[[...segments]]/route.ts:185
          const response = await fetch(userInfoUrl, {
            headers: {
              'Content-Type': 'application/json',
              'x-lobe-trust-token': trustedClientToken,
            },
            method: 'GET',
          });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #480262284b1755d2 Environment-variable access.
repo/src/app/(backend)/middleware/auth/index.test.ts:234
      delete process.env.MOCK_DEV_USER_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d57141f925353e57 Environment-variable access.
repo/src/app/(backend)/middleware/auth/index.ts:73
    const isMockUser = process.env.ENABLE_MOCK_DEV_USER === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb463d9c038dbd85 Environment-variable access.
repo/src/app/(backend)/middleware/auth/index.ts:74
    if (process.env.NODE_ENV === 'development' && (isDebugApi || isMockUser)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64cbeb5f8a23fe0c Environment-variable access.
repo/src/app/(backend)/middleware/auth/index.ts:75
      const mockUserId = process.env.MOCK_DEV_USER_ID || 'DEV_USER';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #da7c104f9d3a8d63 Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/app/(backend)/webapi/chat/[provider]/route.test.ts:32
  request = new Request(new URL('https://test.com'), {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #06f588e1ff9cfc3c Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/app/(backend)/webapi/chat/[provider]/route.test.ts:88
      request = new Request(new URL('https://test.com'), {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #dfa32e4c6fcc0c50 Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/app/(backend)/webapi/chat/[provider]/route.test.ts:113
      request = new Request(new URL('https://test.com'), {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #f0e342ddc902e5af Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/app/(backend)/webapi/models/[provider]/pricing/route.test.ts:45
  request = new Request(new URL('https://test.com'), {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress test-only Excluded from app score #ac0fea6106fe5185 Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/app/(backend)/webapi/models/[provider]/route.test.ts:33
  request = new Request(new URL('https://test.com'), {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #eac35423c64ebc33 Environment-variable access.
repo/src/app/(backend)/webapi/revalidate/route.ts:6
  if (!process.env.REVALIDATE_SECRET) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c86a105c932cbcf Environment-variable access.
repo/src/app/(backend)/webapi/revalidate/route.ts:12
  if (!authToken || authToken !== process.env.REVALIDATE_SECRET) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #524d8317d6844852 Environment-variable access.
repo/src/app/[variants]/metadata.ts:11
const isDev = process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #415e9d05ac9c82a3 Environment-variable access.
repo/src/app/layout.tsx:6
const inVercel = process.env.VERCEL === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ecbd74ce9beb427 Environment-variable access.
repo/src/app/manifest.ts:5
  if (process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3862f38510608933 Environment-variable access.
repo/src/app/spa-auth/[locale]/[[...path]]/route.ts:17
const isDev = process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a824600ee382af1 Environment-variable access.
repo/src/app/spa/[variants]/[[...path]]/route.ts:34
const isDev = process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #006dbb9fefeb2a5b Environment-variable access.
repo/src/components/Analytics/Desktop.tsx:7
  const projectId = process.env.NEXT_PUBLIC_DESKTOP_PROJECT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ba8cd34f79ffaa7 Environment-variable access.
repo/src/components/Analytics/Desktop.tsx:8
  const baseUrl = process.env.NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #907412fcf4d3fe49 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/components/AvatarUpload/index.tsx:106
          const blob = await (await fetch(webpBase64)).blob();

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #80d99f90c5b8c304 Environment-variable access.
repo/src/components/Loading/BrandTextLoading/index.tsx:20
  const showDebug = process.env.NODE_ENV === 'development' && debugId;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3a570a6d09e91e0a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/components/mdx/Image.tsx:12
  const buffer = await fetch(url, { cache: 'force-cache' }).then(async (res) =>

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4fd50de6f389ed4e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/features/AgentMockDevtools/hooks/useMockCases.ts:17
          const snap = await fetch(`/api/dev/agent-tracing?file=${encodeURIComponent(f)}`).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #539257856ddf1895 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/features/Auth/OAuthConsent/useClientMetadata.ts:7
  const res = await fetch(`/oidc/client-metadata/${encodeURIComponent(clientId)}`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d11d1e9e1480648a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/features/Auth/OAuthConsent/useInteractionDetails.ts:20
  const res = await fetch(`/oidc/interaction/${uid}`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low pii_flow production #0c094f96217bc0ba User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Same-origin destination — not external exfiltration.
repo/src/features/Auth/SignIn/useSignIn.ts:158 · flow /tmp/closeopen-4_u_15or/repo/src/features/Auth/SignIn/useSignIn.ts:154 → /tmp/closeopen-4_u_15or/repo/src/features/Auth/SignIn/useSignIn.ts:158
      const response = await fetch('/api/auth/check-user', {
        body: JSON.stringify({ email: targetEmail }),
        headers: { 'Content-Type': 'application/json' },
        method: 'POST',
      });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low egress production #3a3526cb0839f1ce Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/features/Conversation/Messages/User/components/AudioPlayer/useWaveform.ts:67
        const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #659f0460ed0d3ece Environment-variable access.
repo/src/features/DevFeatureFlagPanel/Hydrator.tsx:7
const isDevEnv = process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5b455b8450eec0e Environment-variable access.
repo/src/features/DevFeatureFlagPanel/index.tsx:12
const isDevEnv = process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #8096708cc503be46 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/features/FileViewer/hooks/useTextFileLoader.ts:17
        const response = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e63be22ee1b033b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/features/ResourceManager/components/Explorer/MasonryView/MasonryItem/index.tsx:359
              const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6a621d3bfb78f791 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/features/SkillStore/SkillList/MarketSkills/MarketSkillDetail.tsx:101
  const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #83fdab27be81fd6f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/hooks/useImgToClipboard.ts:18
      const blob = await fetch(dataUrl).then((res) => res.blob());

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #f4933da4c41b644d Environment-variable access.
repo/src/instrumentation.ts:3
  if (process.env.NODE_ENV !== 'production' && process.env.NEXT_RUNTIME === 'nodejs') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #871fd2cb0611c55e Environment-variable access.
repo/src/instrumentation.ts:11
  const isDev = process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c811acd10894846d Environment-variable access.
repo/src/instrumentation.ts:13
    process.env.NEXT_RUNTIME === 'nodejs' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb04ac3ca8c35a3b Environment-variable access.
repo/src/instrumentation.ts:14
    process.env.DATABASE_URL &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6a17df9ed31276a Environment-variable access.
repo/src/instrumentation.ts:15
    !process.env.VERCEL_ENV &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #609bb3d15c223092 Environment-variable access.
repo/src/instrumentation.ts:16
    (!isDev || process.env.ENABLE_BOT_IN_DEV === '1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7d4300c6621c026c Environment-variable access.
repo/src/instrumentation.ts:31
  if (process.env.NODE_ENV !== 'production' && !process.env.ENABLE_TELEMETRY_IN_DEV) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa5991820acfbe87 Environment-variable access.
repo/src/instrumentation.ts:35
  const shouldEnable = process.env.ENABLE_TELEMETRY && process.env.NEXT_RUNTIME === 'nodejs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea0b77f22f271201 Environment-variable access.
repo/src/layout/AuthProvider/MarketAuth/MarketAuthProvider.tsx:172
      const baseUrl = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'https://market.lobehub.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #cd427516c6a8d377 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/layout/AuthProvider/MarketAuth/oidc.ts:150
    const response = await fetch(tokenUrl, {
      body: body.toString(),
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #714500e4adec4ee4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/layout/AuthProvider/MarketAuth/oidc.ts:411
        const response = await fetch(pollUrl, {
          cache: 'no-store',
          credentials: 'include',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #405bb827ad28c1d0 Environment-variable access.
repo/src/libs/better-auth/define-config.test.ts:114
    delete process.env.HTTP_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #30155ed4ee4f11a6 Environment-variable access.
repo/src/libs/better-auth/define-config.test.ts:115
    delete process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #02b5676ac9635464 Environment-variable access.
repo/src/libs/better-auth/define-config.test.ts:116
    delete process.env.HTTPS_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cf9d17a90422d7a5 Environment-variable access.
repo/src/libs/better-auth/define-config.test.ts:117
    delete process.env.https_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5ee1e567a0e98729 Environment-variable access.
repo/src/libs/better-auth/define-config.test.ts:118
    delete process.env.NO_PROXY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #089cea893cec6e29 Environment-variable access.
repo/src/libs/better-auth/define-config.test.ts:119
    delete process.env.no_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #457ac260c3eacd20 Environment-variable access.
repo/src/libs/better-auth/define-config.ts:53
if (process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed690364347818ea Environment-variable access.
repo/src/libs/better-auth/define-config.ts:54
  const httpProxy = process.env.HTTP_PROXY || process.env.http_proxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a10b0fcf8676ba9a Environment-variable access.
repo/src/libs/better-auth/define-config.ts:55
  const httpsProxy = process.env.HTTPS_PROXY || process.env.https_proxy || httpProxy;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a637416b2ab9223 Environment-variable access.
repo/src/libs/better-auth/define-config.ts:61
      noProxy: mergeLocalNoProxy(process.env.NO_PROXY || process.env.no_proxy),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a8af35c3f6aea2e8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/libs/better-auth/sso/providers/feishu.ts:80
        const tokenResponse = await fetch(FEISHU_TOKEN_URL, {
          body: JSON.stringify({
            client_id: clientId,
            client_secret: clientSecret,
            code,
            grant_type: 'authorization_code',
            redirect_uri: redirectURI,
          }),
          cache: 'no-store',
          headers: {
            'content-type': 'application/json; charset=utf-8',
          },
          method: 'POST',
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #282e1f6d607cc722 Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/libs/better-auth/sso/providers/feishu.ts:120
        const response = await fetch(FEISHU_USERINFO_URL, {
          cache: 'no-store',
          headers: {
            Authorization: `Bearer ${tokens.accessToken}`,
          },
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d9f0eb4bea266bee Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/libs/better-auth/sso/providers/wechat.ts:47
        const tokenUrl = new URL(WECHAT_TOKEN_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #98d341f9a13bf761 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/libs/better-auth/sso/providers/wechat.ts:53
        const response = await fetch(tokenUrl, { cache: 'no-store' });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1c7932c83735ac0b Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/libs/better-auth/sso/providers/wechat.ts:90
        const url = new URL(WECHAT_USERINFO_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d0793a65961dcfcf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/libs/better-auth/sso/providers/wechat.ts:95
        const response = await fetch(url, { cache: 'no-store' });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b0c3cecc11380a5b Environment-variable access.
repo/src/libs/better-auth/utils/config.ts:53
    normalizeOrigin(process.env.VERCEL_URL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed160937406456c7 Environment-variable access.
repo/src/libs/better-auth/utils/config.ts:54
    normalizeOrigin(process.env.VERCEL_BRANCH_URL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #8908194dafcd7655 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/libs/better-auth/utils/config.ts:98
      return (await redisClient.get(buildKey(key))) ?? null;

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #c3f67440e869004f Environment-variable access.
repo/src/libs/bootMetrics/finalize.test.ts:104
    process.env.NEXT_PUBLIC_BOOTSTRAP_METRICS_INGEST_URL = INGEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9cd00566fc3b51b7 Environment-variable access.
repo/src/libs/bootMetrics/finalize.test.ts:109
    delete process.env.NEXT_PUBLIC_BOOTSTRAP_METRICS_INGEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d339efe9db46c8c2 Environment-variable access.
repo/src/libs/bootMetrics/finalize.test.ts:113
    delete process.env.NEXT_PUBLIC_BOOTSTRAP_METRICS_INGEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #484a0651ac16961c Environment-variable access.
repo/src/libs/bootMetrics/finalize.ts:124
    const ingestUrl = process.env.NEXT_PUBLIC_BOOTSTRAP_METRICS_INGEST_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4404fc298bb76cef Environment-variable access.
repo/src/libs/debug-file-logger.ts:20
const shouldEnable = process.env.DEBUG_LOG_FILE === '1' && process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #09f0d8a9ae413ace Filesystem access.
repo/src/libs/document-loaders/loaders/code/__tests__/index.test.ts:26
    const code = fs.readFileSync(join(__dirname, `./long.txt`), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #15c65e9b5e8526c5 Filesystem access.
repo/src/libs/document-loaders/loaders/csv/__tests__/index.test.ts:11
    const content = fs.readFileSync(join(__dirname, `./demo.csv`), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #54cd84daef28f225 Filesystem access.
repo/src/libs/document-loaders/loaders/epub/__tests__/index.test.ts:11
    const content = fs.readFileSync(join(__dirname, `./demo.epub`));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #075a25f715b15bf1 Filesystem access.
repo/src/libs/document-loaders/loaders/latex/__tests__/index.test.ts:11
    const content = fs.readFileSync(join(__dirname, `./demo.tex`), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #35f89873a98be1c6 Filesystem access.
repo/src/libs/document-loaders/loaders/markdown/__tests__/index.test.ts:9
    const content = fs.readFileSync(join(__dirname, `./demo.mdx`), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2b91a624fb3fc0bb Filesystem access.
repo/src/libs/document-loaders/loaders/txt/__tests__/index.test.ts:45
    const content = fs.readFileSync(join(__dirname, `./pg24022.txt`), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41c1146471a40364 Environment-variable access.
repo/src/libs/mcp/client.ts:27
  const val = Number(process.env.MCP_TOOL_TIMEOUT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8efbab33a4c96cf Environment-variable access.
repo/src/libs/next/config/define-config.ts:20
  const isProd = process.env.NODE_ENV === 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4267645125805894 Environment-variable access.
repo/src/libs/next/config/define-config.ts:21
  const buildWithDocker = process.env.DOCKER === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dae1de9a15d456a6 Environment-variable access.
repo/src/libs/next/config/define-config.ts:23
  const shouldUseCSP = process.env.ENABLED_CSP === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #087d123d1fdfbe7b Environment-variable access.
repo/src/libs/next/config/define-config.ts:26
    process.env.NODE_ENV === 'test' || process.env.TEST === '1' || process.env.E2E === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a57e091aa545dc76 Environment-variable access.
repo/src/libs/next/config/define-config.ts:28
  const isStandaloneMode = buildWithDocker || process.env.NEXT_BUILD_STANDALONE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5c4263bfd916bd0 Environment-variable access.
repo/src/libs/next/config/define-config.ts:59
  const assetPrefix = process.env.NEXT_PUBLIC_ASSET_PREFIX;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f16721206abbf559 Environment-variable access.
repo/src/libs/next/proxy/define-config.ts:44
    secure: process.env.NODE_ENV === 'production',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f3b238a11cc5884 Environment-variable access.
repo/src/libs/next/proxy/define-config.ts:115
        port: process.env.PORT || '3210',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93029f2bae95d0b1 Environment-variable access.
repo/src/libs/next/proxy/define-config.ts:121
      url.port = process.env.PORT || '3210';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b388e7ff053fa04 Environment-variable access.
repo/src/libs/qstash/index.ts:10
  ...(process.env.VERCEL_AUTOMATION_BYPASS_SECRET && {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7dee554100670cf0 Environment-variable access.
repo/src/libs/qstash/index.ts:11
    'x-vercel-protection-bypass': process.env.VERCEL_AUTOMATION_BYPASS_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf59591ea0961be1 Environment-variable access.
repo/src/libs/qstash/index.ts:141
  token: process.env.QSTASH_TOKEN!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a47cdce3f73bd2d Environment-variable access.
repo/src/libs/qstash/index.ts:150
  token: process.env.QSTASH_TOKEN!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98a7d7ba2793e2b1 Environment-variable access.
repo/src/libs/qstash/index.ts:158
  const currentSigningKey = process.env.QSTASH_CURRENT_SIGNING_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cc0bd392617ab16 Environment-variable access.
repo/src/libs/qstash/index.ts:159
  const nextSigningKey = process.env.QSTASH_NEXT_SIGNING_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3ddf785b0204e64 Environment-variable access.
repo/src/libs/redis/manager.ts:4
export const isRedisDisabledByEnv = () => !!process.env.DISABLE_REDIS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #082de1e513f279d6 Environment-variable access.
repo/src/libs/redis/redis.test.ts:6
  const url = process.env.REDIS_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fc27107040435ff5 Environment-variable access.
repo/src/libs/redis/redis.test.ts:10
  const database = Number.parseInt(process.env.REDIS_DATABASE ?? '', 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #197a90092f1226dd Environment-variable access.
repo/src/libs/redis/redis.test.ts:15
    password: process.env.REDIS_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7d60975c48e2e6a8 Environment-variable access.
repo/src/libs/redis/redis.test.ts:16
    prefix: process.env.REDIS_PREFIX ?? 'lobe-chat-test',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #576772e6ed5a81a0 Environment-variable access.
repo/src/libs/redis/redis.test.ts:17
    tls: process.env.REDIS_TLS === 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f5a8c0977628c185 Environment-variable access.
repo/src/libs/redis/redis.test.ts:19
    username: process.env.REDIS_USERNAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #44d388438dade468 Environment-variable access.
repo/src/libs/spaHtml/index.test.ts:42
    delete process.env.NEXT_PUBLIC_DESKTOP_PROJECT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9be951ecc40eb22c Environment-variable access.
repo/src/libs/spaHtml/index.test.ts:43
    delete process.env.NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f8b6b61556a16710 Environment-variable access.
repo/src/libs/spaHtml/index.test.ts:47
    process.env.NEXT_PUBLIC_DESKTOP_PROJECT_ID = 'pid';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e2a87f6451076723 Environment-variable access.
repo/src/libs/spaHtml/index.test.ts:48
    process.env.NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL = 'https://umami.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #405b5c5f908712ec Environment-variable access.
repo/src/libs/spaHtml/index.ts:8
  `http://localhost:${Number(process.env.VITE_DEV_PORT) || 9876}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #813f0c3d2b703122 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/libs/spaHtml/index.ts:67
  const res = await fetch(`${origin}${pathname}`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #905d5059d2bec54b Environment-variable access.
repo/src/libs/spaHtml/index.ts:130
    process.env.NEXT_PUBLIC_DESKTOP_PROJECT_ID &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a35ef667978da97c Environment-variable access.
repo/src/libs/spaHtml/index.ts:131
    process.env.NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3f5b4821be2da68 Environment-variable access.
repo/src/libs/spaHtml/index.ts:134
      baseUrl: process.env.NEXT_PUBLIC_DESKTOP_UMAMI_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c4140e735b3eb51 Environment-variable access.
repo/src/libs/spaHtml/index.ts:135
      projectId: process.env.NEXT_PUBLIC_DESKTOP_PROJECT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #050a1207eec6e859 Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/routes/(main)/agent/features/Conversation/WorkingSidebar/Browser/utils.ts:19
    const searchUrl = new URL('https://www.bing.com/search');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #2d33dc594fab1ff5 Filesystem access.
repo/src/services/electron/desktopExportService.tsx:32
    await localFileService.writeFile({
      content,
      path: result.filePath,
    });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5268db7d595c6f81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/services/electron/localFileService.ts:90
  const response = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #68f17322235ee046 Filesystem access.
repo/src/services/electron/localFileService.ts:128
    return ensureElectronIpc().localSystem.readFile(params);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ce952c0304284e96 Hardcoded external endpoint. Review what data is sent to this destination.
repo/src/services/global.ts:20
    const res = await fetch(VERSION_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3ed2f919e6f86f9c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/services/global.ts:51
    const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c98d085e8680827b Environment-variable access.
repo/src/services/marketApi.ts:202
    const marketBaseUrl = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'https://market.lobehub.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c8fc97ab93fa8eb0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/services/models.ts:49
    const res = await fetch(API_ENDPOINTS.models(provider), { headers });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f3ce31efec044356 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/services/models.ts:90
        res = await fetch(API_ENDPOINTS.modelPull(provider), {
          body: JSON.stringify({ model }),
          headers,
          method: 'POST',
          signal,
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b098276e13be9dc7 Filesystem access.
repo/src/services/projectFile.ts:164
      : localFileService.writeFile({ content, path });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #22669b1f790258c8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/services/trace.ts:9
      return fetch(API_ENDPOINTS.trace, {
        body: JSON.stringify(data),
        headers: { 'Content-Type': 'application/json' },
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #0531fea20c236de6 Filesystem access.
repo/src/spa/router/desktopRouter.sync.test.tsx:80
    readFile(path.join(process.cwd(), 'src/spa/router/desktopRouter.config.tsx'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4511a775b2ef0d4d Filesystem access.
repo/src/spa/router/desktopRouter.sync.test.tsx:81
    readFile(path.join(process.cwd(), 'src/spa/router/desktopRouter.config.desktop.tsx'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #05c10b2a3eccb6ee Filesystem access.
repo/src/spa/router/mobileRouter.test.tsx:8
    const source = await readFile(
      path.join(process.cwd(), 'src/spa/router/mobileRouter.config.tsx'),
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0bc10fea8ec1498a Filesystem access.
repo/src/store/chat/slices/agentRun/actions/__tests__/heterogeneousAgentExecutor.test.ts:2372
      const raw = fs.readFileSync(tracePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d3b456b19d4f1077 Filesystem access.
repo/src/store/chat/slices/agentRun/actions/__tests__/heterogeneousAgentExecutor.test.ts:3114
        traceData = JSON.parse(fs.readFileSync(tracePath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b8f5a466327c2b17 Environment-variable access.
repo/src/store/chat/slices/agentRun/actions/lifecycle/buildRunLifecycle.test.ts:304
    const previous = process.env.NEXT_PUBLIC_DEV_DISABLE_AUTO_TOPIC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4b999697234405d3 Environment-variable access.
repo/src/store/chat/slices/agentRun/actions/lifecycle/buildRunLifecycle.test.ts:305
    process.env.NEXT_PUBLIC_DEV_DISABLE_AUTO_TOPIC = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #58e8bb66e23ab73a Environment-variable access.
repo/src/store/chat/slices/agentRun/actions/lifecycle/buildRunLifecycle.test.ts:328
        delete process.env.NEXT_PUBLIC_DEV_DISABLE_AUTO_TOPIC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d9ffbb2c43f24c13 Environment-variable access.
repo/src/store/chat/slices/agentRun/actions/lifecycle/buildRunLifecycle.test.ts:330
        process.env.NEXT_PUBLIC_DEV_DISABLE_AUTO_TOPIC = previous;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75c926eb8a973f2c Environment-variable access.
repo/src/store/chat/slices/agentRun/actions/lifecycle/buildRunLifecycle.ts:196
        __DEV__ && process.env.NEXT_PUBLIC_DEV_DISABLE_AUTO_TOPIC === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f7972ea4a634bd5f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/store/chat/slices/builtinTool/actions/interpreter.ts:73
          const blob = await fetch(file.url).then((res) => res.blob());

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ecd13a68498e43f8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/store/chat/slices/builtinTool/actions/interpreter.ts:77
          const blob = await fetch(image.url).then((res) => res.blob());

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f0a5072bad110cc2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/src/store/chat/slices/builtinTool/actions/interpreter.ts:87
                const blob = await fetch(item.url).then((res) => res.blob());

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #12b218ed8ad25c16 Environment-variable access.
repo/src/store/chat/slices/message/action.test.ts:80
  process.env.NEXT_PUBLIC_BASE_PATH = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d95e7cbf503c46f Environment-variable access.
repo/src/store/serverConfig/slices/featureFlagOverride/action.ts:11
const isDevEnv = () => process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fe9c1b64fec23dc Environment-variable access.
repo/src/store/serverConfig/slices/featureFlagOverride/storage.ts:7
const isDevEnv = () => process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3eca63d70441c508 Environment-variable access.
repo/vite.config.ts:20
const isMobile = process.env.MOBILE === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b170aa2ca244f2c0 Environment-variable access.
repo/vite.config.ts:21
const isAuth = process.env.AUTH === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cd81ddc0ba7508d3 Environment-variable access.
repo/vite.config.ts:22
const mode = process.env.NODE_ENV === 'production' ? 'production' : 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d1c3563d0ce77e9e Environment-variable access.
repo/vite.config.ts:26
const isDev = process.env.NODE_ENV !== 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #917d4d6ccdf8e87c Environment-variable access.
repo/vite.config.ts:28
const enableViteDevTools = process.env.LOBE_VITE_DEVTOOLS === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7369adbd58283878 Environment-variable access.
repo/vite.config.ts:31
  const pathValue = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ddabbbcbb8850859 Environment-variable access.
repo/vite.config.ts:35
    const pathExt = (process.env.PATHEXT || '.COM;.EXE;.BAT;.CMD')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3020692aab957a12 Environment-variable access.
repo/vite.config.ts:105
  base: isDev ? '/' : process.env.VITE_CDN_BASE || (isAuth ? '/_spa-auth/' : '/_spa/'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #f37dc5858463809e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/vite.config.ts:216
                    const res = await fetch(rootUrl, { signal: AbortSignal.timeout(5_000) });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #07601d9c04b97d66 Environment-variable access.
repo/vite.config.ts:304
      ? Number(process.env.MOBILE_SPA_PORT) || 3012

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e12f8678a5d456f5 Environment-variable access.
repo/vite.config.ts:306
        ? Number(process.env.AUTH_SPA_PORT) || 3013

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f0a1723814fa358c Environment-variable access.
repo/vite.config.ts:307
        : Number(process.env.SPA_PORT) || 9876,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #15740c8663af1465 Environment-variable access.
repo/vite.config.ts:313
      '/api': `http://localhost:${process.env.PORT || 3010}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f3691512ba41e8c5 Environment-variable access.
repo/vite.config.ts:314
      '/oidc': `http://localhost:${process.env.PORT || 3010}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fe1ce2cac37aaee4 Environment-variable access.
repo/vite.config.ts:315
      '/trpc': `http://localhost:${process.env.PORT || 3010}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #639c17126248d787 Environment-variable access.
repo/vite.config.ts:316
      '/webapi': `http://localhost:${process.env.PORT || 3010}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/heterogeneous-agents

npm first-party
medium telemetry production #09752f0ed1bf1672 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/agentStreamPipeline.ts:137
      const payload = this.codexTracker ? await this.codexTracker.track(raw as any) : raw;

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #030207b0328af76c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:28
    await tracker.track({
      item: {
        changes: [
          { kind: 'update', path: updatePath },
          { kind: 'add', path: addPath },
        ],
        id: 'item_1',
        type: 'file_change',
      },
      type: 'item.started',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #4a895a148c38b073 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:43
    const enriched = await tracker.track({
      item: {
        changes: [
          { kind: 'update', path: updatePath },
          { kind: 'add', path: addPath },
        ],
        id: 'item_1',
        type: 'file_change',
      },
      type: 'item.completed',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #0b86cb1a8b461fc7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:88
    await tracker.track({
      item: {
        changes: [],
        id: 'item_missing_snapshot',
        type: 'file_change',
      },
      type: 'item.started',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #45d223734cdf69b3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:99
    const enriched = await tracker.track({
      item: {
        changes: [{ kind: 'update', path: updatePath }],
        id: 'item_missing_snapshot',
        type: 'file_change',
      },
      type: 'item.completed',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #d5799a1921a5096b Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:124
    await tracker.track({
      item: {
        changes: [{ kind: 'update', path: updatePath }],
        id: 'item_missing_file_snapshot',
        type: 'file_change',
      },
      type: 'item.started',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #5a02b016a86b8369 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:138
    const enriched = await tracker.track({
      item: {
        changes: [{ kind: 'update', linesAdded: 5, linesDeleted: 0, path: updatePath }],
        id: 'item_missing_file_snapshot',
        type: 'file_change',
      },
      type: 'item.completed',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #9a2ae058fcfc01f2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:167
    await tracker.track({
      item: {
        changes: [{ kind: 'rename', path: afterPath }],
        id: 'item_rename',
        type: 'file_change',
      },
      type: 'item.started',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #0a38e74434d95e70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:178
    const enriched = await tracker.track({
      item: {
        changes: [{ kind: 'rename', path: afterPath }],
        id: 'item_rename',
        type: 'file_change',
      },
      type: 'item.completed',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #c6feecca386a54e4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:207
    await tracker.track({
      item: {
        changes: [{ kind: 'update', path: relativePath }],
        id: 'item_relative',
        type: 'file_change',
      },
      type: 'item.started',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #a59fcdb600019f16 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:218
    const enriched = await tracker.track({
      item: {
        changes: [{ kind: 'update', path: relativePath }],
        id: 'item_relative',
        type: 'file_change',
      },
      type: 'item.completed',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #c0293afcd3833184 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:248
    await tracker.track({
      item: {
        changes: [{ kind: 'add', path: addPath }],
        id: 'item_plus_prefix',
        type: 'file_change',
      },
      type: 'item.started',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry test-only Excluded from app score #73a383e8251c7de5 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:259
    const enriched = await tracker.track({
      item: {
        changes: [{ kind: 'add', path: addPath }],
        id: 'item_plus_prefix',
        type: 'file_change',
      },
      type: 'item.completed',
    });

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 80 low-confidence finding(s)
low env_fs test-only Excluded from app score #f78657b40c141865 Filesystem access.
repo/packages/heterogeneous-agents/src/adapters/codex.test.ts:8
  const raw = await readFile(new URL(`./__fixtures__/codex/${name}`, import.meta.url), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9d69732d96ac5d05 Environment-variable access.
repo/packages/heterogeneous-agents/src/adapters/codex.test.ts:181
    const previousTimezone = process.env.TZ;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #193efc161d58a8e5 Environment-variable access.
repo/packages/heterogeneous-agents/src/adapters/codex.test.ts:182
    process.env.TZ = 'Asia/Shanghai';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #882716b20bb23e50 Environment-variable access.
repo/packages/heterogeneous-agents/src/adapters/codex.test.ts:208
        delete process.env.TZ;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1facbb6edea52d73 Environment-variable access.
repo/packages/heterogeneous-agents/src/adapters/codex.test.ts:210
        process.env.TZ = previousTimezone;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93d534b88643fa26 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/claudeAgentSdkSession.ts:16
  const raw = process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9454b1f401feb553 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/cliSpawn.ts:187
    const source = await readFile(shimPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0df788568a9d7430 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:24
    await writeFile(updatePath, 'hello\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #026ca7ab4d9c9a80 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:40
    await writeFile(updatePath, 'hello\nappended line\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0ddd7860d803c76b Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:41
    await writeFile(addPath, 'line one\nline two\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #56ba1bd215aa7274 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:84
    await writeFile(updatePath, 'line one\nline two\nline three\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4fc592791d2d18ef Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:97
    await writeFile(updatePath, 'line one\nline two updated\nline three\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2e4a4475bc12b63a Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:136
    await writeFile(updatePath, `${originalContent}\nnew 1\nnew 2\nnew 3\nnew 4\nnew 5\n`, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #91a5fee17490bcac Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:163
    await writeFile(beforePath, 'content\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7cc36482d094b785 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:203
    await writeFile(absolutePath, 'before\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #630fd088f249f167 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:216
    await writeFile(absolutePath, 'before\nafter\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #84afc5790d2008e2 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.test.ts:257
    await writeFile(addPath, '++leading content\n+++header lookalike\n', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50323546f9f069e8 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexFileChangeTracker.ts:64
      content: await readFile(filePath, 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bfbf6bf7ecc640cd Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexModel.test.ts:38
    await writeFile(
      path.join(codexHome, 'config.toml'),
      [
        'model = "gpt-5.4"',
        '',
        '[profiles.fast]',
        'model = "gpt-5.5-mini"',
        '',
        '[profiles."quoted.name"]',
        'model = "gpt-5.5"',
      ].join('\n'),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #84fab3cdab930e96 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexModel.test.ts:76
    await writeFile(path.join(codexHome, 'config.toml'), 'model = "gpt-5.4"\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #78bee688541e8952 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexModel.test.ts:94
    await writeFile(
      path.join(sessionDir, 'rollout-2026-06-11T01-31-27-thread-123.jsonl'),
      [
        JSON.stringify({ payload: { model_provider: 'openai' }, type: 'session_meta' }),
        JSON.stringify({ payload: { model_context_window: 258_400 }, type: 'turn_context' }),
        JSON.stringify({ payload: { model: 'gpt-5.5' }, type: 'event_msg' }),
      ].join('\n'),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #352509d932eac7db Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexModel.test.ts:117
    await writeFile(
      path.join(sessionDir, 'rollout-2026-06-11T01-31-27-thread-usage.jsonl'),
      [
        JSON.stringify({
          payload: {
            info: {
              total_token_usage: {
                cached_input_tokens: 5,
                input_tokens: 25,
                output_tokens: 9,
                reasoning_output_tokens: 4,
              },
            },
            type: 'token_count',
            usage: { input_tokens: 100, output_tokens: 100 },
          },
          type: 'event_msg',
          usage: { input_tokens: 200, output_tokens: 200 },
        }),
      ].join('\n'),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5f53fd0a135bc219 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexModel.test.ts:158
    await writeFile(
      path.join(sessionDir, 'rollout-2026-06-11T01-31-27-thread-legacy-usage.jsonl'),
      [
        JSON.stringify({
          payload: { usage: { input_tokens: 10, output_tokens: 2 } },
          type: 'event_msg',
        }),
        JSON.stringify({
          type: 'turn.completed',
          usage: { cached_input_tokens: 5, input_tokens: 25, output_tokens: 9 },
        }),
      ].join('\n'),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b50c04bb59b8bc6 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexModel.ts:189
    const config = await readFile(path.join(getCodexHome(env, homeDir), 'config.toml'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b7d822c8f56d686 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/codexModel.ts:275
  const content = await readFile(sourceFile, 'utf8').catch(() => undefined);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #1c5f7f28ad3a38d6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/heterogeneous-agents/src/spawn/fileStoreImageUploader.ts:66
      const uploadRes = await fetch(presignedUrl, {
        body: buffer,
        headers: { 'Content-Type': mediaType },
        method: 'PUT',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #f4bcfafb42fa8f51 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/buildAgentInput.test.ts:67
      await writeFile(filePath, PNG_BYTES);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ddb52c03a837cd8f Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/buildAgentInput.test.ts:228
      const written = await readFile(imagePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2b90510554b4d33b Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/buildAgentInput.test.ts:234
      await writeFile(filePath, PNG_BYTES);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7df21aecb25f119 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/normalizeImage.ts:137
      const meta = JSON.parse(await readFile(metaPath, 'utf8')) as { mediaType?: string };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #536fff147bb8a765 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/normalizeImage.ts:138
      const buffer = await readFile(dataPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #616eb64b8584085a Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/normalizeImage.ts:158
    await writeFile(path.join(cacheDir, key), buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9ee6727de303255 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/normalizeImage.ts:159
    await writeFile(
      path.join(cacheDir, `${key}.meta`),
      JSON.stringify({ id: source.id, mediaType }),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53aa297da3b22733 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/normalizeImage.ts:169
  const buffer = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34d978a370eb9bac Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/input/normalizeImage.ts:238
    await writeFile(filePath, image.buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8aa62041d390d1d8 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:94
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3f8b9a83cc67eaa6 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:95
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4e970bfdc771574e Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:97
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9998c787aab536c6 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:98
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1b3e5ffd063d658e Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:117
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #09265ee3cb51ffe7 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:118
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d2127804846266fa Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:119
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4606cf96c6609709 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:124
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d8843a8ba4c8ecd5 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:125
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4be44ebc0c56fae5 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:126
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a83257cb2203f9a2 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:127
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5c8c197b1fb834de Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:144
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #508b299b6f12077a Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:145
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6732ba2c5504e627 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:146
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d6a2f626e3585bc4 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:151
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #49c0bfec707e67d8 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:152
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ab2075e51be90cfb Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:153
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #501f49c129ff21aa Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:154
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9e1230d40821f4f3 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:167
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2b9c865eb560a300 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:168
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0eea4e53012490b3 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:169
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d222f1d4124dcf80 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:174
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #884b86b06456643d Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:175
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b274a0fb35d2ec44 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:176
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ed13f2c613d73a6d Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:177
      process.env.SHELL = '/bin/zsh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f6966aa02a8cb7fe Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:194
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b9546fd105bfb8e1 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:195
        process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3316ab26a04be6bb Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:275
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #338461b614f15613 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:276
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #30637429e65fbf08 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:277
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #db9185cb46346cc1 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:278
      process.env.SHELL = '/bin/zsh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e26fa1fc00a1b11b Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:292
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fe046a11518a652e Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:293
        process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6f4ebebae24f2c35 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:298
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2bc2199700e871fa Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:299
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #65b79c2a3bd40e11 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:302
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c315be947e894fd4 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:303
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #713a594fc10eab67 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:318
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1def0fe6d9b4c89a Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:319
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e24bbeef15f78a85 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.test.ts:320
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68c4e52c9a3987a7 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.ts:79
  const shell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #404bec8c64975a8f Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.ts:153
    const lookupPath = mergePathValues(shellPath, process.env.PATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad0eb684838a0c61 Environment-variable access.
repo/packages/heterogeneous-agents/src/spawn/resolveCliCommand.ts:155
    if (lookupPath && lookupPath !== process.env.PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c2d16a3a89e55879 Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/spawnAgent.test.ts:289
    const realCodexFixture = await readFile(
      new URL('../adapters/__fixtures__/codex/collab_tool_call.spawn_wait.jsonl', import.meta.url),
      'utf8',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a03c60b22599fecd Filesystem access.
repo/packages/heterogeneous-agents/src/spawn/spawnAgent.test.ts:297
    await writeFile(
      path.join(sessionDir, `rollout-2026-06-11T01-31-27-${threadId}.jsonl`),
      JSON.stringify({
        type: 'turn.completed',
        usage: { cached_input_tokens: 42_000, input_tokens: 51_000, output_tokens: 300 },
      }),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/web-crawler

npm first-party
medium pii_flow production #6417d6d817050ce8 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/browserless.ts:42 · flow /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/browserless.ts:14 → /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/browserless.ts:42
        fetch(
          qs.stringifyUrl({
            query: {
              blockAds: BROWSERLESS_BLOCK_ADS,
              launch: JSON.stringify({ stealth: BROWSERLESS_STEALTH_MODE }),
              token: BROWSERLESS_TOKEN,
            },
            url: urlJoin(BASE_URL, '/content'),
          }),
          {
            body: JSON.stringify(input),
            headers: {
              'Content-Type': 'application/json',
            },
            method: 'POST',
            signal,
          },
        ),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #bcf4f71bdf154fec A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/exa.ts:32 · flow /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/exa.ts:25 → /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/exa.ts:32
        fetch('https://api.exa.ai/contents', {
          body: JSON.stringify({
            livecrawl: 'fallback', // always, fallback
            text: true,
            urls: [url],
          }),
          headers: {
            'Content-Type': 'application/json',
            'x-api-key': !apiKey ? '' : apiKey,
          },
          method: 'POST',
          signal,
        }),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #f09c4aa5e643bd7b A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/firecrawl.ts:62 · flow /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/firecrawl.ts:54 → /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/firecrawl.ts:62
        fetch(`${baseUrl}/scrape`, {
          body: JSON.stringify({
            formats: ['markdown'], // ["markdown", "html"]
            url,
          }),
          headers: {
            'Authorization': !apiKey ? '' : `Bearer ${apiKey}`,
            'Content-Type': 'application/json',
          },
          method: 'POST',
          signal,
        }),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #fa19c42da193392a A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/jina.ts:17 · flow /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/jina.ts:11 → /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/jina.ts:17
        fetch(`${getJinaReaderBaseUrl()}/${url}`, {
          headers: {
            'Accept': 'application/json',
            'Authorization': token ? `Bearer ${token}` : '',
            'x-send-from': 'LobeChat Community',
          },
          signal,
        }),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #347cc1eff206bf8f A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/search1api.ts:26 · flow /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/search1api.ts:19 → /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/search1api.ts:26
        fetch('https://api.search1api.com/crawl', {
          body: JSON.stringify({
            url,
          }),
          headers: {
            'Authorization': !apiKey ? '' : `Bearer ${apiKey}`,
            'Content-Type': 'application/json',
          },
          method: 'POST',
          signal,
        }),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #d5d9e0b4b1522d70 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/web-crawler/src/crawImpl/tavily.ts:33 · flow /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/tavily.ts:26 → /tmp/closeopen-4_u_15or/repo/packages/web-crawler/src/crawImpl/tavily.ts:33
        fetch('https://api.tavily.com/extract', {
          body: JSON.stringify({
            extract_depth: process.env.TAVILY_EXTRACT_DEPTH || 'basic', // basic or advanced
            include_images: false,
            urls: url,
          }),
          headers: {
            'Authorization': !apiKey ? '' : `Bearer ${apiKey}`,
            'Content-Type': 'application/json',
          },
          method: 'POST',
          signal,
        }),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 82 low-confidence finding(s)
low env_fs test-only Excluded from app score #b7c60971efca34a3 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:15
    delete process.env.BROWSERLESS_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ba0f8e80504ff836 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:16
    delete process.env.BROWSERLESS_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #864f5a4df15e998a Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:26
    process.env.BROWSERLESS_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5ca0ed2077370bea Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:36
    process.env.BROWSERLESS_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b71bfee2111c391e Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:49
    process.env.BROWSERLESS_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #926c08a52c21468e Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:62
    process.env.BROWSERLESS_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dfa22603d1fc6492 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:96
    process.env.BROWSERLESS_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b95a8ab24a5a93cc Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/browserless.test.ts:137
    process.env.BROWSERLESS_TOKEN = 'test-token';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #554221cc09c28a99 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:16
    delete process.env.EXA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6f68945688b4781c Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:20
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a9a7b9aef4bd2baf Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:77
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #27808fdc4d9a60f8 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:101
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e3b4cc8af9d40793 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:122
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #af72bdc7f781b739 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:139
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f72f24d2232e7cca Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:156
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b979127f719e0430 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:167
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #190535da8a301dd7 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:178
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ecca7c2d0cd0d0c1 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:191
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f1199714df92c25b Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:210
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #83089996ffead99c Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/exa.test.ts:231
    process.env.EXA_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7c53d398acfb0fca Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:16
    delete process.env.FIRECRAWL_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #68ff13d2af42517d Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:17
    delete process.env.FIRECRAWL_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #980d88a3ffa918e4 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:21
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f7e00f876bd21cac Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:86
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #baa05cc581df7395 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:113
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #014c3bcf0aec693a Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:140
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f65e1c6bb854612a Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:157
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #aa5dec8478f7ceb5 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:174
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9960ad0eaf0ac3f3 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:185
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #813dd59e383d4876 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:198
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #63a7a5d46c5c7fc8 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:211
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2555b3a3d6ee0b80 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/firecrawl.test.ts:230
    process.env.FIRECRAWL_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8ee732c110deb572 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:22
    delete process.env.JINA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d7825b7e8132e88d Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:23
    delete process.env.JINA_READER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #47564f26bb4e5929 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:24
    delete process.env.JINA_USE_CN_DOMAINS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #25c7e51c0557d01e Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:28
    delete process.env.JINA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0063619dd7641688 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:29
    delete process.env.JINA_READER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #efa20439f9d1b5cf Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:30
    delete process.env.JINA_USE_CN_DOMAINS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2902f4aa1a7c215c Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:80
    process.env.JINA_READER_API_KEY = 'env-reader-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ea4d365dd101261e Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:105
    delete process.env.JINA_READER_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1dd082c7c36c2283 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:109
    process.env.JINA_API_KEY = 'env-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #49a012a6c2cb4563 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:134
    delete process.env.JINA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #17663598817fa470 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/jina.test.ts:163
    process.env.JINA_USE_CN_DOMAINS = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e18bf1d0bfddb74f Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/search1api.test.ts:19
    process.env.SEARCH1API_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cbb93fddd8f51914 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:16
    delete process.env.TAVILY_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0a0e9e74a1184ed2 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:17
    delete process.env.TAVILY_EXTRACT_DEPTH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #aed3c1a1b9c3c540 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:21
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1c0a73f61430eed1 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:55
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c3be7835259abbe9 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:56
    process.env.TAVILY_EXTRACT_DEPTH = 'advanced';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cd782249016debbc Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:98
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1c81ef19db1a9d11 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:123
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5872a1d08e1e2686 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:145
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a1ff2b012c3b62c9 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:168
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a29b57d2dbfaafaf Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:185
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a00f5a34c54995e8 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:202
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f9a134194f04d7a0 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:213
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b8b906f6cb366276 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:226
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9821751ed78bdb0b Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:239
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bfd6b18223482a0e Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:258
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #01f9f640cae7cc47 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:280
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #de2952c92e3eb10b Environment-variable access.
repo/packages/web-crawler/src/crawImpl/__tests__/tavily.test.ts:302
    process.env.TAVILY_API_KEY = 'test-api-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa68d0feebb97c71 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/browserless.ts:10
const BASE_URL = process.env.BROWSERLESS_URL ?? 'https://chrome.browserless.io';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b86c21e80749e41 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/browserless.ts:14
const BROWSERLESS_TOKEN = process.env.BROWSERLESS_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b41c1f6a687cbb1d Environment-variable access.
repo/packages/web-crawler/src/crawImpl/browserless.ts:16
const BROWSERLESS_BLOCK_ADS = process.env.BROWSERLESS_BLOCK_ADS === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #952630fd76307466 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/browserless.ts:17
const BROWSERLESS_STEALTH_MODE = process.env.BROWSERLESS_STEALTH_MODE === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d0377e9507145aa Environment-variable access.
repo/packages/web-crawler/src/crawImpl/browserless.ts:27
  if (!process.env.BROWSERLESS_URL && !process.env.BROWSERLESS_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #40c95dc012bbd58c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/web-crawler/src/crawImpl/browserless.ts:42
        fetch(
          qs.stringifyUrl({
            query: {
              blockAds: BROWSERLESS_BLOCK_ADS,
              launch: JSON.stringify({ stealth: BROWSERLESS_STEALTH_MODE }),
              token: BROWSERLESS_TOKEN,
            },
            url: urlJoin(BASE_URL, '/content'),
          }),
          {
            body: JSON.stringify(input),
            headers: {
              'Content-Type': 'application/json',
            },
            method: 'POST',
            signal,
          },
        ),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #5f3ad36e31aec33e Environment-variable access.
repo/packages/web-crawler/src/crawImpl/exa.ts:25
  const apiKey = process.env.EXA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #98d139aa8d02baf8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/web-crawler/src/crawImpl/exa.ts:32
        fetch('https://api.exa.ai/contents', {
          body: JSON.stringify({
            livecrawl: 'fallback', // always, fallback
            text: true,
            urls: [url],
          }),
          headers: {
            'Content-Type': 'application/json',
            'x-api-key': !apiKey ? '' : apiKey,
          },
          method: 'POST',
          signal,
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #668a4be1f89e3608 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/firecrawl.ts:54
  const apiKey = process.env.FIRECRAWL_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18efe7e7640e20fe Environment-variable access.
repo/packages/web-crawler/src/crawImpl/firecrawl.ts:55
  const baseUrl = process.env.FIRECRAWL_URL || 'https://api.firecrawl.dev/v2';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6f39dc598a185800 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/web-crawler/src/crawImpl/firecrawl.ts:62
        fetch(`${baseUrl}/scrape`, {
          body: JSON.stringify({
            formats: ['markdown'], // ["markdown", "html"]
            url,
          }),
          headers: {
            'Authorization': !apiKey ? '' : `Bearer ${apiKey}`,
            'Content-Type': 'application/json',
          },
          method: 'POST',
          signal,
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #4a981e018fa26720 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/jina.ts:11
  const token = params.apiKey ?? process.env.JINA_READER_API_KEY ?? process.env.JINA_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #998b0f74e40bf622 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/web-crawler/src/crawImpl/jina.ts:17
        fetch(`${getJinaReaderBaseUrl()}/${url}`, {
          headers: {
            'Accept': 'application/json',
            'Authorization': token ? `Bearer ${token}` : '',
            'x-send-from': 'LobeChat Community',
          },
          signal,
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8e45c2902dafc494 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/search1api.ts:19
  const apiKey = process.env.SEARCH1API_CRAWL_API_KEY || process.env.SEARCH1API_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2f1164d32366d84d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/web-crawler/src/crawImpl/search1api.ts:26
        fetch('https://api.search1api.com/crawl', {
          body: JSON.stringify({
            url,
          }),
          headers: {
            'Authorization': !apiKey ? '' : `Bearer ${apiKey}`,
            'Content-Type': 'application/json',
          },
          method: 'POST',
          signal,
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #2079711490e930b9 Environment-variable access.
repo/packages/web-crawler/src/crawImpl/tavily.ts:26
  const apiKey = process.env.TAVILY_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #7b22d8db958afb04 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/web-crawler/src/crawImpl/tavily.ts:33
        fetch('https://api.tavily.com/extract', {
          body: JSON.stringify({
            extract_depth: process.env.TAVILY_EXTRACT_DEPTH || 'basic', // basic or advanced
            include_images: false,
            urls: url,
          }),
          headers: {
            'Authorization': !apiKey ? '' : `Bearer ${apiKey}`,
            'Content-Type': 'application/json',
          },
          method: 'POST',
          signal,
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c6d24c360bfd5bcd Environment-variable access.
repo/packages/web-crawler/src/crawImpl/tavily.ts:35
            extract_depth: process.env.TAVILY_EXTRACT_DEPTH || 'basic', // basic or advanced

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a07f128103aae2b1 Filesystem access.
repo/packages/web-crawler/src/utils/htmlToMarkdown.test.ts:29
      const html = readFileSync(path.join(__dirname, `./html/${item.file}`), { encoding: 'utf8' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6eabc7e824a7e52a Environment-variable access.
repo/packages/web-crawler/src/utils/withTimeout.ts:3
export const DEFAULT_TIMEOUT = process.env.CRAWLER_TIMEOUT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28f35a1b0070b3b3 Environment-variable access.
repo/packages/web-crawler/src/utils/withTimeout.ts:4
  ? Number(process.env.CRAWLER_TIMEOUT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): apps/desktop/src/main

npm first-party
expand_more 184 low-confidence finding(s)
low egress production #25edc5c9544fdc5b Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/desktop/src/main/controllers/BrowserSidebarCtr.ts:54
    const searchUrl = new URL('https://www.bing.com/search');

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #e8d0ae403e1f63c3 Filesystem access.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:373
        readLocalFile: (p) => local.readFile(p),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9a4186fc958d53e Filesystem access.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:463
        return runtime.readFile({
          endLine: p.loc?.[1],
          path: p.path,
          startLine: p.loc?.[0],
        });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a75931e8aaf0503 Filesystem access.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:493
        return runtime.writeFile(args as WriteLocalFileParams);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f4cafe704d95d8b Filesystem access.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:737
      const content = fs.readFileSync(soulPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f1b359739147f33 Filesystem access.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:807
      const content = fs.readFileSync(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5cd1f15e5b085590 Environment-variable access.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:853
      const openclawAgent = process.env['OPENCLAW_AGENT_ID'] ?? 'main';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3199dbe00e6a916d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:1111
      await fetch(`${serverUrl}/trpc/lambda/agentNotify.notify`, {
        body: JSON.stringify({ json: body }),
        headers,
        method: 'POST',
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #678f742cc764b37a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:1145
    await fetch(`${serverUrl}/trpc/lambda/device.register`, {
      body: JSON.stringify({ json: info }),
      headers,
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c7b0dfba17dcf3b8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:1185
    const res = await fetch(`${auth.serverUrl}/trpc/lambda/device.mintWorkspaceConnectToken`, {
      // The mutation takes no input; `{json: null}` is the superjson-encoded
      // empty payload the tRPC HTTP handler expects.
      body: JSON.stringify({ json: null }),
      headers: auth.headers,
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8e0768c9af97bad6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/controllers/GatewayConnectionCtr.ts:1213
      const res = await fetch(`${auth.serverUrl}/trpc/lambda/device.listDevices`, {
        headers: auth.headers,
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #fa6d96b0dcc2644a Environment-variable access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:649
      String(process.env.LOBE_CLAUDE_CODE_SDK ?? '').toLowerCase(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26676a600b961125 Environment-variable access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:667
    if (process.env.NODE_ENV === 'test') return false;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7b5bf2a1c2a8341 Filesystem access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:768
      await writeFile(path.join(rootDir, '.last-live-trace'), `${dir}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1647003cac2eb96a Filesystem access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:769
      await writeFile(path.join(dir, 'stdout.jsonl'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f3b5a36a8076e38 Filesystem access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:770
      await writeFile(path.join(dir, 'stderr.log'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d68d6ac902cd889 Filesystem access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:772
        await writeFile(path.join(dir, 'stdin.txt'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fdc8fee2bddd739 Filesystem access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:774
      await writeFile(
        path.join(dir, 'meta.json'),
        `${JSON.stringify(
          {
            agentSessionId: session.agentSessionId,
            agentType: session.agentType,
            args: cliArgs,
            attachments: imageList.map((image) => this.getAttachmentTraceSummary(image)),
            command: session.command,
            createdAt: createdAt.toISOString(),
            cwd,
            envKeys: session.env ? Object.keys(session.env).sort() : [],
            model: session.model,
            modelSource: session.modelSource,
            resumeSessionId: session.resumeSessionId,
            sessionId: session.sessionId,
            stdinBytes: stdinPayload === undefined ? 0 : Buffer.byteLength(stdinPayload),
            stdinFile: stdinPayload === undefined ? undefined : 'stdin.txt',
            stderrFile: 'stderr.log',
            stdoutFile: 'stdout.jsonl',
            verifiedModel: session.verifiedModel,
            verifiedModelContextWindow: session.verifiedModelContextWindow,
            verifiedModelProvider: session.verifiedModelProvider,
            verifiedModelSessionId: session.verifiedModelSessionId,
            verifiedModelSourceFile: session.verifiedModelSourceFile,
          },
          null,
          2,
        )}\n`,
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93524f79c394277b Filesystem access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:845
    return this.queueCliTraceWrite(trace, () => writeFile(filePath, data));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #267cd2b4ec7f562c Filesystem access.
repo/apps/desktop/src/main/controllers/HeterogeneousAgentCtr.ts:933
    await writeFile(tmpConfigPath, JSON.stringify(config), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4121127c4348f9c5 Filesystem access.
repo/apps/desktop/src/main/controllers/LocalFileCtr.ts:353
    const data = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #aa4fd1420909106a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/controllers/RemoteServerSyncCtr.ts:127
    const clientReq = requester.request(requestOptions, (clientRes: IncomingMessage) => {
      logger.debug(`${logPrefix} Received response with status ${clientRes.statusCode}`);

      // Add debug information
      logger.debug(`${logPrefix} Response details:`, {
        headers: clientRes.headers,
        statusCode: clientRes.statusCode,
        statusMessage: clientRes.statusMessage,
      });

      // 1. Immediately send response headers and status code
      const responseData = {
        headers: clientRes.headers || {},
        status: clientRes.statusCode || 500,
        statusText: clientRes.statusMessage || 'Unknown Status',
      };

      logger.debug(`${logPrefix} Sending response data:`, responseData);
      sender.send(`stream:response:${requestId}`, responseData);

      // 2. Listen for data chunks and forward
      clientRes.on('data', (chunk: Buffer) => {
        if (sender.isDestroyed()) return;
        logger.debug(`${logPrefix} Received data chunk, size: ${chunk.length}. Forwarding...`);
        sender.send(`stream:data:${requestId}`, chunk);
      });

      // 3. Listen for end signal and forward
      clientRes.on('end', () => {
        logger.debug(`${logPrefix} Stream ended. Forwarding end signal...`);
        if (sender.isDestroyed()) return;
        sender.send(`stream:end:${requestId}`);
      });

      // 4. Listen for response stream errors and forward
      clientRes.on('error', (error) => {
        logger.error(`${logPrefix} Error reading response stream:`, error);
        if (sender.isDestroyed()) return;
        sender.send(`stream:error:${requestId}`, error);
      });
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #e9ce1bd200472b76 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:194
    originalClaudeSdkLabEnv = process.env.LOBE_CLAUDE_CODE_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #77288a9f2f280df8 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:201
    delete process.env.LOBE_CLAUDE_CODE_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #52d88171326bdfc2 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:205
    if (originalClaudeSdkLabEnv === undefined) delete process.env.LOBE_CLAUDE_CODE_SDK;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b2999a6b1d11266f Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:206
    else process.env.LOBE_CLAUDE_CODE_SDK = originalClaudeSdkLabEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a06cd9fbfd9d570d Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:268
      await writeFile(outOfRootDataPath, 'SECRET');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ef2fdd5d5f228669 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:269
      await writeFile(
        outOfRootMetaPath,
        JSON.stringify({ id: traversalId, mimeType: 'text/plain' }),
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #032f5ff0e6c1e8e5 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:288
      await expect(readFile(outOfRootDataPath, 'utf8')).resolves.toBe('SECRET');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #524d3fe0da9ad52e Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:580
      process.env.LOBE_CLAUDE_CODE_SDK = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #eb1370f2176ec0bd Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:684
        ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5b36caa5327196a3 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:685
        ANTHROPIC_AUTH_TOKEN: process.env.ANTHROPIC_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7d4397923470f7ff Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:686
        ANTHROPIC_BASE_URL: process.env.ANTHROPIC_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7abf757611265c53 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:688
      process.env.ANTHROPIC_API_KEY = 'sk-host-should-not-leak';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e5b250362197caa0 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:689
      process.env.ANTHROPIC_AUTH_TOKEN = 'host-token-should-not-leak';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c2be19930c5a4fd1 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:690
      process.env.ANTHROPIC_BASE_URL = 'https://host.example/should-not-leak';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8c7acefeb282953d Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:699
        expect(options.env.PATH).toBe(process.env.PATH);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e6bd5e07768a6729 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:702
          if (value === undefined) delete process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4c58e7ddb501d96f Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:703
          else process.env[key] = value;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2e2a78e556d52d89 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:709
      const originalKey = process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5cb5754a2f3b8ea7 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:710
      process.env.ANTHROPIC_API_KEY = 'sk-host-should-not-leak';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cb67fa1e8be13607 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:720
        if (originalKey === undefined) delete process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4844aba5e4511633 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:721
        else process.env.ANTHROPIC_API_KEY = originalKey;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bac9a782597ec239 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:998
        Promise.all(imagePaths.map((filePath) => readFile(filePath, 'utf8'))),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7e6cb0a3b990d8bd Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1013
      await expect(readFile(imagePaths[0], 'utf8')).resolves.toBe('PNG_TEST');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #da02f242da170141 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1033
      await expect(readFile(imagePaths[0])).resolves.toEqual(pngBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #13ac6d39fb029d53 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1105
      const originalNodeEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f69193e2eefdc69a Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1106
      process.env.NODE_ENV = 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #49ca0b6ade1c9ce1 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1125
        await expect(readFile(path.join(traceRoot, '.last-live-trace'), 'utf8')).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9d04f187a32b431e Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1128
        await expect(readFile(path.join(traceDir, 'stdin.txt'), 'utf8')).resolves.toBe(prompt);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dd2843e606835408 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1129
        await expect(readFile(path.join(traceDir, 'stdout.jsonl'), 'utf8')).resolves.toBe(rawLine);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e162ae7b8fb76e78 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1130
        await expect(readFile(path.join(traceDir, 'stderr.log'), 'utf8')).resolves.toBe('');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8a0cb9b53dc51580 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1131
        await expect(readFile(path.join(traceDir, 'exit.json'), 'utf8')).resolves.toContain(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6c6abb054f1b4653 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1135
        const meta = JSON.parse(await readFile(path.join(traceDir, 'meta.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4be6c9a49467ac17 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1148
        process.env.NODE_ENV = originalNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a243c65ae345f452 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1153
      const originalNodeEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #70fdd54d61af9418 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1155
      process.env.NODE_ENV = 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9f5ee6bbf8250421 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1174
        process.env.NODE_ENV = originalNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ec68406899bcffdc Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1179
      const originalNodeEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d2e3bceec34d3f87 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1182
      process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c74eb46f53424607 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1202
        await expect(readFile(path.join(traceDir, 'stdout.jsonl'), 'utf8')).resolves.toBe(rawLine);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0bc90bb6d60502cc Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1207
        process.env.NODE_ENV = originalNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #75560951b531f9fa Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1213
      const originalNodeEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e2fbad8e3e7cedf7 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1214
      process.env.NODE_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #325757256e9e3636 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1226
        process.env.NODE_ENV = originalNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8ea1aec12469f46a Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1232
      const originalNodeEnv = process.env.NODE_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fe7e1f38151f01b0 Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1233
      process.env.NODE_ENV = 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fd01077b3a58da6a Environment-variable access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1242
        process.env.NODE_ENV = originalNodeEnv;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9de5fb29fc8b4ffb Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/HeterogeneousAgentCtr.test.ts:1613
      await writeFile(tmpConfigPath, '{"mcpServers":{}}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1a8e6fcb69218e73 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:66
      await writeFile(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #382766af8d500e81 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:68
      const result = await localFileCtr.readFile({ path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8fa01597fd3e876f Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:86
      await writeFile(filePath, 'line1\nline2\nline3\nline4\nline5');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a2770701ed5ee558 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:88
      const result = await localFileCtr.readFile({ loc: [1, 3], path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bb2353f4452929b4 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:107
      await writeFile(filePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #34f8670f40df07ae Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:109
      const result = await localFileCtr.readFile({ fullContent: true, path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #00278e35ac5aafe4 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:126
      const result = await localFileCtr.readFile({
        path: path.join(tmpDir, 'does-not-exist.txt'),
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c1e536b0ba583c8a Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:154
      await writeFile(filePath, pngBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #60f7c77743d68a69 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:156
      const result = await localFileCtr.readFile({ path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2e4d8cc87d277fe5 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:173
      await writeFile(filePath, pngBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e289a8ecfead7ebb Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:175
      const result = await localFileCtr.readFile({ cwd: tmpDir, path: 'assets/nested.jpg' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4113353e231250db Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:187
      await writeFile(filePath, pngBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #53817673011078e0 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:189
      const result = await localFileCtr.readFile({ path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f17fda3da6ac8368 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:200
      await writeFile(filePath, pngBytes);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c37b133450b30e27 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:202
      const result = await localFileCtr.readFile({ path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #14659ec8bb420b42 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:210
      const result = await localFileCtr.readFile({ path: path.join(tmpDir, 'missing.png') });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a9233d6370b09262 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:220
      await writeFile(filePath, Buffer.alloc(10 * 1024 * 1024 + 1));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #20c4ab479b88a2b1 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:222
      const result = await localFileCtr.readFile({ path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2e7532aadc55c992 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:233
      await writeFile(filePath, svg);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #588de82902bbc953 Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:235
      const result = await localFileCtr.readFile({ path: filePath });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b9945a15f1e4a5ab Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:246
      await writeFile(file1, 'content a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cc6c49bfc203dbaf Filesystem access.
repo/apps/desktop/src/main/controllers/__tests__/LocalFileCtr.readFile.test.ts:247
      await writeFile(file2, 'content b');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa5cc373d8ab1213 Environment-variable access.
repo/apps/desktop/src/main/core/App.ts:102
    process.env.PATH = `${process.env.PATH}${pathSep}${getCliWrapperDir()}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcdfd483f3e04e8b Environment-variable access.
repo/apps/desktop/src/main/core/App.ts:477
    const ipcId = process.env.LOBE_IPC_ID || name;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4786fe41e19598bb Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/BinaryManager.ts:450
    const current = process.env.PATH ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f0b3e4146ef9907 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/BinaryManager.ts:453
    process.env.PATH = current ? `${current}${sep}${dir}` : dir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ca59015e506b725 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/BinaryManager.ts:552
    await writeFile(tmpMarker, resolvedVersion, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ba501d79d37d0d7 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/BinaryManager.ts:554
    await writeFile(markerPath, resolvedVersion, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b40c9128f8f71935 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/BinaryManager.ts:630
      const raw = await readFile(this.installedMarkerPath(name), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #2520dcc9514c99e1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/core/infrastructure/BinaryManager.ts:730
    https
      .get(url, { headers: { 'User-Agent': 'lobehub-desktop-binary-manager' } }, (res) => {
        if (
          res.statusCode &&
          res.statusCode >= 300 &&
          res.statusCode < 400 &&
          res.headers.location
        ) {
          const next = res.headers.location;
          res.resume();
          downloadWithRedirects(next, dest, maxRedirects - 1).then(resolve, reject);
          return;
        }

        if (res.statusCode !== 200) {
          res.resume();
          reject(new Error(`Download failed: HTTP ${res.statusCode} from ${url}`));
          return;
        }

        const file = createWriteStream(dest);
        pipeline(res, file).then(resolve, reject);
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #061686e1db0bef3b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/core/infrastructure/BinaryManager.ts:779
    https
      .get(
        apiUrl,
        {
          headers: {
            'Accept': 'application/vnd.github+json',
            'User-Agent': 'lobehub-desktop-binary-manager',
          },
        },
        (res) => {
          if (res.statusCode !== 200) {
            res.resume();
            reject(new Error(`GitHub release lookup failed for ${repo}: HTTP ${res.statusCode}`));
            return;
          }

          const chunks: Buffer[] = [];
          res.on('data', (chunk: Buffer) => chunks.push(chunk));
          res.on('end', () => {
            try {
              const body = JSON.parse(Buffer.concat(chunks).toString('utf8')) as {
                tag_name?: string;
              };
              if (!body.tag_name) {
                reject(new Error(`GitHub release lookup for ${repo} returned no tag_name`));
                return;
              }
              resolve(body.tag_name);
            } catch (error) {
              reject(error as Error);
            }
          });
          res.on('error', reject);
        },
      )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #719ca50b5ea4d2a0 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/LocalFileProtocolManager.ts:138
          const buffer = await readFile(realResolvedPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9180712901eb022 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/LocalFileProtocolManager.ts:289
    const buffer = await readFile(realFilePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75d30b1758c80e41 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/RendererProtocolManager.ts:195
    const buffer = await readFile(targetPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #00a4c07e9f1b2a94 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/core/infrastructure/RendererProtocolManager.ts:342
      const response = await fetch(target, init);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #422ffec3c4fb54a4 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/RendererUrlManager.ts:98
    const electronRendererUrl = process.env['ELECTRON_RENDERER_URL'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #68e8b88ea4503f9b Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:52
  await writeFile(path.join(dir, fileName), fileContent, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bf6cbb429d8072c1 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:53
  await writeFile(path.join(cacheRoot, name, '.installed'), version, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #450745efb9ba5e96 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:65
  originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #472ef78757b0b397 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:69
  process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9141aaf9453fbea5 Filesystem access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:176
      await writeFile(path.join(cacheRoot, 'foo', '.installed'), '1.0.0', 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d74091f7d3925705 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:201
      const before = process.env.PATH ?? '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #08fa45235d69f58d Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:206
      expect((process.env.PATH ?? '').split(sep)).toContain(installDir);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ceb2465c2fd925f4 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:210
      const segments = (process.env.PATH ?? '').split(sep);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e21237af1205cd4c Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/BinaryManager.test.ts:212
      expect(process.env.PATH).toContain(before);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #accd31410fc2cd75 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/RendererUrlManager.test.ts:54
    delete process.env['ELECTRON_RENDERER_URL'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #88649aa7e4613f85 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/RendererUrlManager.test.ts:95
      process.env['ELECTRON_RENDERER_URL'] = 'http://localhost:5173';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ca91099932ddec46 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/RendererUrlManager.test.ts:121
      process.env['ELECTRON_RENDERER_URL'] = 'http://localhost:5173';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f69da5f889ea60d9 Environment-variable access.
repo/apps/desktop/src/main/core/infrastructure/__tests__/RendererUrlManager.test.ts:142
      process.env['ELECTRON_RENDERER_URL'] = 'http://localhost:5173';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0d3ef6049edabaf7 Environment-variable access.
repo/apps/desktop/src/main/env.ts:56
  DESKTOP_BACKEND_PROXY_RETHROW_ERRORS: process.env.DESKTOP_BACKEND_PROXY_RETHROW_ERRORS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86c8b3a563aab58e Environment-variable access.
repo/apps/desktop/src/main/env.ts:57
  DESKTOP_EXTERNAL_NAVIGATION_HOSTS: process.env.DESKTOP_EXTERNAL_NAVIGATION_HOSTS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b558ca65ff70aa07 Environment-variable access.
repo/apps/desktop/src/main/env.ts:58
  UPDATE_CHANNEL: process.env.UPDATE_CHANNEL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #095c559757243d94 Environment-variable access.
repo/apps/desktop/src/main/env.ts:59
  UPDATE_SERVER_URL: process.env.UPDATE_SERVER_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68d78dccc97091c3 Environment-variable access.
repo/apps/desktop/src/main/env.ts:108
      UPDATE_CHANNEL: z.string().optional().default(process.env.UPDATE_CHANNEL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5048ddaffc5e833d Environment-variable access.
repo/apps/desktop/src/main/env.ts:112
      UPDATE_SERVER_URL: z.string().optional().default(process.env.UPDATE_SERVER_URL),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #80886d00399228ba Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:189
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #197f5dc965d2e085 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:190
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0903a782201ef6a1 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:191
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #77ef809e90de9ef3 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:192
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #414fe24c23628654 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:211
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fb4e0a5c6c7bb792 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:212
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #af2df7ad1f37738c Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:213
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9ed705a2d84f9f21 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:218
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #502835f04b14f4c0 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:219
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4f1aa21f17c36b74 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:220
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cebff777c53b71ef Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:221
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1260a848ca6adcfb Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:236
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1d49af8f844ec488 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:237
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a3d5db51bf996a96 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:238
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #561c027a63b70bd5 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:243
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #75b23ad0bff4fa7f Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:244
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5a177b7ef081915c Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:247
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #596b796d23e0da59 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:248
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #57f947734db7774d Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:267
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1f15979ed6f500f4 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:268
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #acc97d3eadd8f13a Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:269
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #60c5935b5621433f Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:274
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e55182282e5471c1 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:275
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #23908745360fc8b4 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:276
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8b7cfcfcc221ad7b Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:277
      delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b874ae912fea3f82 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:295
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bcbc7a58726f7e9e Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:296
        if (originalShell === undefined) delete process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7d16e1ae1ae9d8bb Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:297
        else process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #43cb570be21db638 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:313
      const originalPath = process.env.PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #64b1357ad06f87f7 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:314
      const originalShell = process.env.SHELL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #64c1b4cb5d2279f8 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:315
      process.env.PATH = '/usr/bin:/bin';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d7e9cd76a381571b Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:316
      process.env.SHELL = '/bin/zsh';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #10cf899d5908365a Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:354
        process.env.PATH = originalPath;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #04c0c81806577704 Environment-variable access.
repo/apps/desktop/src/main/modules/binaries/__tests__/cliAgentBinaries.test.ts:355
        process.env.SHELL = originalShell;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99ed67c341dd1356 Environment-variable access.
repo/apps/desktop/src/main/modules/browser/importChromeLoginData.ts:44
          process.env.PROGRAMFILES || 'C:\\Program Files',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6ef75117cc7815ff Environment-variable access.
repo/apps/desktop/src/main/modules/browser/importChromeLoginData.ts:47
        userData: path.join(process.env.LOCALAPPDATA || '', 'Google/Chrome/User Data'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1296ae07934417ae Filesystem access.
repo/apps/desktop/src/main/modules/browser/importChromeLoginData.ts:78
      const [port, browserPath] = (await readFile(portFile, 'utf8')).trim().split('\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4256cda18ddaf2a7 Filesystem access.
repo/apps/desktop/src/main/modules/browser/importChromeLoginData.ts:135
  const localState = JSON.parse(await readFile(localStatePath, 'utf8')) as ChromeLocalState;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #208b29e0f5058a4c Environment-variable access.
repo/apps/desktop/src/main/modules/cliEmbedding/generateCliWrapper.ts:16
  if (process.platform === 'linux' && process.env.APPIMAGE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc1d9b39e4b2b05d Environment-variable access.
repo/apps/desktop/src/main/modules/cliEmbedding/generateCliWrapper.ts:17
    return process.env.APPIMAGE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5bcb9f93c15c987 Filesystem access.
repo/apps/desktop/src/main/modules/cliEmbedding/generateCliWrapper.ts:95
  await writeFile(tmpPath, content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d37c0baa1d598b08 Environment-variable access.
repo/apps/desktop/src/main/modules/heterogeneousAgent/claudeCodeQuota.ts:55
): string | undefined => (options.env && key in options.env ? options.env[key] : process.env[key]);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d0aa1bd42543d4a Filesystem access.
repo/apps/desktop/src/main/modules/heterogeneousAgent/claudeCodeQuota.ts:133
    return parseCredentialsJson(await readFile(path.join(configDir, '.credentials.json'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #523f07526fb2e25b Environment-variable access.
repo/apps/desktop/src/main/modules/heterogeneousAgent/claudeCodeQuota.ts:150
  asNonEmpty(process.env.CLAUDE_CONFIG_DIR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #63f954006e5b6fd6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/desktop/src/main/modules/heterogeneousAgent/claudeCodeQuota.ts:310
    const response = await fetch(OAUTH_USAGE_URL, {
      headers: {
        'Authorization': `Bearer ${lookup.credentials.accessToken}`,
        'Content-Type': 'application/json',
        'User-Agent': OAUTH_USER_AGENT,
        'anthropic-beta': OAUTH_BETA_HEADER,
      },
      signal: controller.signal,
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b64153bba14db47c Environment-variable access.
repo/apps/desktop/src/main/modules/heterogeneousAgent/codexQuota.ts:113
  codexHomePath ?? env?.CODEX_HOME ?? process.env.CODEX_HOME ?? path.join(homedir(), '.codex');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2616e14fb11ae8c1 Filesystem access.
repo/apps/desktop/src/main/modules/heterogeneousAgent/codexQuota.ts:238
    auth = JSON.parse(await readFile(authPath, 'utf8')) as CodexAuthFile;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #9df49a01739c9f8a Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/desktop/src/main/modules/heterogeneousAgent/codexQuota.ts:273
    const response = await fetch(CODEX_RATE_LIMIT_RESET_CREDITS_URL, {
      ...auth,
      signal: controller.signal,
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7e39b12efb8cdc02 Hardcoded external endpoint. Review what data is sent to this destination.
repo/apps/desktop/src/main/modules/heterogeneousAgent/codexQuota.ts:321
    const response = await fetch(CODEX_RATE_LIMIT_RESET_CONSUME_URL, {
      body: JSON.stringify({
        ...(options.creditId ? { credit_id: options.creditId } : {}),
        redeem_request_id: options.idempotencyKey,
      }),
      headers: {
        ...auth.headers,
        'Content-Type': 'application/json',
      },
      method: 'POST',
      signal: controller.signal,
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #11f917145b2972ec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/modules/heterogeneousAgent/fileStorePort.ts:49
  const response = await fetch(`${base}/trpc/lambda/${procedure}`, {
    body: JSON.stringify(superjson.serialize(input)),
    headers: { 'Content-Type': 'application/json', 'Oidc-Auth': accessToken },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c2652bc0697957c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/modules/networkProxy/tester.ts:47
      const response = await fetch(url, { headers, signal: controller.signal });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6c0bf689c24d6dc5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/modules/networkProxy/tester.ts:116
        const response = await fetch(testUrl, {
          dispatcher: agent,
          headers: testHeaders,
          signal: controller.signal,
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #403cbe5eb330f60e Filesystem access.
repo/apps/desktop/src/main/modules/openInApp/iconExtractor.ts:145
    const buf = await readFile(outPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #33ec831c2f05965f Environment-variable access.
repo/apps/desktop/src/main/modules/terminal/index.ts:42
  if (process.platform === 'win32') return process.env.ComSpec || 'powershell.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6f9cfd661d49966 Environment-variable access.
repo/apps/desktop/src/main/modules/terminal/index.ts:43
  return process.env.SHELL || (process.platform === 'darwin' ? '/bin/zsh' : '/bin/bash');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28ab63754f61282c Environment-variable access.
repo/apps/desktop/src/main/pre-app-init.ts:20
  const userDataOverride = process.env.LOBE_DESKTOP_USER_DATA_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #36b27fc0bb737a64 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/services/__tests__/imessageBridgeSrv.test.ts:80
    const req = request(
      {
        headers: {
          'Content-Length': Buffer.byteLength(payload),
          'Content-Type': 'application/json',
        },
        hostname: '127.0.0.1',
        method: 'POST',
        path,
        port: 43_210,
      },
      (res) => {
        const chunks: Buffer[] = [];
        res.on('data', (chunk) => chunks.push(Buffer.from(chunk)));
        res.on('end', () =>
          resolve({
            body: Buffer.concat(chunks).toString('utf8'),
            status: res.statusCode ?? 0,
          }),
        );
      },
    );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #75ae8e9a3a199685 Filesystem access.
repo/apps/desktop/src/main/services/fileSrv.ts:100
      await writeFile(savedPath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d71b3af6b2e73cfe Filesystem access.
repo/apps/desktop/src/main/services/fileSrv.ts:112
      await writeFile(metaFilePath, JSON.stringify(metadata, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5cae36f7a503d2e4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/apps/desktop/src/main/services/imessageBridgeSrv.ts:364
    const response = await fetch(target, {
      body: JSON.stringify(event),
      headers: {
        ...(accessToken ? { Authorization: `Bearer ${accessToken}` } : {}),
        'Content-Type': 'application/json',
      },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): e2e

npm first-party
expand_more 31 low-confidence finding(s)
low env_fs production #6e58e05182aab463 Environment-variable access.
repo/e2e/cucumber.config.js:4
const reportsEnabled = !['0', 'false'].includes(String(process.env.E2E_REPORTS).toLowerCase());

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea28acb25c64bd27 Environment-variable access.
repo/e2e/cucumber.config.js:5
const parsedParallel = Number(process.env.E2E_PARALLEL || process.env.CUCUMBER_PARALLEL || 1);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #25f4e8be9076c552 Environment-variable access.
repo/e2e/cucumber.config.js:7
const canRunInParallel = Boolean(process.env.BASE_URL);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #6c435dd217509627 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/e2e/scripts/setup.ts:283
    const response = await fetch(`http://localhost:${port}/chat`, { method: 'HEAD' });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #938f990193322574 Environment-variable access.
repo/e2e/src/steps/auth/oidc-device-flow.steps.ts:48
  const databaseUrl = process.env.DATABASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a06b7fbd9442b8a3 Environment-variable access.
repo/e2e/src/steps/common/auth.steps.ts:36
  const PORT = process.env.PORT ? Number(process.env.PORT) : 3006;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a2a79bf3c1c7e2e Environment-variable access.
repo/e2e/src/steps/common/auth.steps.ts:37
  const baseURL = process.env.BASE_URL || `http://localhost:${PORT}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow production #3624d6ed4b5358ac A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent. Same-origin destination — not external exfiltration.
repo/e2e/src/steps/common/auth.steps.ts:41 · flow /tmp/closeopen-4_u_15or/repo/e2e/src/steps/common/auth.steps.ts:44 → /tmp/closeopen-4_u_15or/repo/e2e/src/steps/common/auth.steps.ts:41
    const response = await api.post('/api/auth/sign-in/email', {
      data: {
        email: TEST_USER.email,
        password: TEST_USER.password,
      },
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low pii_flow production #0181897961d20053 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Same-origin destination — not external exfiltration.
repo/e2e/src/steps/common/auth.steps.ts:41 · flow /tmp/closeopen-4_u_15or/repo/e2e/src/steps/common/auth.steps.ts:43 → /tmp/closeopen-4_u_15or/repo/e2e/src/steps/common/auth.steps.ts:41
    const response = await api.post('/api/auth/sign-in/email', {
      data: {
        email: TEST_USER.email,
        password: TEST_USER.password,
      },
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs production #acbda0b63ed9cd5c Environment-variable access.
repo/e2e/src/steps/home/sidebarAgent.steps.ts:62
  const databaseUrl = process.env.DATABASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81ecdc7f0b7a9474 Environment-variable access.
repo/e2e/src/steps/home/sidebarGroup.steps.ts:22
  const databaseUrl = process.env.DATABASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f91a6070949b929 Environment-variable access.
repo/e2e/src/steps/hooks.ts:9
process.env['E2E'] = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e84ec6ba780a887 Environment-variable access.
repo/e2e/src/steps/hooks.ts:20
  const PORT = process.env.PORT ? Number(process.env.PORT) : 3006;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c193f713433218e Environment-variable access.
repo/e2e/src/steps/hooks.ts:21
  baseUrl = process.env.BASE_URL || `http://localhost:${PORT}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bd211bcb63569ce Environment-variable access.
repo/e2e/src/steps/hooks.ts:29
  if (!process.env.BASE_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44736be64938a0fa Environment-variable access.
repo/e2e/src/steps/hooks.ts:33
      reuseExistingServer: !process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow production #55cc96d3a0e5def5 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent. Same-origin destination — not external exfiltration.
repo/e2e/src/steps/hooks.ts:42 · flow /tmp/closeopen-4_u_15or/repo/e2e/src/steps/hooks.ts:45 → /tmp/closeopen-4_u_15or/repo/e2e/src/steps/hooks.ts:42
    const response = await api.post('/api/auth/sign-in/email', {
      data: {
        email: TEST_USER.email,
        password: TEST_USER.password,
      },
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low pii_flow production #f1ac1060d756f365 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration. Same-origin destination — not external exfiltration.
repo/e2e/src/steps/hooks.ts:42 · flow /tmp/closeopen-4_u_15or/repo/e2e/src/steps/hooks.ts:44 → /tmp/closeopen-4_u_15or/repo/e2e/src/steps/hooks.ts:42
    const response = await api.post('/api/auth/sign-in/email', {
      data: {
        email: TEST_USER.email,
        password: TEST_USER.password,
      },
    });

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

low env_fs production #b18288e384a1247e Environment-variable access.
repo/e2e/src/steps/hooks.ts:140
  if (!process.env.BASE_URL && process.env.CI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4280542548cff41e Environment-variable access.
repo/e2e/src/support/seedTestUser.ts:5
const runId = process.env.E2E_RUN_ID || process.env.GITHUB_RUN_ID || 'local';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e777b90130e4cc6 Environment-variable access.
repo/e2e/src/support/seedTestUser.ts:6
const workerId = process.env.CUCUMBER_WORKER_ID || process.env.E2E_WORKER_ID || 'local';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52e57de4d43c773e Environment-variable access.
repo/e2e/src/support/seedTestUser.ts:33
  const databaseUrl = process.env.DATABASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43ee17166253ccee Environment-variable access.
repo/e2e/src/support/seedTestUser.ts:106
  const databaseUrl = process.env.DATABASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adba311707c0cf7c Environment-variable access.
repo/e2e/src/support/seedTestUser.ts:142
  const databaseUrl = process.env.DATABASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91de225385b73cb5 Environment-variable access.
repo/e2e/src/support/webServer.ts:39
  const envHost = process.env.HOST?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85062fe973a4563b Filesystem access.
repo/e2e/src/support/webServer.ts:110
    writeFileSync(LOCK_FILE, String(process.pid));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1781b5f429f39214 Environment-variable access.
repo/e2e/src/support/webServer.ts:147
      JWKS_KEY: process.env.JWKS_KEY || createTestOidcJwks(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #053acb7b72721312 Environment-variable access.
repo/e2e/src/support/world.ts:27
      headless: process.env.HEADLESS !== 'false',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #962c1e1881aadd56 Environment-variable access.
repo/e2e/src/support/world.ts:66
    const PORT = process.env.PORT ? Number(process.env.PORT) : 3006;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6121f464f535f36 Environment-variable access.
repo/e2e/src/support/world.ts:67
    const BASE_URL = process.env.BASE_URL || `http://localhost:${PORT}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab618dfb894a88b0 Filesystem access.
repo/e2e/src/support/world.ts:110
    fs.writeFileSync(filepath, screenshot);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/agent-runtime

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only Excluded from app score #752bc1c65e9795ee Environment-variable access.
repo/packages/agent-runtime/examples/tools-calling.ts:10
    apiKey: process.env.OPENAI_API_KEY || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fdc66a7a4e6496c7 Environment-variable access.
repo/packages/agent-runtime/examples/tools-calling.ts:237
  if (!process.env.OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3815916a76ea2e79 Filesystem access.
repo/packages/agent-runtime/src/agents/__tests__/GraphAgent.test.ts:104
    readFileSync(path.join(TEST_DIR, 'fixtures/goal-loop.graph.json'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/agent-tracing

npm first-party
expand_more 20 low-confidence finding(s)
low env_fs production #30c92380f01048e8 Filesystem access.
repo/packages/agent-tracing/src/cli/ctx-lint.ts:67
      const snap = JSON.parse(await readFile(path.join(dir, f), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #418bb6f0840cea45 Filesystem access.
repo/packages/agent-tracing/src/cli/ctx-lint.ts:109
            : [JSON.parse(await readFile(target, 'utf8'))];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c816d5ca0463cf76 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/agent-tracing/src/cli/inspect.ts:26
  const res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #689a8994438e067e Filesystem access.
repo/packages/agent-tracing/src/cli/tool-quality.ts:57
      out.push(JSON.parse(await readFile(path.join(dir, f), 'utf8')));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28bc951916fb267d Filesystem access.
repo/packages/agent-tracing/src/cli/tool-quality.ts:195
            snapshot = JSON.parse(await readFile(file, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #caa4b2d43e635321 Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:27
    await fs.writeFile(filePath, JSON.stringify(snapshot, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4674d45a21caa3a9 Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:46
      const content = await fs.readFile(path.join(this.dir, match), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86b3c59efb331028 Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:66
        const content = await fs.readFile(path.join(this.dir, file), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73d78a39bbe3a8c4 Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:81
      const content = await fs.readFile(realPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9eb37ff13732b3de Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:88
      const content = await fs.readFile(path.join(this.dir, files[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7da61194c302015 Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:122
      const content = await fs.readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eaeea3575831609 Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:129
      const content = await fs.readFile(path.join(this.partialDir(), match), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #652ceef38e6d0a69 Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:136
      const content = await fs.readFile(this.partialPath(operationId), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79a8c569252b130e Filesystem access.
repo/packages/agent-tracing/src/store/file-store.ts:145
    await fs.writeFile(this.partialPath(operationId), JSON.stringify(partial), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe196f77d0764f06 Environment-variable access.
repo/packages/agent-tracing/src/store/remote-store.ts:57
  if (process.env.TRACING_BASE_URL) return process.env.TRACING_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9caba875b249855 Filesystem access.
repo/packages/agent-tracing/src/store/remote-store.ts:63
    const content = await fs.readFile(envPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8808790fa8bb6b4d Filesystem access.
repo/packages/agent-tracing/src/store/remote-store.ts:92
      const content = await fs.readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #36551315bc6c2245 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/agent-tracing/src/store/remote-store.ts:129
    let res = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a025a03bada265c2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/agent-tracing/src/store/remote-store.ts:133
      const legacyRes = await fetch(legacyUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #89812cc18ab155cc Filesystem access.
repo/packages/agent-tracing/src/store/remote-store.ts:148
    await fs.writeFile(filePath, JSON.stringify(snapshot, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/app-config

npm first-party
expand_more 12 low-confidence finding(s)
low env_fs production #02ce8d3008f3366b Environment-variable access.
repo/packages/app-config/src/composio.ts:8
      COMPOSIO_API_KEY: process.env.COMPOSIO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e40fc365055bb7b2 Environment-variable access.
repo/packages/app-config/src/composio.ts:9
      COMPOSIO_AUTH_CONFIG_IDS: process.env.COMPOSIO_AUTH_CONFIG_IDS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53f170424df05432 Environment-variable access.
repo/packages/app-config/src/db.ts:7
      DATABASE_DRIVER: process.env.DATABASE_DRIVER || 'neon',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adc35d5c1f15117d Environment-variable access.
repo/packages/app-config/src/db.ts:8
      DATABASE_STATEMENT_TIMEOUT: process.env.DATABASE_STATEMENT_TIMEOUT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cba72434cbd0b65 Environment-variable access.
repo/packages/app-config/src/db.ts:9
      DATABASE_TEST_URL: process.env.DATABASE_TEST_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #195fbf01a7f00f68 Environment-variable access.
repo/packages/app-config/src/db.ts:10
      DATABASE_URL: process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1381ca7c82a3ff42 Environment-variable access.
repo/packages/app-config/src/db.ts:12
      KEY_VAULTS_SECRET: process.env.KEY_VAULTS_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac4bd28ed1929f1b Environment-variable access.
repo/packages/app-config/src/db.ts:14
      REMOVE_GLOBAL_FILE: process.env.DISABLE_REMOVE_GLOBAL_FILE !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #390876501d582f26 Environment-variable access.
repo/packages/app-config/src/featureFlags/index.ts:11
    FEATURE_FLAGS: process.env.FEATURE_FLAGS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17174ccdc9c24839 Environment-variable access.
repo/packages/app-config/src/featureFlags/schema.ts:5
const isDev = process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b6c1fe38d8caaa6 Environment-variable access.
repo/packages/app-config/src/messenger.ts:38
      LOBE_LINK_TOKEN_TTL_SECONDS: process.env.LOBE_LINK_TOKEN_TTL_SECONDS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b2a50f324c82758 Environment-variable access.
repo/packages/app-config/src/messenger.ts:182
    process.env.DISABLE_REDIS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/builtin-tool-cloud-sandbox

npm first-party
expand_more 3 low-confidence finding(s)
low egress production #09f2f697f3a4ba38 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/builtin-tool-cloud-sandbox/src/client/Render/ExportFile/index.tsx:34
        const response = await fetch(pluginState.downloadUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #71d3d490811dd8be Filesystem access.
repo/packages/builtin-tool-cloud-sandbox/src/executor/index.ts:101
    const result = await runtime.readFile(params);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c9feb48e1536e77 Filesystem access.
repo/packages/builtin-tool-cloud-sandbox/src/executor/index.ts:110
    const result = await runtime.writeFile(params);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/builtin-tool-creds

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #baece6c297a690e3 Environment-variable access.
repo/packages/builtin-tool-creds/src/ExecutionRuntime/index.ts:171
      const appUrl = (process.env.APP_URL || OFFICIAL_URL).replace(/\/+$/, '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/builtin-tool-local-system

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #9c30d1a58ba75e23 Filesystem access.
repo/packages/builtin-tool-local-system/src/client/executor/index.ts:105
      const result = await this.runtime.readFile({
        endLine: params.loc?.[1],
        path: params.path,
        startLine: params.loc?.[0],
      });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2d5009e0815f8cc Filesystem access.
repo/packages/builtin-tool-local-system/src/client/executor/index.ts:154
      const result = await this.runtime.writeFile(params);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/builtin-tool-skills

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #9e4090d77412bbe1 Filesystem access.
repo/packages/builtin-tool-skills/src/ExecutionRuntime/index.ts:320
        const content = await this.deviceFileAccess.readFile(fullPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da355d221a4e4eae Filesystem access.
repo/packages/builtin-tool-skills/src/ExecutionRuntime/index.ts:408
        let content = await this.deviceFileAccess.readFile(projectSkill.location);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/chat-adapter-feishu

npm first-party
expand_more 4 low-confidence finding(s)
low egress production #a05b9ceb8cc0873e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-feishu/src/api.ts:215
    const response = await fetch(url, {
      headers: { Authorization: `Bearer ${token}` },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3526a4b64c006585 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-feishu/src/api.ts:237
    const response = await fetch(`${this.baseUrl}/auth/v3/tenant_access_token/internal`, {
      body: JSON.stringify({ app_id: this.appId, app_secret: this.appSecret }),
      headers: { 'Content-Type': 'application/json' },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #56e1963c9a8e7190 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-feishu/src/api.ts:285
    const response = await fetch(url, init);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3d399e6c9ea5a062 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-feishu/src/api.ts:310
    const response = await fetch(url, {
      body: form,
      headers: { Authorization: `Bearer ${token}` },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/chat-adapter-imessage

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #51481ac2992f9fe8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-imessage/src/api.ts:280
    return await fetch(url, { ...init, signal });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/chat-adapter-line

npm first-party
expand_more 3 low-confidence finding(s)
low egress production #3a38e0276c3bf595 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-line/src/api.ts:86
    const res = await fetch(url, {
      headers: { Authorization: `Bearer ${this.accessToken}` },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f161278e54334ad0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-line/src/api.ts:104
    const res = await fetch(`${this.baseUrl}/v2/bot/info`, {
      headers: { Authorization: `Bearer ${this.accessToken}` },
      method: 'GET',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f44325e10f62ea9e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-line/src/api.ts:112
    const res = await fetch(`${this.baseUrl}${path}`, {
      body: JSON.stringify(body),
      headers: this.authHeaders,
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/chat-adapter-qq

npm first-party
expand_more 4 low-confidence finding(s)
low egress production #c24603f01efb5b4a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-qq/src/adapter.ts:436
    const response = await fetch(url, { signal: AbortSignal.timeout(30_000) });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #fdf68b1bf01a397e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/chat-adapter-qq/src/api.ts:29
    const response = await fetch(AUTH_URL, {
      body: JSON.stringify({
        appId: this.appId,
        clientSecret: this.clientSecret,
      }),
      headers: { 'Content-Type': 'application/json' },
      method: 'POST',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f16a0da25acb9368 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-qq/src/api.ts:68
    const response = await fetch(url, init);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ac06e8d6bfb4be72 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-qq/src/gateway.ts:430
    fetch(this.webhookUrl, {
      body: JSON.stringify(webhookPayload),
      headers: { 'Content-Type': 'application/json' },
      method: 'POST',
      signal: AbortSignal.timeout(30_000),
    }).catch((err) => {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/chat-adapter-wechat

npm first-party
expand_more 11 low-confidence finding(s)
low egress production #023cb7b58f9804b3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/adapter.ts:286
      const response = await fetch(imageItem.url, {
        signal: AbortSignal.timeout(15_000),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #21f193303af78bc7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/adapter.ts:342
      const response = await fetch(attachment.url, {
        signal: AbortSignal.timeout(15_000),
      });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0b50859d833fdd1b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:122
    const response = await fetch(`${this.baseUrl}/ilink/bot/getupdates`, {
      body: JSON.stringify(body),
      headers: buildHeaders(this.botToken),
      method: 'POST',
      signal: combinedSignal(signal, POLL_TIMEOUT_MS),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5b58b9a012f810a3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:180
    const response = await fetch(`${this.baseUrl}/ilink/bot/sendmessage`, {
      body: JSON.stringify(body),
      headers: buildHeaders(this.botToken),
      method: 'POST',
      signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e5f28a0bc6081c55 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:216
    const uploadParamResp = await fetch(`${this.baseUrl}/ilink/bot/getuploadurl`, {
      body: JSON.stringify({
        aeskey: aesKeyHex,
        base_info: BASE_INFO,
        filekey,
        filesize: cipherSize,
        media_type: mediaType,
        no_need_thumb: true,
        rawfilemd5,
        rawsize: rawSize,
        to_user_id: toUserId,
      }),
      headers: buildHeaders(this.botToken),
      method: 'POST',
      signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #707271034ef10c51 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:245
    const cdnResp = await fetch(cdnUrl, {
      body: new Uint8Array(ciphertext),
      headers: { 'Content-Type': 'application/octet-stream' },
      method: 'POST',
      signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ae4bda73aee817a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:273
    await fetch(`${this.baseUrl}/ilink/bot/sendtyping`, {
      body: JSON.stringify({
        base_info: BASE_INFO,
        ilink_user_id: toUserId,
        status: start ? 1 : 2,
        typing_ticket: typingTicket,
      }),
      headers: buildHeaders(this.botToken),
      method: 'POST',
      signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
    }).catch(() => {

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c77ca53019a9d2ea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:319
    const response = await fetch(url, {
      signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2a78d927c74b5d53 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:345
    const response = await fetch(`${this.baseUrl}/ilink/bot/getconfig`, {
      body: JSON.stringify({
        base_info: BASE_INFO,
        context_token: contextToken,
        ilink_user_id: userId,
      }),
      headers: buildHeaders(this.botToken),
      method: 'POST',
      signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #90b36894f7903e18 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:383
  const response = await fetch(url, { method: 'GET' });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cdc9c2d23cf7e286 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/chat-adapter-wechat/src/api.ts:401
  const response = await fetch(url, {
    headers: { 'iLink-App-ClientVersion': '1' },
    method: 'GET',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/database

npm first-party
expand_more 25 low-confidence finding(s)
low env_fs production #1aa35e5f0b244c6d Environment-variable access.
repo/packages/database/src/core/getTestDB.ts:19
const isServerDBMode = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ea1649a940f7653 Environment-variable access.
repo/packages/database/src/core/web-server.ts:14
  if (process.env.NODE_ENV === 'test') return {} as LobeChatDatabase;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6bc994e8b3221216 Environment-variable access.
repo/packages/database/src/core/web-server.ts:57
  if (process.env.MIGRATION_DB === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #112619aa6e9917dd Environment-variable access.
repo/packages/database/src/models/__tests__/apiKey.test.ts:21
  originalKeyVaultsSecret = process.env.KEY_VAULTS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4222aed3a88342c1 Environment-variable access.
repo/packages/database/src/models/__tests__/apiKey.test.ts:22
  process.env.KEY_VAULTS_SECRET = validKeyVaultsSecret;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b3f40cfbea8d42d Environment-variable access.
repo/packages/database/src/models/__tests__/apiKey.test.ts:31
  process.env.KEY_VAULTS_SECRET = originalKeyVaultsSecret;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #14a397ffe6ed0ebd Environment-variable access.
repo/packages/database/src/models/__tests__/apiKey.test.ts:177
      process.env.KEY_VAULTS_SECRET = 'Q10pwdq00KXUu9R+c8A8p4PSlIRWi7KwgUophBtkHVk=';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4b587dc7846ab717 Filesystem access.
repo/packages/database/src/models/__tests__/jsonbNullTest.test.ts:42
      readFileSync(file, 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b63c80c2e6287cc6 Environment-variable access.
repo/packages/database/src/models/__tests__/messages/message.query.test.ts:1580
  const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #94727d718d84346a Environment-variable access.
repo/packages/database/src/models/__tests__/session.test.ts:287
  const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ed7671ed482a256c Environment-variable access.
repo/packages/database/src/models/__tests__/topics/topic.query.test.ts:1566
  const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #625bc40487e6edb3 Environment-variable access.
repo/packages/database/src/models/userMemory/__tests__/activity.test.ts:240
    const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bc5029c0aee15335 Environment-variable access.
repo/packages/database/src/models/userMemory/__tests__/experience.test.ts:437
    const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #06c1f8c512cefd30 Environment-variable access.
repo/packages/database/src/models/userMemory/__tests__/identity.test.ts:455
    const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #784b0ab0d7733c2d Environment-variable access.
repo/packages/database/src/models/userMemory/__tests__/model.test.ts:523
      const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5675bf87f0db433e Environment-variable access.
repo/packages/database/src/repositories/home/__tests__/index.test.ts:457
  const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2819322e69e3ecc2 Environment-variable access.
repo/packages/database/src/repositories/home/index.test.ts:788
  const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4b5b10c2cb2ab53f Environment-variable access.
repo/packages/database/src/repositories/search/index.test.ts:36
const isServerDB = process.env.TEST_SERVER_DB === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #882eec204168599b Filesystem access.
repo/packages/database/src/repositories/topicImporter/__tests__/importTopic.test.ts:66
      const fileContent = readFileSync(jsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4e1e2764b1a6d74d Filesystem access.
repo/packages/database/src/repositories/topicImporter/__tests__/importTopic.test.ts:120
      const fileContent = readFileSync(jsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bbe69d7011e972f7 Filesystem access.
repo/packages/database/src/repositories/topicImporter/__tests__/importTopic.test.ts:175
      const fileContent = readFileSync(jsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #eab3ad1064ffe97f Filesystem access.
repo/packages/database/src/repositories/topicImporter/__tests__/importTopic.test.ts:209
      const fileContent = readFileSync(jsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #85d07fe206089dbe Filesystem access.
repo/packages/database/src/repositories/topicImporter/__tests__/importTopic.test.ts:234
      const fileContent = readFileSync(jsonPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #59ed972d4b962ce1 Environment-variable access.
repo/packages/database/src/server/models/__tests__/user.test.ts:25
  process.env.KEY_VAULTS_SECRET = 'ofQiJCXLF8mYemwfMWLOHoHimlPu91YmLfU7YZ4lreQ=';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1c7a875b9976ee95 Environment-variable access.
repo/packages/database/src/server/models/__tests__/user.test.ts:31
  process.env.KEY_VAULTS_SECRET = undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/device-control

npm first-party
expand_more 31 low-confidence finding(s)
low env_fs test-only Excluded from app score #c904b83e9e9c35c2 Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:19
  await writeFile(
    path.join(root, '.agents', 'skills', 'spa-routes', 'SKILL.md'),
    '---\nname: spa-routes\ndescription: SPA routing\n---\nbody',
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6f72dbfdad701f99 Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:23
  await writeFile(path.join(root, 'AGENTS.md'), '# Agents');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e61a984806a8dcc5 Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:79
    await writeFile(
      path.join(deviceSkillRoot, 'device-writer', 'SKILL.md'),
      '---\nname: device-writer\ndescription: Device writer\n---\nbody',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bc6e2b3ed1dc03e0 Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:84
    await writeFile(
      path.join(deviceSkillRoot, 'spa-routes', 'SKILL.md'),
      '---\nname: spa-routes\ndescription: Device duplicate\n---\nbody',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #549812877c701177 Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:112
    await writeFile(
      path.join(root, '.agents', 'skills', 'agent-testing', 'SKILL.md'),
      [
        '---',
        'name: agent-testing',
        'description: >',
        '  Agentic end-to-end testing for LobeHub: backend verification via the CLI,',
        '  frontend verification via agent-browser (Electron).',
        '---',
        'body',
      ].join('\n'),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d73c2cdce2fa4ddd Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:165
    await writeFile(oldPath, 'hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ee369114bc16f620 Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:180
    await writeFile(filePath, 'hello');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e5b0c519f22cdfd4 Filesystem access.
repo/packages/device-control/src/__tests__/dispatch.test.ts:202
    expect(await readFile(filePath, 'utf8')).toBe('remote edit');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0680c7b8e0403559 Filesystem access.
repo/packages/device-control/src/__tests__/filePreview.test.ts:15
  await writeFile(path.join(root, 'note.txt'), 'hello preview\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #65cc823aba594571 Filesystem access.
repo/packages/device-control/src/__tests__/filePreview.test.ts:16
  await writeFile(path.join(root, 'pic.png'), Buffer.from([0x89, 0x50, 0x4e, 0x47, 1, 2, 3]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #15a85e95841df15a Filesystem access.
repo/packages/device-control/src/__tests__/filePreview.test.ts:17
  await writeFile(path.join(outside, 'secret.txt'), 'do not read\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #aba97d86f60f2cdb Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:25
    await writeFile(path.join(dir, 'src', 'index.ts'), 'export const a = 1;\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b02f29a3c6224f2e Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:26
    await writeFile(path.join(dir, 'README.md'), '# hi\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d29e43e9d06ae4a3 Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:30
    await writeFile(path.join(dir, 'scratch.txt'), 'tmp\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #94273fded602a101 Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:49
    await writeFile(path.join(dir, 'one.txt'), '1\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7ec09bfa6e6fe8de Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:50
    await writeFile(path.join(dir, 'nested', 'deep', 'two.txt'), '2\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4487a0cc0d76cdab Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:51
    await writeFile(path.join(dir, '.agents', 'config.md'), '# cfg\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b1dce4eb4591f78e Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:80
    await writeFile(
      path.join(dir, 'src', 'components', 'Button.tsx'),
      'export const Button = 1;\n',
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #334dca795fdf9b96 Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:84
    await writeFile(path.join(dir, 'src', 'components', 'Input.tsx'), 'export const Input = 1;\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9ec31d7667b5441c Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:102
    await writeFile(path.join(dir, 'nested', 'deep', 'target-file.ts'), 'target\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #6a709ebb32af2797 Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:103
    await writeFile(path.join(dir, 'nested', 'deep', 'other.ts'), 'other\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8817ac43c50cd15e Filesystem access.
repo/packages/device-control/src/__tests__/projectFileIndex.test.ts:119
    await writeFile(path.join(dir, '.agents', 'skills', 'target-skill.md'), 'skill\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b4b636a778193950 Filesystem access.
repo/packages/device-control/src/__tests__/skillDirectory.test.ts:45
    await expect(readFile(path.join(result.extractedDir, 'SKILL.md'), 'utf8')).resolves.toBe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ef88ce345813ea56 Filesystem access.
repo/packages/device-control/src/__tests__/skillDirectory.test.ts:49
      readFile(path.join(result.extractedDir, 'scripts', 'run.sh'), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ec20cd75e5462cfd Filesystem access.
repo/packages/device-control/src/__tests__/skillDirectory.test.ts:51
    const marker = JSON.parse(await readFile(path.join(result.extractedDir, '.prepared'), 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6dfd7cdffe3497b Filesystem access.
repo/packages/device-control/src/filePreview.ts:121
    const buffer = await readFile(realFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85cd4d74b079ec9e Filesystem access.
repo/packages/device-control/src/skillDirectory.ts:99
      await writeFile(zipPath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52b17742c34e2cb9 Filesystem access.
repo/packages/device-control/src/skillDirectory.ts:111
        await writeFile(targetPath, Buffer.from(fileContent as Uint8Array));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3ef62204dbb2094 Filesystem access.
repo/packages/device-control/src/skillDirectory.ts:114
      await writeFile(
        path.join(stagingDir, '.prepared'),
        JSON.stringify({ preparedAt: Date.now(), url, zipHash }),
        'utf8',
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97d9d3007fc8ef69 Filesystem access.
repo/packages/device-control/src/workspace.ts:142
          const raw = await readFile(skillFile, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10374b6588260af9 Filesystem access.
repo/packages/device-control/src/workspace.ts:204
      const raw = await readFile(path.join(root, source), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/device-gateway-client

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #4b317962d4f2130c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/device-gateway-client/src/http.ts:290
    return fetch(`${this.gatewayUrl}${path}`, {
      body: JSON.stringify(body),
      headers: {
        'Authorization': `Bearer ${this.serviceToken}`,
        'Content-Type': 'application/json',
      },
      method: 'POST',
      ...(options?.timeout ? { signal: AbortSignal.timeout(options.timeout) } : {}),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/edge-config

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #38580c006d6453c5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/edge-config/src/index.ts:30
    return this.client.get<EdgeConfigData[K]>(key);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/electron-server-ipc

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #df335554131d45ed Filesystem access.
repo/packages/electron-server-ipc/src/ipcClient.ts:50
        const socketInfo = JSON.parse(fs.readFileSync(socketInfoPath, 'utf8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2c3f9024113b4ca Filesystem access.
repo/packages/electron-server-ipc/src/ipcServer.ts:56
        fs.writeFileSync(socketInfoPath, JSON.stringify({ socketPath: this.socketPath }), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/env

npm first-party
expand_more 430 low-confidence finding(s)
low env_fs test-only Excluded from app score #0a19610bb39bdb61 Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:19
    process.env.PLAUSIBLE_DOMAIN = 'example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #76185555dd2dc8a6 Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:20
    process.env.POSTHOG_KEY = 'posthog_key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ae3357370d847deb Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:21
    process.env.UMAMI_WEBSITE_ID = 'umami_id';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #55cb582d7416c7fc Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:22
    process.env.CLARITY_PROJECT_ID = 'clarity_id';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b42e2993e18a9cf Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:23
    process.env.ENABLE_VERCEL_ANALYTICS = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #616670520b20a3d6 Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:24
    process.env.GOOGLE_ANALYTICS_MEASUREMENT_ID = 'ga_id';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #466e9157f85c5027 Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:25
    process.env.X_ADS_PIXEL_ID = 'tw-pixel_id';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #63d5395040f29904 Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:26
    process.env.X_ADS_LOGIN_OR_SIGNUP_CLICKED_EVENT_ID = 'tw-pixel_id-login_or_signup_clicked';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1b2db61d8950d864 Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:27
    process.env.X_ADS_MAIN_PAGE_VIEW_EVENT_ID = 'tw-pixel_id-main_page_view';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #79f540b352f2c406 Environment-variable access.
repo/packages/env/src/__tests__/analytics.test.ts:28
    process.env.X_ADS_PURCHASE_EVENT_ID = 'tw-pixel_id-purchase_event_id';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #91f4e3b139221812 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:23
      process.env.AGENTS_INDEX_URL = 'https://custom-agents-url.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ddfcc76ca2c615af Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:24
      process.env.PLUGINS_INDEX_URL = 'https://custom-plugins-url.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a18e5e1ff72a5d56 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:32
      process.env.AGENTS_INDEX_URL = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5c508a8645bd1d23 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:33
      process.env.PLUGINS_INDEX_URL = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #43a9915bd5e9a176 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:48
      process.env.APP_URL = 'https://example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d7c5b56fc13b4fef Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:49
      delete process.env.INTERNAL_APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ea94065fc998bd03 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:57
      process.env.APP_URL = 'https://public.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #202957fc330c91aa Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:58
      process.env.INTERNAL_APP_URL = 'http://localhost:3210';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #92ad378906b2847a Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:66
      process.env.APP_URL = 'https://public.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cdb4fbb6baf64a01 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:67
      process.env.INTERNAL_APP_URL = 'http://internal-service:3210';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #68ca51eff07ddc8d Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:76
      process.env.APP_URL = 'https://cloudflare-proxied.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8019ecea40b73be5 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:77
      process.env.INTERNAL_APP_URL = 'http://127.0.0.1:3210';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e0e55358ec980341 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:90
    delete process.env.APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8d301c55471d146b Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:91
    delete process.env.VERCEL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7f7020c7df8df0ef Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:92
    delete process.env.VERCEL_ENV;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ebdf9320ff16b72a Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:93
    delete process.env.VERCEL_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #75751721ee677a7c Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:94
    delete process.env.VERCEL_BRANCH_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c7c1d995647ce339 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:95
    delete process.env.VERCEL_PROJECT_PRODUCTION_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #05414efaf4d8598a Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:99
    process.env.APP_URL = 'https://custom-app.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c7e7767d4f118001 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:100
    process.env.VERCEL = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9c6eb071a7dfed0b Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:109
      process.env.VERCEL = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #adabead4231050f5 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:110
      process.env.VERCEL_ENV = 'production';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3166e9f6205538d6 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:111
      process.env.VERCEL_PROJECT_PRODUCTION_URL = 'lobechat.vercel.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #020adefbfb3c1f04 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:112
      process.env.VERCEL_BRANCH_URL = 'lobechat-git-main-org.vercel.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8ec4829773602361 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:113
      process.env.VERCEL_URL = 'lobechat-abc123.vercel.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #53dd964213be78ab Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:121
      process.env.VERCEL = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1cc41e1b4ce7d4ce Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:122
      process.env.VERCEL_ENV = 'preview';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3512f9320577e0d1 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:123
      process.env.VERCEL_BRANCH_URL = 'lobechat-git-feature-org.vercel.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4246ba0ff341204e Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:124
      process.env.VERCEL_URL = 'lobechat-abc123.vercel.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d14f5dfe826d9e5 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:132
      process.env.VERCEL = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cf176859712754be Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:133
      process.env.VERCEL_ENV = 'preview';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b454a987b8a884a8 Environment-variable access.
repo/packages/env/src/__tests__/app.test.ts:134
      process.env.VERCEL_BRANCH_URL = 'lobechat-git-feature-org.vercel.app';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #367756a154e165ad Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:13
    process.env.NEXT_PUBLIC_ANALYTICS_PLAUSIBLE = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #60fa12df1723978f Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:14
    process.env.NEXT_PUBLIC_ANALYTICS_POSTHOG = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #22aa447a117b2083 Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:15
    process.env.NEXT_PUBLIC_POSTHOG_DEBUG = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #453532a18c1a62be Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:16
    process.env.NEXT_PUBLIC_I18N_DEBUG = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #eb0efa9624517536 Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:17
    process.env.NEXT_PUBLIC_I18N_DEBUG_BROWSER = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #503fdd4179db6014 Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:18
    process.env.NEXT_PUBLIC_I18N_DEBUG_SERVER = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2f316874efdb4d49 Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:27
    process.env.NEXT_PUBLIC_ANALYTICS_PLAUSIBLE = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #163b5bb9a48b1746 Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:28
    process.env.NEXT_PUBLIC_ANALYTICS_POSTHOG = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8935d4cb8c4591e0 Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:29
    process.env.NEXT_PUBLIC_POSTHOG_DEBUG = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #705818b02f069b6e Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:30
    process.env.NEXT_PUBLIC_I18N_DEBUG = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #93451104ac13662a Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:31
    process.env.NEXT_PUBLIC_I18N_DEBUG_BROWSER = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b5fc657cd602dd87 Environment-variable access.
repo/packages/env/src/__tests__/client.test.ts:32
    process.env.NEXT_PUBLIC_I18N_DEBUG_SERVER = '0';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f738a9a729655990 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:7
    delete process.env.SANDBOX_PROVIDER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ba0d2ee0c6f5003a Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:8
    delete process.env.ONLYBOXES_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c186a04ac9996838 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:9
    delete process.env.ONLYBOXES_JIT_ISSUER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #57339517a5fed61d Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:10
    delete process.env.ONLYBOXES_JIT_SIGNING_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1e267bdd0994fac2 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:11
    delete process.env.ONLYBOXES_JIT_TTL_SEC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e4e1fe4ebdef9629 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:12
    delete process.env.ONLYBOXES_LEASE_TTL_SEC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7bc0a45d6c8bfcbb Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:16
    process.env.SANDBOX_PROVIDER = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #70b55ce2c70a07b0 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:17
    process.env.ONLYBOXES_BASE_URL = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3d05438defb84c22 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:18
    process.env.ONLYBOXES_JIT_ISSUER = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #366b3a0697d30e29 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:19
    process.env.ONLYBOXES_JIT_SIGNING_KEY = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1179180589c2fa14 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:20
    process.env.ONLYBOXES_JIT_TTL_SEC = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2171c394abe5185d Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:21
    process.env.ONLYBOXES_LEASE_TTL_SEC = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f60cb2d297bb4372 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:35
    process.env.SANDBOX_PROVIDER = 'onlyboxes';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3ea0d6fe22fef496 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:36
    process.env.ONLYBOXES_BASE_URL = 'https://onlyboxes.example.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #93722cab524929df Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:37
    process.env.ONLYBOXES_JIT_ISSUER = 'lobehub-test';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1dc7dcee3dd383b2 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:38
    process.env.ONLYBOXES_JIT_SIGNING_KEY = 'jit-signing-key';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #14fb9cba94cda959 Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:39
    process.env.ONLYBOXES_JIT_TTL_SEC = '900';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a4ed9365a40ad2de Environment-variable access.
repo/packages/env/src/__tests__/sandbox.test.ts:40
    process.env.ONLYBOXES_LEASE_TTL_SEC = '3600';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f1bf2d2d4676854 Environment-variable access.
repo/packages/env/src/analytics.ts:39
      ENABLED_PLAUSIBLE_ANALYTICS: !!process.env.PLAUSIBLE_DOMAIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3af91a3ef2f27f36 Environment-variable access.
repo/packages/env/src/analytics.ts:40
      PLAUSIBLE_DOMAIN: process.env.PLAUSIBLE_DOMAIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #408ee8dd85069b85 Environment-variable access.
repo/packages/env/src/analytics.ts:41
      PLAUSIBLE_SCRIPT_BASE_URL: process.env.PLAUSIBLE_SCRIPT_BASE_URL || 'https://plausible.io',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86353c6f85aec593 Environment-variable access.
repo/packages/env/src/analytics.ts:44
      ENABLED_POSTHOG_ANALYTICS: !!process.env.POSTHOG_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6886d20c4400f18b Environment-variable access.
repo/packages/env/src/analytics.ts:45
      POSTHOG_KEY: process.env.POSTHOG_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1708151c931c87fa Environment-variable access.
repo/packages/env/src/analytics.ts:46
      POSTHOG_HOST: process.env.POSTHOG_HOST || 'https://app.posthog.com',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #917958ba267b33b8 Environment-variable access.
repo/packages/env/src/analytics.ts:47
      DEBUG_POSTHOG_ANALYTICS: process.env.DEBUG_POSTHOG_ANALYTICS === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d5683d37ca10e94 Environment-variable access.
repo/packages/env/src/analytics.ts:50
      ENABLED_UMAMI_ANALYTICS: !!process.env.UMAMI_WEBSITE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f83648a4f5454650 Environment-variable access.
repo/packages/env/src/analytics.ts:51
      UMAMI_SCRIPT_URL: process.env.UMAMI_SCRIPT_URL || 'https://analytics.umami.is/script.js',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f58f53aaf3567f6b Environment-variable access.
repo/packages/env/src/analytics.ts:52
      UMAMI_WEBSITE_ID: process.env.UMAMI_WEBSITE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c784d70e23063061 Environment-variable access.
repo/packages/env/src/analytics.ts:55
      ENABLED_CLARITY_ANALYTICS: !!process.env.CLARITY_PROJECT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #231d6c7146f4d51e Environment-variable access.
repo/packages/env/src/analytics.ts:56
      CLARITY_PROJECT_ID: process.env.CLARITY_PROJECT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cd690f989892289 Environment-variable access.
repo/packages/env/src/analytics.ts:59
      ENABLE_VERCEL_ANALYTICS: process.env.ENABLE_VERCEL_ANALYTICS === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57a50e4ba3f23317 Environment-variable access.
repo/packages/env/src/analytics.ts:60
      DEBUG_VERCEL_ANALYTICS: process.env.DEBUG_VERCEL_ANALYTICS === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #200721d44a30fe79 Environment-variable access.
repo/packages/env/src/analytics.ts:63
      ENABLE_GOOGLE_ANALYTICS: !!process.env.GOOGLE_ANALYTICS_MEASUREMENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #671a67970392ee13 Environment-variable access.
repo/packages/env/src/analytics.ts:64
      GOOGLE_ANALYTICS_MEASUREMENT_ID: process.env.GOOGLE_ANALYTICS_MEASUREMENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53c522f46196af22 Environment-variable access.
repo/packages/env/src/analytics.ts:67
      ENABLED_X_ADS: !!process.env.X_ADS_PIXEL_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be3b755ca909fa3f Environment-variable access.
repo/packages/env/src/analytics.ts:68
      X_ADS_PIXEL_ID: process.env.X_ADS_PIXEL_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23424f62f2f78628 Environment-variable access.
repo/packages/env/src/analytics.ts:69
      X_ADS_LOGIN_OR_SIGNUP_CLICKED_EVENT_ID: process.env.X_ADS_LOGIN_OR_SIGNUP_CLICKED_EVENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51e033a9635e1e8f Environment-variable access.
repo/packages/env/src/analytics.ts:70
      X_ADS_MAIN_PAGE_VIEW_EVENT_ID: process.env.X_ADS_MAIN_PAGE_VIEW_EVENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0aaf3db1d7894e1 Environment-variable access.
repo/packages/env/src/analytics.ts:71
      X_ADS_PURCHASE_EVENT_ID: process.env.X_ADS_PURCHASE_EVENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3c677561f8608937 Environment-variable access.
repo/packages/env/src/analytics.ts:75
      REACT_SCAN_MONITOR_API_KEY: process.env.REACT_SCAN_MONITOR_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39cf3d0dfa318104 Environment-variable access.
repo/packages/env/src/app.ts:4
const isInVercel = process.env.VERCEL === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab1db75d128e94f6 Environment-variable access.
repo/packages/env/src/app.ts:11
  if (process.env.VERCEL_ENV === 'production' && process.env.VERCEL_PROJECT_PRODUCTION_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1ddc33b13e0afcf Environment-variable access.
repo/packages/env/src/app.ts:12
    return `https://${process.env.VERCEL_PROJECT_PRODUCTION_URL}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3f7cddf9dc37262 Environment-variable access.
repo/packages/env/src/app.ts:14
  if (process.env.VERCEL_URL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15ac34ed7664ca7 Environment-variable access.
repo/packages/env/src/app.ts:15
    return `https://${process.env.VERCEL_URL}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72743ebf0ae836b8 Environment-variable access.
repo/packages/env/src/app.ts:17
  return `https://${process.env.VERCEL_BRANCH_URL}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71f3d48a894bb955 Environment-variable access.
repo/packages/env/src/app.ts:20
const APP_URL = process.env.APP_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd54708cee8b8573 Environment-variable access.
repo/packages/env/src/app.ts:21
  ? process.env.APP_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0082cfca5d503d13 Environment-variable access.
repo/packages/env/src/app.ts:24
    : process.env.NODE_ENV === 'development'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a06d9c0fd7f9bd7 Environment-variable access.
repo/packages/env/src/app.ts:25
      ? `http://localhost:${process.env.PORT || 3010}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac6b7e6b25aac946 Environment-variable access.
repo/packages/env/src/app.ts:26
      : `http://localhost:${process.env.PORT || 3210}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c094896d6423dd24 Environment-variable access.
repo/packages/env/src/app.ts:30
const INTERNAL_APP_URL = process.env.INTERNAL_APP_URL || APP_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3a94d73bd8fdfae Environment-variable access.
repo/packages/env/src/app.ts:92
      NEXT_PUBLIC_ENABLE_SENTRY: !!process.env.NEXT_PUBLIC_SENTRY_DSN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #400b966522141da5 Environment-variable access.
repo/packages/env/src/app.ts:94
      AGENTS_INDEX_URL: !!process.env.AGENTS_INDEX_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79ccc58dc405c52c Environment-variable access.
repo/packages/env/src/app.ts:95
        ? process.env.AGENTS_INDEX_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e103e1cc0c07cd7a Environment-variable access.
repo/packages/env/src/app.ts:98
      DEFAULT_AGENT_CONFIG: process.env.DEFAULT_AGENT_CONFIG || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e626ed25c501b2a Environment-variable access.
repo/packages/env/src/app.ts:99
      SYSTEM_AGENT: process.env.SYSTEM_AGENT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac6622fd630ce596 Environment-variable access.
repo/packages/env/src/app.ts:101
      PLUGINS_INDEX_URL: !!process.env.PLUGINS_INDEX_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8930535c7959d68f Environment-variable access.
repo/packages/env/src/app.ts:102
        ? process.env.PLUGINS_INDEX_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34ef58eaad184242 Environment-variable access.
repo/packages/env/src/app.ts:105
      PLUGIN_SETTINGS: process.env.PLUGIN_SETTINGS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #022bf3ca3d048a44 Environment-variable access.
repo/packages/env/src/app.ts:107
      VERCEL_EDGE_CONFIG: process.env.VERCEL_EDGE_CONFIG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #535e2c79bb49b401 Environment-variable access.
repo/packages/env/src/app.ts:111
      MIDDLEWARE_REWRITE_THROUGH_LOCAL: process.env.MIDDLEWARE_REWRITE_THROUGH_LOCAL === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f05f20d3fb89d49c Environment-variable access.
repo/packages/env/src/app.ts:113
      CUSTOM_FONT_FAMILY: process.env.CUSTOM_FONT_FAMILY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bdaace7867d3f43b Environment-variable access.
repo/packages/env/src/app.ts:114
      CUSTOM_FONT_URL: process.env.CUSTOM_FONT_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20dc53463a965b53 Environment-variable access.
repo/packages/env/src/app.ts:115
      CDN_USE_GLOBAL: process.env.CDN_USE_GLOBAL === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b95c8dda5ce806d Environment-variable access.
repo/packages/env/src/app.ts:117
      SSRF_ALLOW_PRIVATE_IP_ADDRESS: process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b112c76b70da2b35 Environment-variable access.
repo/packages/env/src/app.ts:118
      SSRF_ALLOW_IP_ADDRESS_LIST: process.env.SSRF_ALLOW_IP_ADDRESS_LIST,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #778baf3f77a4dc80 Environment-variable access.
repo/packages/env/src/app.ts:119
      MARKET_BASE_URL: process.env.MARKET_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68a33fbacaf306d6 Environment-variable access.
repo/packages/env/src/app.ts:121
      MARKET_TRUSTED_CLIENT_SECRET: process.env.MARKET_TRUSTED_CLIENT_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47407682ef5c4e88 Environment-variable access.
repo/packages/env/src/app.ts:122
      MARKET_TRUSTED_CLIENT_ID: process.env.MARKET_TRUSTED_CLIENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #feb75e13ddb27ad8 Environment-variable access.
repo/packages/env/src/app.ts:124
      AGENT_GATEWAY_SERVICE_TOKEN: process.env.AGENT_GATEWAY_SERVICE_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9813b46b510bf550 Environment-variable access.
repo/packages/env/src/app.ts:125
      ENABLE_AGENT_GATEWAY: process.env.ENABLE_AGENT_GATEWAY === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7dde46fad5f0f24 Environment-variable access.
repo/packages/env/src/app.ts:126
      AGENT_GATEWAY_URL: process.env.AGENT_GATEWAY_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f20d33d84aae5786 Environment-variable access.
repo/packages/env/src/app.ts:127
      enableQueueAgentRuntime: process.env.AGENT_RUNTIME_MODE === 'queue',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0adee16f0853b35 Environment-variable access.
repo/packages/env/src/app.ts:128
      TELEMETRY_DISABLED: process.env.TELEMETRY_DISABLED === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #615d69fcf7374783 Environment-variable access.
repo/packages/env/src/auth.ts:202
      AUTH_EMAIL_VERIFICATION: process.env.AUTH_EMAIL_VERIFICATION === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bd3a2a4ff2ebed7 Environment-variable access.
repo/packages/env/src/auth.ts:203
      AUTH_ENABLE_MAGIC_LINK: process.env.AUTH_ENABLE_MAGIC_LINK === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07f777d7abd65f3f Environment-variable access.
repo/packages/env/src/auth.ts:204
      AUTH_SECRET: process.env.AUTH_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b817703d3693ae5f Environment-variable access.
repo/packages/env/src/auth.ts:205
      AUTH_SSO_PROVIDERS: process.env.AUTH_SSO_PROVIDERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fd61445f00d9809 Environment-variable access.
repo/packages/env/src/auth.ts:206
      AUTH_TRUSTED_ORIGINS: process.env.AUTH_TRUSTED_ORIGINS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48c0c35cca13b14f Environment-variable access.
repo/packages/env/src/auth.ts:207
      AUTH_ALLOWED_EMAILS: process.env.AUTH_ALLOWED_EMAILS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #81a74a7bb5093758 Environment-variable access.
repo/packages/env/src/auth.ts:208
      AUTH_DISABLE_EMAIL_PASSWORD: process.env.AUTH_DISABLE_EMAIL_PASSWORD === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff3ad77dfc4ab84a Environment-variable access.
repo/packages/env/src/auth.ts:211
      AUTH_COGNITO_DOMAIN: process.env.AUTH_COGNITO_DOMAIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5acd36a6e4d8d6e1 Environment-variable access.
repo/packages/env/src/auth.ts:212
      AUTH_COGNITO_REGION: process.env.AUTH_COGNITO_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5838139c0327105d Environment-variable access.
repo/packages/env/src/auth.ts:213
      AUTH_COGNITO_USERPOOL_ID: process.env.AUTH_COGNITO_USERPOOL_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4a48daf28866791 Environment-variable access.
repo/packages/env/src/auth.ts:216
      AUTH_GOOGLE_ID: process.env.AUTH_GOOGLE_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bb28c75446b8d8a Environment-variable access.
repo/packages/env/src/auth.ts:217
      AUTH_GOOGLE_SECRET: process.env.AUTH_GOOGLE_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #43ff07a3e15d024e Environment-variable access.
repo/packages/env/src/auth.ts:219
      AUTH_APPLE_CLIENT_ID: process.env.AUTH_APPLE_CLIENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3fe7e9245b74acf Environment-variable access.
repo/packages/env/src/auth.ts:220
      AUTH_APPLE_CLIENT_SECRET: process.env.AUTH_APPLE_CLIENT_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fb9856b9bfef94d3 Environment-variable access.
repo/packages/env/src/auth.ts:221
      AUTH_APPLE_APP_BUNDLE_IDENTIFIER: process.env.AUTH_APPLE_APP_BUNDLE_IDENTIFIER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5813e64c326a9a2d Environment-variable access.
repo/packages/env/src/auth.ts:223
      AUTH_GITHUB_ID: process.env.AUTH_GITHUB_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50ad53d1c640e494 Environment-variable access.
repo/packages/env/src/auth.ts:224
      AUTH_GITHUB_SECRET: process.env.AUTH_GITHUB_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5293d4bc11d105d Environment-variable access.
repo/packages/env/src/auth.ts:226
      AUTH_MICROSOFT_AUTHORITY_URL: process.env.AUTH_MICROSOFT_AUTHORITY_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #251ab7d6de2cdee1 Environment-variable access.
repo/packages/env/src/auth.ts:227
      AUTH_MICROSOFT_ID: process.env.AUTH_MICROSOFT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc1bb8a35400c4f0 Environment-variable access.
repo/packages/env/src/auth.ts:228
      AUTH_MICROSOFT_SECRET: process.env.AUTH_MICROSOFT_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d12172158b2c2f4 Environment-variable access.
repo/packages/env/src/auth.ts:229
      AUTH_MICROSOFT_TENANT_ID: process.env.AUTH_MICROSOFT_TENANT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcb3252c0ff3b541 Environment-variable access.
repo/packages/env/src/auth.ts:231
      AUTH_COGNITO_ID: process.env.AUTH_COGNITO_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cbef04e64b615c6 Environment-variable access.
repo/packages/env/src/auth.ts:232
      AUTH_COGNITO_SECRET: process.env.AUTH_COGNITO_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8da49f2df9c9694a Environment-variable access.
repo/packages/env/src/auth.ts:233
      AUTH_COGNITO_ISSUER: process.env.AUTH_COGNITO_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e14c6163d0360dfd Environment-variable access.
repo/packages/env/src/auth.ts:235
      AUTH_AUTH0_ID: process.env.AUTH_AUTH0_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f512888d8c0282d2 Environment-variable access.
repo/packages/env/src/auth.ts:236
      AUTH_AUTH0_SECRET: process.env.AUTH_AUTH0_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a1884e22a315dba Environment-variable access.
repo/packages/env/src/auth.ts:237
      AUTH_AUTH0_ISSUER: process.env.AUTH_AUTH0_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f7267d83417e80c Environment-variable access.
repo/packages/env/src/auth.ts:239
      AUTH_AUTHELIA_ID: process.env.AUTH_AUTHELIA_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a18efb972828663 Environment-variable access.
repo/packages/env/src/auth.ts:240
      AUTH_AUTHELIA_SECRET: process.env.AUTH_AUTHELIA_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b87815baeca3373c Environment-variable access.
repo/packages/env/src/auth.ts:241
      AUTH_AUTHELIA_ISSUER: process.env.AUTH_AUTHELIA_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5083ac8c5d3b1e7 Environment-variable access.
repo/packages/env/src/auth.ts:243
      AUTH_AUTHENTIK_ID: process.env.AUTH_AUTHENTIK_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a15285980663b80 Environment-variable access.
repo/packages/env/src/auth.ts:244
      AUTH_AUTHENTIK_SECRET: process.env.AUTH_AUTHENTIK_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5a69d1765111bbe Environment-variable access.
repo/packages/env/src/auth.ts:245
      AUTH_AUTHENTIK_ISSUER: process.env.AUTH_AUTHENTIK_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e8aaca919acf2b0 Environment-variable access.
repo/packages/env/src/auth.ts:247
      AUTH_CASDOOR_ID: process.env.AUTH_CASDOOR_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47e9aec1ea863724 Environment-variable access.
repo/packages/env/src/auth.ts:248
      AUTH_CASDOOR_SECRET: process.env.AUTH_CASDOOR_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6e7505e66f28fb9 Environment-variable access.
repo/packages/env/src/auth.ts:249
      AUTH_CASDOOR_ISSUER: process.env.AUTH_CASDOOR_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90206d651248e10e Environment-variable access.
repo/packages/env/src/auth.ts:251
      AUTH_CLOUDFLARE_ZERO_TRUST_ID: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd2ce29c8691de19 Environment-variable access.
repo/packages/env/src/auth.ts:252
      AUTH_CLOUDFLARE_ZERO_TRUST_SECRET: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15b58cbe8a290822 Environment-variable access.
repo/packages/env/src/auth.ts:253
      AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER: process.env.AUTH_CLOUDFLARE_ZERO_TRUST_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72f411ea6cb734ae Environment-variable access.
repo/packages/env/src/auth.ts:255
      AUTH_FEISHU_APP_ID: process.env.AUTH_FEISHU_APP_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57bb50adb2c0fa4d Environment-variable access.
repo/packages/env/src/auth.ts:256
      AUTH_FEISHU_APP_SECRET: process.env.AUTH_FEISHU_APP_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ef53d41e052eed3 Environment-variable access.
repo/packages/env/src/auth.ts:258
      AUTH_GENERIC_OIDC_ID: process.env.AUTH_GENERIC_OIDC_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1fc7ee15940e8eb Environment-variable access.
repo/packages/env/src/auth.ts:259
      AUTH_GENERIC_OIDC_SECRET: process.env.AUTH_GENERIC_OIDC_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #326a8a448f3a3da0 Environment-variable access.
repo/packages/env/src/auth.ts:260
      AUTH_GENERIC_OIDC_ISSUER: process.env.AUTH_GENERIC_OIDC_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fb89273c1875b88 Environment-variable access.
repo/packages/env/src/auth.ts:262
      AUTH_KEYCLOAK_ID: process.env.AUTH_KEYCLOAK_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4984760c27f3ec75 Environment-variable access.
repo/packages/env/src/auth.ts:263
      AUTH_KEYCLOAK_SECRET: process.env.AUTH_KEYCLOAK_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86f7bdf474001a23 Environment-variable access.
repo/packages/env/src/auth.ts:264
      AUTH_KEYCLOAK_ISSUER: process.env.AUTH_KEYCLOAK_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87a26e5033319319 Environment-variable access.
repo/packages/env/src/auth.ts:266
      AUTH_LOGTO_ID: process.env.AUTH_LOGTO_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f468e740d2233eaf Environment-variable access.
repo/packages/env/src/auth.ts:267
      AUTH_LOGTO_SECRET: process.env.AUTH_LOGTO_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f894915c7cd5bec9 Environment-variable access.
repo/packages/env/src/auth.ts:268
      AUTH_LOGTO_ISSUER: process.env.AUTH_LOGTO_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #96f853a79d305fd9 Environment-variable access.
repo/packages/env/src/auth.ts:270
      AUTH_OKTA_ID: process.env.AUTH_OKTA_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11abeeabfcd16ce0 Environment-variable access.
repo/packages/env/src/auth.ts:271
      AUTH_OKTA_SECRET: process.env.AUTH_OKTA_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #560b149d8e91c1fd Environment-variable access.
repo/packages/env/src/auth.ts:272
      AUTH_OKTA_ISSUER: process.env.AUTH_OKTA_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #461733c71362ea75 Environment-variable access.
repo/packages/env/src/auth.ts:274
      AUTH_WECHAT_ID: process.env.AUTH_WECHAT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c15f71878be89265 Environment-variable access.
repo/packages/env/src/auth.ts:275
      AUTH_WECHAT_SECRET: process.env.AUTH_WECHAT_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88c515c5a70ee548 Environment-variable access.
repo/packages/env/src/auth.ts:277
      AUTH_ZITADEL_ID: process.env.AUTH_ZITADEL_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f347e8c64ff7d54 Environment-variable access.
repo/packages/env/src/auth.ts:278
      AUTH_ZITADEL_SECRET: process.env.AUTH_ZITADEL_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05561b35ae7b0414 Environment-variable access.
repo/packages/env/src/auth.ts:279
      AUTH_ZITADEL_ISSUER: process.env.AUTH_ZITADEL_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a90cf43b7713999 Environment-variable access.
repo/packages/env/src/auth.ts:282
      LOGTO_WEBHOOK_SIGNING_KEY: process.env.LOGTO_WEBHOOK_SIGNING_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0a9a6336ac97db2 Environment-variable access.
repo/packages/env/src/auth.ts:285
      CASDOOR_WEBHOOK_SECRET: process.env.CASDOOR_WEBHOOK_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2c5da2faff34baa Environment-variable access.
repo/packages/env/src/auth.ts:287
      JWKS_KEY: process.env.JWKS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d03e577c7376f3d Environment-variable access.
repo/packages/env/src/auth.ts:288
      ENABLE_OIDC: !!process.env.JWKS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7978df0bda0aa3e2 Environment-variable access.
repo/packages/env/src/auth.ts:291
      INTERNAL_JWT_EXPIRATION: process.env.INTERNAL_JWT_EXPIRATION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc28ed705b4d07ef Environment-variable access.
repo/packages/env/src/debug.ts:16
  DEBUG_MODE: process.env.NEXT_PUBLIC_DEVELOPER_DEBUG === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc81be8c3d5ade28 Environment-variable access.
repo/packages/env/src/debug.ts:19
  I18N_DEBUG: process.env.NEXT_PUBLIC_I18N_DEBUG === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #091d3386a7156a87 Environment-variable access.
repo/packages/env/src/debug.ts:20
  I18N_DEBUG_BROWSER: process.env.NEXT_PUBLIC_I18N_DEBUG_BROWSER === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c494ca13aa96fcac Environment-variable access.
repo/packages/env/src/debug.ts:21
  I18N_DEBUG_SERVER: process.env.NEXT_PUBLIC_I18N_DEBUG_SERVER === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05df5e68da0ddb5c Environment-variable access.
repo/packages/env/src/email.ts:35
      SMTP_FROM: process.env.SMTP_FROM,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f863b6d00a821cb9 Environment-variable access.
repo/packages/env/src/email.ts:36
      SMTP_HOST: process.env.SMTP_HOST,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7ad3d5a30e387ea Environment-variable access.
repo/packages/env/src/email.ts:37
      SMTP_PORT: process.env.SMTP_PORT ? Number(process.env.SMTP_PORT) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #450cf69504573188 Environment-variable access.
repo/packages/env/src/email.ts:38
      SMTP_SECURE: process.env.SMTP_SECURE === 'true',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b7d008c19bfd3ab Environment-variable access.
repo/packages/env/src/email.ts:39
      SMTP_USER: process.env.SMTP_USER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67a9ad9d043dc9de Environment-variable access.
repo/packages/env/src/email.ts:40
      SMTP_PASS: process.env.SMTP_PASS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f9b84d624186f11 Environment-variable access.
repo/packages/env/src/email.ts:41
      EMAIL_SERVICE_PROVIDER: process.env.EMAIL_SERVICE_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26c0680e96ef050b Environment-variable access.
repo/packages/env/src/email.ts:42
        ? process.env.EMAIL_SERVICE_PROVIDER.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18d00d37ab0e7887 Environment-variable access.
repo/packages/env/src/email.ts:44
      RESEND_API_KEY: process.env.RESEND_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eb51fb1e32d31fd Environment-variable access.
repo/packages/env/src/email.ts:45
      RESEND_FROM: process.env.RESEND_FROM,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4f326c8c23378a7 Environment-variable access.
repo/packages/env/src/file.ts:7
  if (!!process.env.NEXT_PUBLIC_S3_DOMAIN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df3bd9d82c990b3e Environment-variable access.
repo/packages/env/src/file.ts:13
  const S3_PUBLIC_DOMAIN = process.env.S3_PUBLIC_DOMAIN || process.env.NEXT_PUBLIC_S3_DOMAIN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b0010fd5bdbc194 Environment-variable access.
repo/packages/env/src/file.ts:25
      CHUNKS_AUTO_EMBEDDING: process.env.CHUNKS_AUTO_EMBEDDING !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2bd18f1e4c2fb4a Environment-variable access.
repo/packages/env/src/file.ts:26
      CHUNKS_AUTO_GEN_METADATA: process.env.CHUNKS_AUTO_GEN_METADATA !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9bdced8ebf7f958 Environment-variable access.
repo/packages/env/src/file.ts:27
      EMBEDDING_BATCH_SIZE: process.env.EMBEDDING_BATCH_SIZE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6fa6b07994a1938 Environment-variable access.
repo/packages/env/src/file.ts:28
      EMBEDDING_CONCURRENCY: process.env.EMBEDDING_CONCURRENCY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #24d26e0bb42e505a Environment-variable access.
repo/packages/env/src/file.ts:30
      NEXT_PUBLIC_S3_DOMAIN: process.env.NEXT_PUBLIC_S3_DOMAIN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6785a6c674b25900 Environment-variable access.
repo/packages/env/src/file.ts:31
      NEXT_PUBLIC_S3_FILE_PATH: process.env.NEXT_PUBLIC_S3_FILE_PATH || DEFAULT_S3_FILE_PATH,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5eec8aeeedab26fd Environment-variable access.
repo/packages/env/src/file.ts:33
      S3_ACCESS_KEY_ID: process.env.S3_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15f4ddc26a6c266 Environment-variable access.
repo/packages/env/src/file.ts:34
      S3_BUCKET: process.env.S3_BUCKET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57033b67ddc94041 Environment-variable access.
repo/packages/env/src/file.ts:35
      S3_ENABLE_PATH_STYLE: process.env.S3_ENABLE_PATH_STYLE === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8160b1d26411fa10 Environment-variable access.
repo/packages/env/src/file.ts:36
      S3_ENDPOINT: process.env.S3_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c58d266025d9a67a Environment-variable access.
repo/packages/env/src/file.ts:37
      S3_PREVIEW_URL_EXPIRE_IN: parseInt(process.env.S3_PREVIEW_URL_EXPIRE_IN || '7200'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3ba7cdef7967c4f Environment-variable access.
repo/packages/env/src/file.ts:39
      S3_REGION: process.env.S3_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1facf7a470f44fb6 Environment-variable access.
repo/packages/env/src/file.ts:40
      S3_SECRET_ACCESS_KEY: process.env.S3_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0b9fec85192531a Environment-variable access.
repo/packages/env/src/file.ts:41
      S3_SET_ACL: process.env.S3_SET_ACL === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0d19a728c58dd00 Environment-variable access.
repo/packages/env/src/gateway.ts:7
      DEVICE_GATEWAY_SERVICE_TOKEN: process.env.DEVICE_GATEWAY_SERVICE_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6970bfc122c93b1c Environment-variable access.
repo/packages/env/src/gateway.ts:8
      DEVICE_GATEWAY_URL: process.env.DEVICE_GATEWAY_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #784e8ce2c713c3c9 Environment-variable access.
repo/packages/env/src/gateway.ts:9
      MESSAGE_GATEWAY_ENABLED: process.env.MESSAGE_GATEWAY_ENABLED,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #316ba217999656ff Environment-variable access.
repo/packages/env/src/gateway.ts:10
      MESSAGE_GATEWAY_SERVICE_TOKEN: process.env.MESSAGE_GATEWAY_SERVICE_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9584214e1c6f05c4 Environment-variable access.
repo/packages/env/src/gateway.ts:11
      MESSAGE_GATEWAY_URL: process.env.MESSAGE_GATEWAY_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #684802b39bc67678 Environment-variable access.
repo/packages/env/src/image.ts:9
      AI_IMAGE_DEFAULT_IMAGE_NUM: process.env.AI_IMAGE_DEFAULT_IMAGE_NUM,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f493affab3a98d33 Environment-variable access.
repo/packages/env/src/knowledge.ts:6
    DEFAULT_FILES_CONFIG: process.env.DEFAULT_FILES_CONFIG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90c50a3c35db7cf2 Environment-variable access.
repo/packages/env/src/knowledge.ts:7
    FILE_TYPE_CHUNKING_RULES: process.env.FILE_TYPE_CHUNKING_RULES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cb6e89b0a8fa83db Environment-variable access.
repo/packages/env/src/knowledge.ts:8
    UNSTRUCTURED_API_KEY: process.env.UNSTRUCTURED_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #659b3da899da1a94 Environment-variable access.
repo/packages/env/src/knowledge.ts:9
    UNSTRUCTURED_SERVER_URL: process.env.UNSTRUCTURED_SERVER_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #759c84b8399a76a5 Environment-variable access.
repo/packages/env/src/langfuse.ts:7
      ENABLE_LANGFUSE: process.env.ENABLE_LANGFUSE === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6d4eb84af198849 Environment-variable access.
repo/packages/env/src/langfuse.ts:8
      LANGFUSE_SECRET_KEY: process.env.LANGFUSE_SECRET_KEY || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2169728ca71e8a32 Environment-variable access.
repo/packages/env/src/langfuse.ts:9
      LANGFUSE_PUBLIC_KEY: process.env.LANGFUSE_PUBLIC_KEY || '',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19539f79a091076f Environment-variable access.
repo/packages/env/src/langfuse.ts:10
      LANGFUSE_HOST: process.env.LANGFUSE_HOST || 'https://cloud.langfuse.com',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #963b125018335eac Environment-variable access.
repo/packages/env/src/llm.ts:260
      API_KEY_SELECT_MODE: process.env.API_KEY_SELECT_MODE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #052f0d636ba1af45 Environment-variable access.
repo/packages/env/src/llm.ts:262
      ENABLED_OPENAI: process.env.ENABLED_OPENAI !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #689c130dcce3eca9 Environment-variable access.
repo/packages/env/src/llm.ts:263
      OPENAI_API_KEY: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4065540fe16ed57d Environment-variable access.
repo/packages/env/src/llm.ts:265
      ENABLED_AZURE_OPENAI: !!process.env.AZURE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f42aa3eed53bc92 Environment-variable access.
repo/packages/env/src/llm.ts:266
      AZURE_API_KEY: process.env.AZURE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffb7ca75cb80a9d1 Environment-variable access.
repo/packages/env/src/llm.ts:267
      AZURE_API_VERSION: process.env.AZURE_API_VERSION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c435b2a8c9de72d Environment-variable access.
repo/packages/env/src/llm.ts:268
      AZURE_ENDPOINT: process.env.AZURE_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e40db99762b9d8c Environment-variable access.
repo/packages/env/src/llm.ts:270
      ENABLED_AZUREAI: !!process.env.AZUREAI_ENDPOINT_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e068624574e305a2 Environment-variable access.
repo/packages/env/src/llm.ts:271
      AZUREAI_ENDPOINT_KEY: process.env.AZUREAI_ENDPOINT_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a6df2781aa57372 Environment-variable access.
repo/packages/env/src/llm.ts:272
      AZUREAI_ENDPOINT: process.env.AZUREAI_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fe9437b225806bf Environment-variable access.
repo/packages/env/src/llm.ts:274
      ENABLED_ZHIPU: !!process.env.ZHIPU_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b83df7d08bcecf2a Environment-variable access.
repo/packages/env/src/llm.ts:275
      ZHIPU_API_KEY: process.env.ZHIPU_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5477002f9b58b165 Environment-variable access.
repo/packages/env/src/llm.ts:277
      ENABLED_DEEPSEEK: !!process.env.DEEPSEEK_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa7c557b06717edd Environment-variable access.
repo/packages/env/src/llm.ts:278
      DEEPSEEK_API_KEY: process.env.DEEPSEEK_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47d1a7e573b8578f Environment-variable access.
repo/packages/env/src/llm.ts:280
      ENABLED_GOOGLE: process.env.ENABLED_GOOGLE !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #daa1133527edce00 Environment-variable access.
repo/packages/env/src/llm.ts:281
      GOOGLE_API_KEY: process.env.GOOGLE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7e8a20ef21a7c4b Environment-variable access.
repo/packages/env/src/llm.ts:283
      ENABLED_VERTEXAI: !!process.env.VERTEXAI_CREDENTIALS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da1821027a40618f Environment-variable access.
repo/packages/env/src/llm.ts:285
      ENABLED_VOLCENGINE: !!process.env.VOLCENGINE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b87478ebf488e7c1 Environment-variable access.
repo/packages/env/src/llm.ts:286
      VOLCENGINE_API_KEY: process.env.VOLCENGINE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15ddaa9ce549d53b Environment-variable access.
repo/packages/env/src/llm.ts:288
      ENABLED_PERPLEXITY: !!process.env.PERPLEXITY_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b65d9ec423eda0cb Environment-variable access.
repo/packages/env/src/llm.ts:289
      PERPLEXITY_API_KEY: process.env.PERPLEXITY_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #809fcc1f94d75ea4 Environment-variable access.
repo/packages/env/src/llm.ts:291
      ENABLED_ANTHROPIC: process.env.ENABLED_ANTHROPIC !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a43eda8e420e7bbb Environment-variable access.
repo/packages/env/src/llm.ts:292
      ANTHROPIC_API_KEY: process.env.ANTHROPIC_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da8e3adca0d7e9e7 Environment-variable access.
repo/packages/env/src/llm.ts:294
      ENABLED_MINIMAX: !!process.env.MINIMAX_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11140cb2c44fe7eb Environment-variable access.
repo/packages/env/src/llm.ts:295
      MINIMAX_API_KEY: process.env.MINIMAX_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8714ffa7af4113b Environment-variable access.
repo/packages/env/src/llm.ts:297
      ENABLED_MISTRAL: !!process.env.MISTRAL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e99319bf05f16acd Environment-variable access.
repo/packages/env/src/llm.ts:298
      MISTRAL_API_KEY: process.env.MISTRAL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9cbc2d2e37f0657 Environment-variable access.
repo/packages/env/src/llm.ts:300
      ENABLED_OPENROUTER: !!process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4089df5e3b181f39 Environment-variable access.
repo/packages/env/src/llm.ts:301
      OPENROUTER_API_KEY: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74f08847df762ad9 Environment-variable access.
repo/packages/env/src/llm.ts:303
      ENABLED_TOGETHERAI: !!process.env.TOGETHERAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ccba4883d1c4b9a Environment-variable access.
repo/packages/env/src/llm.ts:304
      TOGETHERAI_API_KEY: process.env.TOGETHERAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #323131a70d8ccba7 Environment-variable access.
repo/packages/env/src/llm.ts:306
      ENABLED_FIREWORKSAI: !!process.env.FIREWORKSAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f12f6801fa949d3c Environment-variable access.
repo/packages/env/src/llm.ts:307
      FIREWORKSAI_API_KEY: process.env.FIREWORKSAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10ded3ff001fdc79 Environment-variable access.
repo/packages/env/src/llm.ts:309
      ENABLED_MOONSHOT: !!process.env.MOONSHOT_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b57c04b5ded051f Environment-variable access.
repo/packages/env/src/llm.ts:310
      MOONSHOT_API_KEY: process.env.MOONSHOT_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9308257d8b41f51d Environment-variable access.
repo/packages/env/src/llm.ts:312
      ENABLED_KIMICODINGPLAN: !!process.env.KIMICODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #076fcc8180cbb558 Environment-variable access.
repo/packages/env/src/llm.ts:313
      KIMICODINGPLAN_API_KEY: process.env.KIMICODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #005b5650aa8a8f6e Environment-variable access.
repo/packages/env/src/llm.ts:315
      ENABLED_BAILIANCODINGPLAN: !!process.env.BAILIANCODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #269d4ea79db9bb5b Environment-variable access.
repo/packages/env/src/llm.ts:316
      BAILIANCODINGPLAN_API_KEY: process.env.BAILIANCODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8de6fc902436aec3 Environment-variable access.
repo/packages/env/src/llm.ts:318
      ENABLED_GLMCODINGPLAN: !!process.env.GLMCODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #077972011b9c303c Environment-variable access.
repo/packages/env/src/llm.ts:319
      GLMCODINGPLAN_API_KEY: process.env.GLMCODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #517530ca4670a4e1 Environment-variable access.
repo/packages/env/src/llm.ts:321
      ENABLED_MINIMAXCODINGPLAN: !!process.env.MINIMAXCODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c1950cd2d1b9cf5 Environment-variable access.
repo/packages/env/src/llm.ts:322
      MINIMAXCODINGPLAN_API_KEY: process.env.MINIMAXCODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #562293947b8f3e02 Environment-variable access.
repo/packages/env/src/llm.ts:324
      ENABLED_VOLCENGINECODINGPLAN: !!process.env.VOLCENGINECODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b665a518e506a1a Environment-variable access.
repo/packages/env/src/llm.ts:325
      VOLCENGINECODINGPLAN_API_KEY: process.env.VOLCENGINECODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ad9da5349628f38 Environment-variable access.
repo/packages/env/src/llm.ts:327
      ENABLED_GROQ: !!process.env.GROQ_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd7c8dfb377e1a39 Environment-variable access.
repo/packages/env/src/llm.ts:328
      GROQ_API_KEY: process.env.GROQ_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #88c5f16b5fdfcf45 Environment-variable access.
repo/packages/env/src/llm.ts:330
      ENABLED_GITHUB: !!process.env.GITHUB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5c6ac664c84815b Environment-variable access.
repo/packages/env/src/llm.ts:331
      GITHUB_TOKEN: process.env.GITHUB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02320c9f9617d12b Environment-variable access.
repo/packages/env/src/llm.ts:333
      ENABLED_ZEROONE: !!process.env.ZEROONE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4debd2371223535 Environment-variable access.
repo/packages/env/src/llm.ts:334
      ZEROONE_API_KEY: process.env.ZEROONE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74f0f6fcd2b26078 Environment-variable access.
repo/packages/env/src/llm.ts:336
      ENABLED_AWS_BEDROCK: process.env.ENABLED_AWS_BEDROCK === '1',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05873a573845a44d Environment-variable access.
repo/packages/env/src/llm.ts:337
      AWS_REGION: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1890cea0752bec5 Environment-variable access.
repo/packages/env/src/llm.ts:338
      AWS_ACCESS_KEY_ID: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a639907f632300ef Environment-variable access.
repo/packages/env/src/llm.ts:339
      AWS_SECRET_ACCESS_KEY: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #796acfb999c0b5e3 Environment-variable access.
repo/packages/env/src/llm.ts:340
      AWS_SESSION_TOKEN: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1db898a2dffdb21 Environment-variable access.
repo/packages/env/src/llm.ts:342
      ENABLED_WENXIN: !!process.env.WENXIN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46b8315519c22f10 Environment-variable access.
repo/packages/env/src/llm.ts:343
      WENXIN_API_KEY: process.env.WENXIN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e38cc6a0541ee76 Environment-variable access.
repo/packages/env/src/llm.ts:345
      ENABLED_OLLAMA: process.env.ENABLED_OLLAMA !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #750182e65ab3f428 Environment-variable access.
repo/packages/env/src/llm.ts:346
      ENABLED_OLLAMA_CLOUD: !!process.env.OLLAMA_CLOUD_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62c5029f134e0f56 Environment-variable access.
repo/packages/env/src/llm.ts:347
      OLLAMA_CLOUD_API_KEY: process.env.OLLAMA_CLOUD_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c3e94504ff88237 Environment-variable access.
repo/packages/env/src/llm.ts:349
      ENABLED_VLLM: !!process.env.VLLM_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71c885a0c34f48ec Environment-variable access.
repo/packages/env/src/llm.ts:350
      VLLM_API_KEY: process.env.VLLM_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c51382787942b7b Environment-variable access.
repo/packages/env/src/llm.ts:352
      ENABLED_XINFERENCE: !!process.env.XINFERENCE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90950818aca9ab56 Environment-variable access.
repo/packages/env/src/llm.ts:353
      XINFERENCE_API_KEY: process.env.XINFERENCE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8983d76039c06a56 Environment-variable access.
repo/packages/env/src/llm.ts:355
      ENABLED_LMSTUDIO: !!process.env.LMSTUDIO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7e2092ef89de45d Environment-variable access.
repo/packages/env/src/llm.ts:356
      LMSTUDIO_API_KEY: process.env.LMSTUDIO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0090cd625f2c365 Environment-variable access.
repo/packages/env/src/llm.ts:358
      ENABLED_QINIU: !!process.env.QINIU_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22f205b485240554 Environment-variable access.
repo/packages/env/src/llm.ts:359
      QINIU_API_KEY: process.env.QINIU_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de1026fa96d5f754 Environment-variable access.
repo/packages/env/src/llm.ts:361
      ENABLED_QWEN: !!process.env.QWEN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef0db60f2db2191c Environment-variable access.
repo/packages/env/src/llm.ts:362
      QWEN_API_KEY: process.env.QWEN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #788f6277b0729be0 Environment-variable access.
repo/packages/env/src/llm.ts:364
      ENABLED_STEPFUN: !!process.env.STEPFUN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #527293a780fc8abf Environment-variable access.
repo/packages/env/src/llm.ts:365
      STEPFUN_API_KEY: process.env.STEPFUN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d30e2256741a9532 Environment-variable access.
repo/packages/env/src/llm.ts:367
      ENABLED_NOVITA: !!process.env.NOVITA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5918451a71449e1 Environment-variable access.
repo/packages/env/src/llm.ts:368
      NOVITA_API_KEY: process.env.NOVITA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d83dd99c94d5a7a4 Environment-variable access.
repo/packages/env/src/llm.ts:370
      ENABLED_NVIDIA: !!process.env.NVIDIA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6abd68c7e5843304 Environment-variable access.
repo/packages/env/src/llm.ts:371
      NVIDIA_API_KEY: process.env.NVIDIA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be0c821a1d17856a Environment-variable access.
repo/packages/env/src/llm.ts:373
      ENABLED_BAICHUAN: !!process.env.BAICHUAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dff0fa0f3f532087 Environment-variable access.
repo/packages/env/src/llm.ts:374
      BAICHUAN_API_KEY: process.env.BAICHUAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48f6e93611f5f54d Environment-variable access.
repo/packages/env/src/llm.ts:376
      ENABLED_TAICHU: !!process.env.TAICHU_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7354f3bc85e5306c Environment-variable access.
repo/packages/env/src/llm.ts:377
      TAICHU_API_KEY: process.env.TAICHU_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2aca887380814b77 Environment-variable access.
repo/packages/env/src/llm.ts:380
        !!process.env.CLOUDFLARE_API_KEY && !!process.env.CLOUDFLARE_BASE_URL_OR_ACCOUNT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff93ea57e87c8f43 Environment-variable access.
repo/packages/env/src/llm.ts:381
      CLOUDFLARE_API_KEY: process.env.CLOUDFLARE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4cd3eadf17c8968 Environment-variable access.
repo/packages/env/src/llm.ts:382
      CLOUDFLARE_BASE_URL_OR_ACCOUNT_ID: process.env.CLOUDFLARE_BASE_URL_OR_ACCOUNT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72c7fb607b08635a Environment-variable access.
repo/packages/env/src/llm.ts:384
      ENABLED_AI360: !!process.env.AI360_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d533b1358a64a9af Environment-variable access.
repo/packages/env/src/llm.ts:385
      AI360_API_KEY: process.env.AI360_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0e9796b887a51ef8 Environment-variable access.
repo/packages/env/src/llm.ts:387
      ENABLED_SILICONCLOUD: !!process.env.SILICONCLOUD_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7330acaffd76ea7d Environment-variable access.
repo/packages/env/src/llm.ts:388
      SILICONCLOUD_API_KEY: process.env.SILICONCLOUD_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2235a453cf389c5 Environment-variable access.
repo/packages/env/src/llm.ts:390
      ENABLED_GITEE_AI: !!process.env.GITEE_AI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5646f7d6c1d87b51 Environment-variable access.
repo/packages/env/src/llm.ts:391
      GITEE_AI_API_KEY: process.env.GITEE_AI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e139e5d982588f07 Environment-variable access.
repo/packages/env/src/llm.ts:393
      ENABLED_UPSTAGE: !!process.env.UPSTAGE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff32fcde1396f868 Environment-variable access.
repo/packages/env/src/llm.ts:394
      UPSTAGE_API_KEY: process.env.UPSTAGE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5f7db26fd4d0c8b Environment-variable access.
repo/packages/env/src/llm.ts:396
      ENABLED_SPARK: !!process.env.SPARK_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4361b58d187da649 Environment-variable access.
repo/packages/env/src/llm.ts:397
      SPARK_API_KEY: process.env.SPARK_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95ba56677031a8b8 Environment-variable access.
repo/packages/env/src/llm.ts:399
      ENABLED_AI21: !!process.env.AI21_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1287c34127af52a6 Environment-variable access.
repo/packages/env/src/llm.ts:400
      AI21_API_KEY: process.env.AI21_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54879015e0e767b1 Environment-variable access.
repo/packages/env/src/llm.ts:402
      ENABLED_HUNYUAN: !!process.env.HUNYUAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #202641eb2d3fb8af Environment-variable access.
repo/packages/env/src/llm.ts:403
      HUNYUAN_API_KEY: process.env.HUNYUAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8029f4a7aa87dc85 Environment-variable access.
repo/packages/env/src/llm.ts:405
      ENABLED_HUGGINGFACE: !!process.env.HUGGINGFACE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #426794282d623e55 Environment-variable access.
repo/packages/env/src/llm.ts:406
      HUGGINGFACE_API_KEY: process.env.HUGGINGFACE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e4dff1ecfcdffc Environment-variable access.
repo/packages/env/src/llm.ts:408
      ENABLED_SENSENOVA: !!process.env.SENSENOVA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35f0045a52cde2ed Environment-variable access.
repo/packages/env/src/llm.ts:409
      SENSENOVA_API_KEY: process.env.SENSENOVA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bda18a4027223590 Environment-variable access.
repo/packages/env/src/llm.ts:411
      ENABLED_XAI: !!process.env.XAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #014454cbbd48040d Environment-variable access.
repo/packages/env/src/llm.ts:412
      XAI_API_KEY: process.env.XAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de280b2e611a615b Environment-variable access.
repo/packages/env/src/llm.ts:414
      ENABLED_INTERNLM: !!process.env.INTERNLM_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84173f3e7fbf1e81 Environment-variable access.
repo/packages/env/src/llm.ts:415
      INTERNLM_API_KEY: process.env.INTERNLM_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1a747f9fd373d671 Environment-variable access.
repo/packages/env/src/llm.ts:417
      ENABLED_HIGRESS: !!process.env.HIGRESS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19ead4cfb0340d55 Environment-variable access.
repo/packages/env/src/llm.ts:418
      HIGRESS_API_KEY: process.env.HIGRESS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4d6c4bf5a21ffea Environment-variable access.
repo/packages/env/src/llm.ts:420
      ENABLED_TENCENT_CLOUD: !!process.env.TENCENT_CLOUD_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb93a9da50cf5be6 Environment-variable access.
repo/packages/env/src/llm.ts:421
      TENCENT_CLOUD_API_KEY: process.env.TENCENT_CLOUD_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d92d763dc64069c5 Environment-variable access.
repo/packages/env/src/llm.ts:423
      ENABLED_JINA: !!process.env.JINA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad9824fc943a5a36 Environment-variable access.
repo/packages/env/src/llm.ts:424
      JINA_API_KEY: process.env.JINA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d8011463b7b2874 Environment-variable access.
repo/packages/env/src/llm.ts:426
      ENABLED_SAMBANOVA: !!process.env.SAMBANOVA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d9ec3bc2a1fcb38 Environment-variable access.
repo/packages/env/src/llm.ts:427
      SAMBANOVA_API_KEY: process.env.SAMBANOVA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b65495053cdde628 Environment-variable access.
repo/packages/env/src/llm.ts:429
      ENABLED_PPIO: !!process.env.PPIO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad869347adc4b541 Environment-variable access.
repo/packages/env/src/llm.ts:430
      PPIO_API_KEY: process.env.PPIO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd6ffc1f4db8bd69 Environment-variable access.
repo/packages/env/src/llm.ts:432
      ENABLED_SEARCH1API: !!process.env.SEARCH1API_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3c4b3e9522ecbda Environment-variable access.
repo/packages/env/src/llm.ts:433
      SEARCH1API_API_KEY: process.env.SEARCH1API_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #354315d2bc3e8b33 Environment-variable access.
repo/packages/env/src/llm.ts:435
      ENABLED_COHERE: !!process.env.COHERE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a82053488a6d678 Environment-variable access.
repo/packages/env/src/llm.ts:436
      COHERE_API_KEY: process.env.COHERE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b85e273e6302674d Environment-variable access.
repo/packages/env/src/llm.ts:438
      ENABLED_INFINIAI: !!process.env.INFINIAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #974d8a2481753f8f Environment-variable access.
repo/packages/env/src/llm.ts:439
      INFINIAI_API_KEY: process.env.INFINIAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27bf104f5bad88b6 Environment-variable access.
repo/packages/env/src/llm.ts:441
      ENABLED_FAL: process.env.ENABLED_FAL !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40b8c570ab3839ae Environment-variable access.
repo/packages/env/src/llm.ts:442
      FAL_API_KEY: process.env.FAL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d19c214eb34a0161 Environment-variable access.
repo/packages/env/src/llm.ts:444
      ENABLED_BFL: !!process.env.BFL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #656eddf85e32a408 Environment-variable access.
repo/packages/env/src/llm.ts:445
      BFL_API_KEY: process.env.BFL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #708efb62547cd2ce Environment-variable access.
repo/packages/env/src/llm.ts:447
      ENABLED_COMFYUI: process.env.ENABLED_COMFYUI !== '0',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a20b6a27ee4ad314 Environment-variable access.
repo/packages/env/src/llm.ts:448
      COMFYUI_BASE_URL: process.env.COMFYUI_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c0c16a37df62af0 Environment-variable access.
repo/packages/env/src/llm.ts:449
      COMFYUI_AUTH_TYPE: process.env.COMFYUI_AUTH_TYPE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b472a7fa61d3672 Environment-variable access.
repo/packages/env/src/llm.ts:450
      COMFYUI_API_KEY: process.env.COMFYUI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fbf8d7fcacc449b3 Environment-variable access.
repo/packages/env/src/llm.ts:451
      COMFYUI_USERNAME: process.env.COMFYUI_USERNAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #17855abc41acc81c Environment-variable access.
repo/packages/env/src/llm.ts:452
      COMFYUI_PASSWORD: process.env.COMFYUI_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0de814c68fd91517 Environment-variable access.
repo/packages/env/src/llm.ts:453
      COMFYUI_CUSTOM_HEADERS: process.env.COMFYUI_CUSTOM_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a9138354a793aa4 Environment-variable access.
repo/packages/env/src/llm.ts:455
      ENABLED_MODELSCOPE: !!process.env.MODELSCOPE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51557e0bf5da77d7 Environment-variable access.
repo/packages/env/src/llm.ts:456
      MODELSCOPE_API_KEY: process.env.MODELSCOPE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a6041da5998605a Environment-variable access.
repo/packages/env/src/llm.ts:458
      ENABLED_V0: !!process.env.V0_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c52cedbcd86c6bc0 Environment-variable access.
repo/packages/env/src/llm.ts:459
      V0_API_KEY: process.env.V0_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #490db4f2a3a835d5 Environment-variable access.
repo/packages/env/src/llm.ts:461
      ENABLED_VERCELAIGATEWAY: !!process.env.VERCELAIGATEWAY_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2e5e6dfbbfb1d7b Environment-variable access.
repo/packages/env/src/llm.ts:462
      VERCELAIGATEWAY_API_KEY: process.env.VERCELAIGATEWAY_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #79a84ae95c3dbf43 Environment-variable access.
repo/packages/env/src/llm.ts:464
      ENABLED_AI302: !!process.env.AI302_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #347cf43eb2345862 Environment-variable access.
repo/packages/env/src/llm.ts:465
      AI302_API_KEY: process.env.AI302_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ed792ecd351d46b Environment-variable access.
repo/packages/env/src/llm.ts:467
      ENABLED_AKASHCHAT: !!process.env.AKASHCHAT_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b00f8a0735ee3802 Environment-variable access.
repo/packages/env/src/llm.ts:468
      AKASHCHAT_API_KEY: process.env.AKASHCHAT_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07dbd85d5accce06 Environment-variable access.
repo/packages/env/src/llm.ts:470
      ENABLED_COMETAPI: !!process.env.COMETAPI_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4152836f8b8c2edb Environment-variable access.
repo/packages/env/src/llm.ts:471
      COMETAPI_KEY: process.env.COMETAPI_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #794f84ae14e7ef42 Environment-variable access.
repo/packages/env/src/llm.ts:473
      ENABLED_AIHUBMIX: !!process.env.AIHUBMIX_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3968c1ca20a60d6c Environment-variable access.
repo/packages/env/src/llm.ts:474
      AIHUBMIX_API_KEY: process.env.AIHUBMIX_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f22346dd86ab7821 Environment-variable access.
repo/packages/env/src/llm.ts:475
      AIHUBMIX_PROXY_URL: process.env.AIHUBMIX_PROXY_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1433c225c5cb5ee5 Environment-variable access.
repo/packages/env/src/llm.ts:477
      ENABLED_NEWAPI: !!process.env.NEWAPI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99141f5b3a6a2b44 Environment-variable access.
repo/packages/env/src/llm.ts:478
      NEWAPI_API_KEY: process.env.NEWAPI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f9d67297b77fca1 Environment-variable access.
repo/packages/env/src/llm.ts:479
      NEWAPI_PROXY_URL: process.env.NEWAPI_PROXY_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e433bf07ca2acd7 Environment-variable access.
repo/packages/env/src/llm.ts:481
      ENABLED_NEBIUS: !!process.env.NEBIUS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #620d0bcb27206541 Environment-variable access.
repo/packages/env/src/llm.ts:482
      NEBIUS_API_KEY: process.env.NEBIUS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #07462ab4fb889c13 Environment-variable access.
repo/packages/env/src/llm.ts:484
      ENABLED_CEREBRAS: !!process.env.CEREBRAS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #60f59d6887c508a5 Environment-variable access.
repo/packages/env/src/llm.ts:485
      CEREBRAS_API_KEY: process.env.CEREBRAS_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e956281cd3bb87ce Environment-variable access.
repo/packages/env/src/llm.ts:487
      ENABLED_ZENMUX: !!process.env.ZENMUX_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aef84d047bfc74d4 Environment-variable access.
repo/packages/env/src/llm.ts:488
      ZENMUX_API_KEY: process.env.ZENMUX_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7aae4d625fab6a2e Environment-variable access.
repo/packages/env/src/llm.ts:490
      ENABLED_STRAICO: !!process.env.STRAICO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ba500d335187ebf Environment-variable access.
repo/packages/env/src/llm.ts:491
      STRAICO_API_KEY: process.env.STRAICO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #86404106f3f6e852 Environment-variable access.
repo/packages/env/src/llm.ts:493
      ENABLED_LOBEHUB: !!process.env.ENABLED_LOBEHUB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5b24e563a2600a5 Environment-variable access.
repo/packages/env/src/llm.ts:495
      ENABLED_OPENCODEZEN: !!process.env.OPENCODEZEN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5025cd622c11f9a3 Environment-variable access.
repo/packages/env/src/llm.ts:496
      OPENCODEZEN_API_KEY: process.env.OPENCODEZEN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d939f27ffdd9837 Environment-variable access.
repo/packages/env/src/llm.ts:498
      ENABLED_OPENCODECODINGPLAN: !!process.env.OPENCODECODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99b5af4a672847b0 Environment-variable access.
repo/packages/env/src/llm.ts:499
      OPENCODECODINGPLAN_API_KEY: process.env.OPENCODECODINGPLAN_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78d413362843e1ef Environment-variable access.
repo/packages/env/src/llm.ts:501
      ENABLED_XIAOMIMIMO: !!process.env.XIAOMIMIMO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #949abdf70dc14af2 Environment-variable access.
repo/packages/env/src/llm.ts:502
      XIAOMIMIMO_API_KEY: process.env.XIAOMIMIMO_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2ee5fe6efe47933 Environment-variable access.
repo/packages/env/src/llm.ts:504
      ENABLED_LONGCAT: !!process.env.LONGCAT_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a35fc8434901516 Environment-variable access.
repo/packages/env/src/llm.ts:505
      LONGCAT_API_KEY: process.env.LONGCAT_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #46096e2ec9ffe058 Environment-variable access.
repo/packages/env/src/llm.ts:507
      ENABLED_STREAMLAKE: !!process.env.STREAMLAKE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b498e2e74a5e42f5 Environment-variable access.
repo/packages/env/src/llm.ts:508
      STREAMLAKE_API_KEY: process.env.STREAMLAKE_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dd7b1cd7b296b31 Environment-variable access.
repo/packages/env/src/llm.ts:510
      ENABLED_ANTGROUP: !!process.env.ANTGROUP_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98b0c96942664d56 Environment-variable access.
repo/packages/env/src/llm.ts:511
      ANTGROUP_API_KEY: process.env.ANTGROUP_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78d49425c2174356 Environment-variable access.
repo/packages/env/src/python.ts:12
      NEXT_PUBLIC_PYODIDE_INDEX_URL: process.env.NEXT_PUBLIC_PYODIDE_INDEX_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ca8a63f865e6d50 Environment-variable access.
repo/packages/env/src/python.ts:13
      NEXT_PUBLIC_PYODIDE_PIP_INDEX_URL: process.env.NEXT_PUBLIC_PYODIDE_PIP_INDEX_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa6a917f49b7dc76 Environment-variable access.
repo/packages/env/src/redis.ts:23
      REDIS_DATABASE: parseNumber(process.env.REDIS_DATABASE),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d81408b999aecaa6 Environment-variable access.
repo/packages/env/src/redis.ts:24
      REDIS_PASSWORD: process.env.REDIS_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #afcc86eb378c5cd9 Environment-variable access.
repo/packages/env/src/redis.ts:25
      REDIS_PREFIX: process.env.REDIS_PREFIX || 'lobechat',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76c6bac7bfc93d1e Environment-variable access.
repo/packages/env/src/redis.ts:26
      REDIS_TLS: parseRedisTls(process.env.REDIS_TLS),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca0adb499570f982 Environment-variable access.
repo/packages/env/src/redis.ts:27
      REDIS_URL: process.env.REDIS_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69c8f123fcaf6690 Environment-variable access.
repo/packages/env/src/redis.ts:28
      REDIS_USERNAME: process.env.REDIS_USERNAME,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ad7dd02e8ab213f Environment-variable access.
repo/packages/env/src/sandbox.ts:9
      ONLYBOXES_BASE_URL: process.env.ONLYBOXES_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a64b2f9551c0a4d4 Environment-variable access.
repo/packages/env/src/sandbox.ts:10
      ONLYBOXES_JIT_ISSUER: process.env.ONLYBOXES_JIT_ISSUER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57ef176519e1a005 Environment-variable access.
repo/packages/env/src/sandbox.ts:11
      ONLYBOXES_JIT_SIGNING_KEY: process.env.ONLYBOXES_JIT_SIGNING_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14a27f45ee5fd1e5 Environment-variable access.
repo/packages/env/src/sandbox.ts:12
      ONLYBOXES_JIT_TTL_SEC: process.env.ONLYBOXES_JIT_TTL_SEC,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #892c39d523d4273d Environment-variable access.
repo/packages/env/src/sandbox.ts:13
      ONLYBOXES_LEASE_TTL_SEC: process.env.ONLYBOXES_LEASE_TTL_SEC,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51b86cb9036871c6 Environment-variable access.
repo/packages/env/src/sandbox.ts:14
      SANDBOX_PROVIDER: process.env.SANDBOX_PROVIDER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cea2e30db536c5fe Environment-variable access.
repo/packages/env/src/tools.ts:13
      CRAWL_CONCURRENCY: process.env.CRAWL_CONCURRENCY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eb935a3239630834 Environment-variable access.
repo/packages/env/src/tools.ts:14
      CRAWLER_RETRY: process.env.CRAWLER_RETRY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b07ca8be6d135b37 Environment-variable access.
repo/packages/env/src/tools.ts:15
      CRAWLER_IMPLS: process.env.CRAWLER_IMPLS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d6d1eaa0fb5c098 Environment-variable access.
repo/packages/env/src/tools.ts:16
      JINA_USE_CN_DOMAINS: process.env.JINA_USE_CN_DOMAINS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6027c01b853e2d5d Environment-variable access.
repo/packages/env/src/tools.ts:17
      SEARCH_PROVIDERS: process.env.SEARCH_PROVIDERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8a59b372898475f Environment-variable access.
repo/packages/env/src/tools.ts:18
      SEARXNG_URL: process.env.SEARXNG_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9ae45cd1379b3813 Environment-variable access.
repo/packages/env/src/tools.ts:19
      VISUAL_UNDERSTANDING_MODEL: process.env.VISUAL_UNDERSTANDING_MODEL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #238c688ba800328e Environment-variable access.
repo/packages/env/src/tools.ts:20
      VISUAL_UNDERSTANDING_PROVIDER: process.env.VISUAL_UNDERSTANDING_PROVIDER,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/eval-dataset-parser

npm first-party
expand_more 6 low-confidence finding(s)
low env_fs test-only Excluded from app score #b4af5aea4197b5a8 Filesystem access.
repo/packages/eval-dataset-parser/__tests__/parseDataset.test.ts:11
  const csv = readFileSync(resolve(fixtures, 'sample.csv'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cb9bdf8b75f30c48 Filesystem access.
repo/packages/eval-dataset-parser/__tests__/parseDataset.test.ts:29
  const jsonl = readFileSync(resolve(fixtures, 'sample.jsonl'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #cac1a1665b62e3d5 Filesystem access.
repo/packages/eval-dataset-parser/__tests__/parseDataset.test.ts:50
  const json = readFileSync(resolve(fixtures, 'sample.json'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5201780e3b7b0ca6 Filesystem access.
repo/packages/eval-dataset-parser/__tests__/parseDataset.test.ts:68
    const csv = readFileSync(resolve(fixtures, 'sample.csv'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7e2c3600e4ba707f Filesystem access.
repo/packages/eval-dataset-parser/__tests__/parseDataset.test.ts:75
    const jsonl = readFileSync(resolve(fixtures, 'sample.jsonl'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c35b2b4af81d9108 Filesystem access.
repo/packages/eval-dataset-parser/__tests__/parseDataset.test.ts:81
    const json = readFileSync(resolve(fixtures, 'sample.json'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/file-loaders

npm first-party
expand_more 7 low-confidence finding(s)
low env_fs test-only Excluded from app score #e64989953aef7f2e Filesystem access.
repo/packages/file-loaders/src/loadFile.test.ts:49
      await writeFile(file, Buffer.from([80, 75, 3, 4, 0, 0]));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dc99a1f33f954ce Filesystem access.
repo/packages/file-loaders/src/loaders/docx/index.ts:19
      const buffer = await fs.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4450038a3e85072 Filesystem access.
repo/packages/file-loaders/src/loaders/excel/index.ts:63
      const dataBuffer = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90d776d940719ed1 Filesystem access.
repo/packages/file-loaders/src/loaders/pdf/index.ts:27
    const dataBuffer = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c091d34a5ef3e9ce Filesystem access.
repo/packages/file-loaders/src/loaders/text/index.ts:16
  const buffer = await readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dd7ea485c36f78dc Filesystem access.
repo/packages/file-loaders/src/utils/isBinaryContent.test.ts:87
    await writeFile(filePath, 'a'.repeat(20_000));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #29528b1adc432ce3 Filesystem access.
repo/packages/file-loaders/src/utils/isBinaryContent.test.ts:95
    await writeFile(
      filePath,
      Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a, 0x00, 0x00, 0x00, 0x0d]),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/llm-generation-tracing

npm first-party
expand_more 8 low-confidence finding(s)
low env_fs test-only Excluded from app score #dcb1bf6c15c037ac Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.test.ts:44
    const raw = await fs.readFile(path.join(dir, jsonFiles[0]), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #89b8e566ca13cb04 Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.test.ts:65
    const content = await fs.readFile(target, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50e2875b86ede264 Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.ts:36
    await fs.writeFile(filePath, JSON.stringify(record, null, 2), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5a129fcf42b033a6 Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.ts:47
      const content = await fs.readFile(target, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a7d100d2f9cd472 Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.ts:63
        const content = await fs.readFile(file.fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #580d27b50e17ad97 Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.ts:91
        const content = await fs.readFile(file.fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d2c2d275b4576e2 Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.ts:106
      const content = await fs.readFile(real, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aee34bed7ae81aa2 Filesystem access.
repo/packages/llm-generation-tracing/src/store/file-store.ts:115
      const content = await fs.readFile(files[0].fullPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/local-file-shell

npm first-party
expand_more 78 low-confidence finding(s)
low env_fs production #dcc4a8a1cc4512d2 Filesystem access.
repo/packages/local-file-shell/src/contentSearch/base.ts:185
        const content = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #288bc5ba7a27e623 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:37
      await writeFile(filePath, lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #124e28cbe1601f2e Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:51
      await writeFile(filePath, lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #37ccd3428174688b Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:62
      await writeFile(filePath, lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #dab63a5d5f622568 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:81
      await writeFile(filePath, 'const x = 1;');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #91df9df333cd692e Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:89
      await writeFile(filePath, 'all: build');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2c66dc9a8136ac5e Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:97
      await writeFile(filePath, 'content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #befb4865d5a321fa Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:106
      await writeFile(filePath, 'A'.repeat(20_000));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #8345030160e90a94 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:119
        await writeFile(filePath, 'data');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4b97ff1e19df5802 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:129
      await writeFile(filePath, buf);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #5ed3ad9ea72bf4bb Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:138
      await writeFile(filePath, 'A'.repeat(27_000));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #049ad437b0f6f110 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:152
      await writeFile(filePath, lines.join('\n'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9feee599300d8423 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:163
      await writeFile(filePath, 'a'.repeat(10 * 1024 * 1024 + 1));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #495b1243b3d8d276 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:173
      await writeFile(filePath, "module.exports = { hello: 'world' };\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ea2700a283f4ca13 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:189
      expect(fs.readFileSync(filePath, 'utf8')).toBe('hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #548091b5a3cbf2c2 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:197
      expect(fs.readFileSync(filePath, 'utf8')).toBe('nested');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #02c55c3e2749f2b1 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:221
      await writeFile(filePath, 'hello world\nhello again');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e4649f6f496dc321 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:231
      expect(fs.readFileSync(filePath, 'utf8')).toBe('hi world\nhello again');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7c1a818ca9efc1c5 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:239
      await writeFile(filePath, 'hello world\nhello again');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #09b26a0c77cf76ca Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:250
      expect(fs.readFileSync(filePath, 'utf8')).toBe('hi world\nhi again');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0a0114246c06c0f6 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:255
      await writeFile(filePath, 'hello world');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #14a48d6ba084a037 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:269
      await writeFile(filePath, 'price is $10.00 and $20.00');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #60de651993188aeb Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:279
      expect(fs.readFileSync(filePath, 'utf8')).toBe('price is $XX.XX and $20.00');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e14c7a652e152e4c Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:295
      await writeFile(filePath, 'line1\nline2\nline3');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9dfae16832680a2b Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:310
      await writeFile(filePath, 'line1\r\nline2\r\nline3\r\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2c1fe39cc48468f6 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:322
      expect(fs.readFileSync(filePath, 'utf8')).toBe('lineA\r\nlineB\r\nline3\r\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #56812ab6e4bcf0b7 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:327
      await writeFile(filePath, 'a\r\nb\r\na\r\nb\r\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #7c83579d21cfcb0d Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:338
      expect(fs.readFileSync(filePath, 'utf8')).toBe('x\r\ny\r\nx\r\ny\r\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fab63a510692ffb8 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:346
      await writeFile(path.join(tmpDir, 'a.txt'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #acb4bec472dbe27a Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:347
      await writeFile(path.join(tmpDir, 'b.txt'), 'b');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9db594ba7b2c2169 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:361
      await writeFile(path.join(tmpDir, 'c.txt'), 'c');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3b03012344732bf1 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:362
      await writeFile(path.join(tmpDir, 'a.txt'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #db8f9f894a5232f4 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:363
      await writeFile(path.join(tmpDir, 'b.txt'), 'b');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #91ab61744e279c29 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:376
      await writeFile(path.join(tmpDir, 'small.txt'), 'x');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b1404a735535b501 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:377
      await writeFile(path.join(tmpDir, 'large.txt'), 'x'.repeat(1000));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1e787201db4fb240 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:389
      await writeFile(path.join(tmpDir, 'a.txt'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #79da3b6f27831eaa Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:390
      await writeFile(path.join(tmpDir, 'b.txt'), 'b');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #f3a256a8bfe6f127 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:391
      await writeFile(path.join(tmpDir, 'c.txt'), 'c');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fd28a0f8a55ed4cd Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:431
      await writeFile(src, 'content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0198ec82e6686676 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:445
      await writeFile(filePath, 'content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #4531b3845ed93116 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:471
      await writeFile(src, 'content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #22021fc95a156de3 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:487
      await writeFile(filePath, 'content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #708b1a88f7cbba1b Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:512
      await writeFile(filePath, 'content');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a8b182c1de5bc9a8 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:531
      await writeFile(path.join(tmpDir, 'a.ts'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d9a5e34cbc833799 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:532
      await writeFile(path.join(tmpDir, 'b.ts'), 'b');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e95d5ddfe9afb9ba Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:533
      await writeFile(path.join(tmpDir, 'c.js'), 'c');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #9cbe5d1cffb53904 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:544
      await writeFile(path.join(tmpDir, 'node_modules', 'pkg', 'index.ts'), 'x');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2fb4646a4ae99154 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:545
      await writeFile(path.join(tmpDir, 'src.ts'), 'y');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #52b42bb5688e027c Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:554
      await writeFile(path.join(tmpDir, '.github', 'workflows', 'ci.yml'), 'name: ci');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fa4620ba62a7a138 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:555
      await writeFile(path.join(tmpDir, '.github', 'workflows', 'release.yaml'), 'name: release');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d3afa8f631a9dab2 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:569
      await writeFile(path.join(tmpDir, 'a.ts'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #fb36769b1347c7fb Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:577
      await writeFile(path.join(tmpDir, 'a.ts'), 'a');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e222a486a175a901 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:589
      await writeFile(path.join(tmpDir, 'search.txt'), 'hello world\nfoo bar\nhello again');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #e92442cb26942771 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:599
      await writeFile(path.join(tmpDir, 'search.txt'), 'hello world\nfoo bar\nhello again');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #91b2fd8a04ef9a43 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:607
      await writeFile(path.join(tmpDir, 'empty.txt'), 'nothing here');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b4a1762ad240d8e3 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:641
      await writeFile(path.join(tmpDir, 'config.json'), '{}');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #b4e9caaafc875e3a Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:642
      await writeFile(path.join(tmpDir, 'config.yaml'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #44117a517a9367bf Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:643
      await writeFile(path.join(tmpDir, 'readme.md'), '');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #ce3a47d9f4faf49b Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:653
        await writeFile(path.join(tmpDir, `file${i}.log`), `content ${i}`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #3042bfe92e5d6050 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:675
      await writeFile(path.join(tmpDir, '.env'), 'A=1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d03a2746b4f67904 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:676
      await writeFile(path.join(tmpDir, '.envrc'), 'export A=1');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #375ba0ab99fc7ac9 Filesystem access.
repo/packages/local-file-shell/src/file/__tests__/file.test.ts:677
      await writeFile(path.join(tmpDir, 'env.txt'), 'unrelated');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06f4cb3fd56ccf77 Filesystem access.
repo/packages/local-file-shell/src/file/edit.ts:17
    const content = await readFile(filePath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1eb3961934cabc0e Filesystem access.
repo/packages/local-file-shell/src/file/edit.ts:61
    await writeFile(filePath, newContent, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d673fbebd0d4b4f2 Filesystem access.
repo/packages/local-file-shell/src/file/search.ts:42
          const content = await readFile(file.path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51c458e3bfa603a9 Filesystem access.
repo/packages/local-file-shell/src/file/write.ts:20
    await writeFile(filePath, content, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #24ac1490e72dfa6d Filesystem access.
repo/packages/local-file-shell/src/git/__tests__/branches.test.ts:33
  await writeFile(path.join(dir, 'a.txt'), 'hello\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #890b4624f0b16a95 Filesystem access.
repo/packages/local-file-shell/src/git/__tests__/branches.test.ts:104
    await writeFile(path.join(linked, 'new.txt'), 'new\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #756b553920172979 Filesystem access.
repo/packages/local-file-shell/src/git/__tests__/branches.test.ts:242
    await writeFile(path.join(repo, 'a.txt'), 'hello\nworld\n'); // modify tracked

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bea3d90ce80ce352 Filesystem access.
repo/packages/local-file-shell/src/git/__tests__/branches.test.ts:243
    await writeFile(path.join(repo, 'new.txt'), 'fresh\n'); // untracked add

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #295e63dfd37f0a63 Filesystem access.
repo/packages/local-file-shell/src/git/__tests__/branches.test.ts:271
    await writeFile(path.join(repo, 'a.txt'), 'tampered\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #0b571e108c84ed0f Filesystem access.
repo/packages/local-file-shell/src/git/__tests__/branches.test.ts:273
    expect(await readFile(path.join(repo, 'a.txt'), 'utf8')).toBe('hello\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #1d40c70bb6f55278 Filesystem access.
repo/packages/local-file-shell/src/git/__tests__/branches.test.ts:277
    await writeFile(path.join(repo, 'junk.txt'), 'x\n');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b5064af617619a6 Filesystem access.
repo/packages/local-file-shell/src/git/info.ts:138
    const head = (await readFile(`${gitDir}/HEAD`, 'utf8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #744405e8cb0856a9 Filesystem access.
repo/packages/local-file-shell/src/git/repoType.ts:12
    const content = await readFile(gitPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02d4067f30b4a5bb Filesystem access.
repo/packages/local-file-shell/src/git/repoType.ts:40
    const commondir = (await readFile(path.join(gitDir, 'commondir'), 'utf8')).trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11da49d8257689c1 Filesystem access.
repo/packages/local-file-shell/src/git/repoType.ts:62
    const config = await readFile(path.join(commonDir, 'config'), 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4d56bd166bb1b0f8 Filesystem access.
repo/packages/local-file-shell/src/git/workingTree.ts:238
    buf = await readFile(absolute);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/memory-user-memory

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs test-only Excluded from app score #c3b2a55914c1a72d Environment-variable access.
repo/packages/memory-user-memory/benchmarks/locomo/run.ts:7
const baseUrl = process.env.MEMORY_USER_MEMORY_LOBEHUB_BASE_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #2b614631aaf69602 Environment-variable access.
repo/packages/memory-user-memory/benchmarks/locomo/run.ts:8
const benchmarkLoCoMoFile = process.env.MEMORY_USER_MEMORY_BENCHMARKS_LOCOMO_DATASETS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #08c715c78c20e97b Environment-variable access.
repo/packages/memory-user-memory/benchmarks/locomo/run.ts:9
const webhookExtraHeaders = process.env.MEMORY_USER_MEMORY_WEBHOOK_HEADERS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress test-only Excluded from app score #12999caed2d64bbf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/memory-user-memory/benchmarks/locomo/run.ts:23
  const res = await fetch(new URL(path, baseUrl).toString(), {
    body: JSON.stringify(body),
    headers: {
      'Content-Type': 'application/json',
      ...webhookHeaders,
    },
    method: 'POST',
  });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #af730789f26a737e Filesystem access.
repo/packages/memory-user-memory/src/converters/locomo.ts:176
  const raw = readFileSync(absPath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/model-bank

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs test-only Excluded from app score #385607b400de4e6b Filesystem access.
repo/packages/model-bank/src/exports.test.ts:12
  const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf8')) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/observability-otel

npm first-party
expand_more 11 low-confidence finding(s)
low env_fs production #e7de71119fd51d4d Environment-variable access.
repo/packages/observability-otel/src/node.ts:20
    'env': process.env.VERCEL_ENV || process.env.NEXT_PUBLIC_VERCEL_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df9a13e361816651 Environment-variable access.
repo/packages/observability-otel/src/node.ts:23
      process.env.VERCEL_BRANCH_URL || process.env.NEXT_PUBLIC_VERCEL_BRANCH_URL || undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b150194f2e92cde0 Environment-variable access.
repo/packages/observability-otel/src/node.ts:24
    'vercel.deployment_id': process.env.VERCEL_DEPLOYMENT_ID || undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ea4f89bf0735297 Environment-variable access.
repo/packages/observability-otel/src/node.ts:25
    'vercel.host': process.env.VERCEL_URL || process.env.NEXT_PUBLIC_VERCEL_URL || undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba0709876332de02 Environment-variable access.
repo/packages/observability-otel/src/node.ts:26
    'vercel.project_id': process.env.VERCEL_PROJECT_ID || undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a536ed7f5d0bca25 Environment-variable access.
repo/packages/observability-otel/src/node.ts:27
    'vercel.region': process.env.VERCEL_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a04a9c6f92fc482 Environment-variable access.
repo/packages/observability-otel/src/node.ts:28
    'vercel.runtime': process.env.NEXT_RUNTIME || 'nodejs',

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2a5635bac557e454 Environment-variable access.
repo/packages/observability-otel/src/node.ts:30
      process.env.VERCEL_GIT_COMMIT_SHA || process.env.NEXT_PUBLIC_VERCEL_GIT_COMMIT_SHA,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12e859a70649d6c5 Environment-variable access.
repo/packages/observability-otel/src/node.ts:32
    'service.version': process.env.VERCEL_DEPLOYMENT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb961d8919e5a8c4 Environment-variable access.
repo/packages/observability-otel/src/node.ts:39
    'node.ci': process.env.CI ? true : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77f21128b3ccde54 Environment-variable access.
repo/packages/observability-otel/src/node.ts:40
    'node.env': process.env.NODE_ENV,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/openapi

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #06a743546bdcf94c Filesystem access.
repo/packages/openapi/src/helpers/file.ts:118
          const bin = fs.readFileSync((f as any).filepath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5a9ded9ff660756 Environment-variable access.
repo/packages/openapi/src/middleware/auth.ts:54
  const isMockUser = process.env.ENABLE_MOCK_DEV_USER === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4ef2707fbed45c11 Environment-variable access.
repo/packages/openapi/src/middleware/auth.ts:55
  if (process.env.NODE_ENV === 'development' && (isDebugApi || isMockUser)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e92b316e1ac05ce1 Environment-variable access.
repo/packages/openapi/src/middleware/auth.ts:57
    c.set('userId', process.env.MOCK_DEV_USER_ID || 'DEV_USER');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #480a684aefea7e2b Environment-variable access.
repo/packages/openapi/src/middleware/permission-check.ts:46
    if (options.skipInDev && process.env.NODE_ENV === 'development') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/python-interpreter

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #e564809870979478 Filesystem access.
repo/packages/python-interpreter/src/worker.ts:77
        this.pyodide.FS.writeFile(file.name, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c9cbb5e188a0872 Filesystem access.
repo/packages/python-interpreter/src/worker.ts:79
        this.pyodide.FS.writeFile(`/mnt/data/${file.name}`, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7bfc5e955b4fc56 Filesystem access.
repo/packages/python-interpreter/src/worker.ts:95
      const content = (this.pyodide.FS as any).readFile(filePath, { encoding: 'binary' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #4551be0edc37f5e1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/python-interpreter/src/worker.ts:173
      const buffer = await fetch(url, { cache: 'force-cache' }).then((res) => res.arrayBuffer());

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #215287846708173c Filesystem access.
repo/packages/python-interpreter/src/worker.ts:175
      this.pyodide.FS.writeFile(`/usr/share/fonts/truetype/${filename}`, new Uint8Array(buffer));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/ssrf-safe-fetch

npm first-party
expand_more 12 low-confidence finding(s)
low egress production #055243116dc53d74 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/ssrf-safe-fetch/index.browser.ts:34
  return fetch(url, options);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only Excluded from app score #82ab0ece25e4f3a3 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:35
    delete process.env.SSRF_ALLOW_IP_ADDRESS_LIST;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #c61cb03a2278a723 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:36
    delete process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #bc41ef4885038052 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:106
      process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #d901c294a07b7884 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:118
      process.env.SSRF_ALLOW_IP_ADDRESS_LIST = '127.0.0.1,192.168.1.100';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #66137f25540769e0 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:167
      process.env.SSRF_ALLOW_IP_ADDRESS_LIST = '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #a70504366146612e Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:177
      process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS = 'invalid-value';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #04054c437f505dd0 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:461
      process.env.SSRF_ALLOW_IP_ADDRESS_LIST = '127.0.0.1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #af74cf60800b9772 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.test.ts:462
      process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS = '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fadaa674df53f1c2 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.ts:72
    const envAllowPrivate = process.env.SSRF_ALLOW_PRIVATE_IP_ADDRESS === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c752c06b58ac0996 Environment-variable access.
repo/packages/ssrf-safe-fetch/index.ts:78
        process.env.SSRF_ALLOW_IP_ADDRESS_LIST?.split(',').filter(Boolean) ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #d96c88892a35590f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/ssrf-safe-fetch/index.ts:92
    const response = await fetch(url, {
      ...options,
      agent: (parsedURL: URL) => (parsedURL.protocol === 'https:' ? httpsAgent : httpAgent),
    } as any);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/tool-runtime

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs test-only Excluded from app score #ffe889582571b3b4 Filesystem access.
repo/packages/tool-runtime/src/__tests__/LocalSystemExecutionRuntime.test.ts:112
    const output = await runtime.readFile({ path: '/tmp/cat.png' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #74fcc97b0268f543 Filesystem access.
repo/packages/tool-runtime/src/__tests__/LocalSystemExecutionRuntime.test.ts:134
    const output = await runtime.readFile({ path: '/tmp/cat.png' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #148ffa2766647af0 Filesystem access.
repo/packages/tool-runtime/src/__tests__/LocalSystemExecutionRuntime.test.ts:153
    const output = await runtime.readFile({ path: '/tmp/a.txt' });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/trpc

npm first-party
expand_more 5 low-confidence finding(s)
low egress production #ab90ac1ddb05ed79 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/trpc/src/client/lambda.ts:107
    return fetch(input, { ...init, credentials: 'include' });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #59b714cc75c609ff Environment-variable access.
repo/packages/trpc/src/lambda/context.ts:132
  const isMockUser = process.env.ENABLE_MOCK_DEV_USER === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ffa4c1bb983e564 Environment-variable access.
repo/packages/trpc/src/lambda/context.ts:134
  if (process.env.NODE_ENV === 'development' && (isDebugApi || isMockUser)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6484068611b3622 Environment-variable access.
repo/packages/trpc/src/lambda/context.ts:136
      userId: process.env.MOCK_DEV_USER_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only Excluded from app score #96e54d96eb682a67 Environment-variable access.
repo/packages/trpc/src/middleware/openTelemetry.test.ts:70
    process.env.ENABLE_TELEMETRY = 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/utils

npm first-party
expand_more 8 low-confidence finding(s)
low egress production #46f31357fb3c3433 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/utils/src/client/clipboard.ts:36
    const base64Response = await fetch(imageUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c6e654f16aa43337 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/utils/src/client/downloadFile.ts:8
    const response = await fetch(url, {
      // Avoid image disk cache which can cause incorrect CORS headers
      cache: 'no-store',

      credentials: 'omit',

      mode: 'cors',
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9e1ec789b4ab1486 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/utils/src/client/fetchEventSource/index.ts:76
        const response = await fetch(input, {
          ...rest,
          headers,
          signal: inputSignal,
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #3d772aa429be9e14 Environment-variable access.
repo/packages/utils/src/env.ts:1
export const isDev = process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #c88ab8108b41c45e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/utils/src/imageToBase64.ts:56
      : await fetch(imageUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6d7b54f610e51333 Environment-variable access.
repo/packages/utils/src/jina.ts:7
  process.env.JINA_USE_CN_DOMAINS?.trim().toLowerCase() === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9562d512685ad5e9 Environment-variable access.
repo/packages/utils/src/server/apiKeyHash.ts:3
const getApiKeyHashSecret = () => process.env.KEY_VAULTS_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5c4013cab8c41e60 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/utils/src/videoToBase64.ts:18
      : await fetch(videoUrl);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

Skipped dependencies

Production

  • @ant-design/icons prod — scan budget exceeded
  • @ant-design/pro-components prod — scan budget exceeded
  • @anthropic-ai/sdk prod — scan budget exceeded
  • @atlaskit/pragmatic-drag-and-drop prod — scan budget exceeded
  • @atlaskit/pragmatic-drag-and-drop-hitbox prod — scan budget exceeded
  • @aws-sdk/client-bedrock-runtime prod — scan budget exceeded
  • @aws-sdk/client-s3 prod — scan budget exceeded
  • @aws-sdk/s3-request-presigner prod — scan budget exceeded
  • @azure-rest/ai-inference prod — scan budget exceeded
  • @azure/core-auth prod — scan budget exceeded
  • @better-auth/expo prod — scan budget exceeded
  • @better-auth/passkey prod — scan budget exceeded
  • @cfworker/json-schema prod — scan budget exceeded
  • @chat-adapter/discord prod — scan budget exceeded
  • @chat-adapter/slack prod — scan budget exceeded
  • @chat-adapter/state-ioredis prod — scan budget exceeded
  • @chat-adapter/telegram prod — scan budget exceeded
  • @codesandbox/sandpack-react prod — scan budget exceeded
  • @composio/core prod — scan budget exceeded
  • @discordjs/rest prod — scan budget exceeded
  • @dnd-kit/core prod — scan budget exceeded
  • @dnd-kit/sortable prod — scan budget exceeded
  • @dnd-kit/utilities prod — scan budget exceeded
  • @emoji-mart/data prod — scan budget exceeded
  • @emoji-mart/react prod — scan budget exceeded
  • @emotion/react prod — scan budget exceeded
  • @fal-ai/client prod — scan budget exceeded
  • @floating-ui/react prod — scan budget exceeded
  • @formkit/auto-animate prod — scan budget exceeded
  • @google/genai prod — scan budget exceeded
  • @henrygd/queue prod — scan budget exceeded
  • @huggingface/inference prod — scan budget exceeded
  • @icons-pack/react-simple-icons prod — scan budget exceeded
  • @khmyznikov/pwa-install prod — scan budget exceeded
  • @larksuiteoapi/node-sdk prod — scan budget exceeded
  • @lexical/utils prod — scan budget exceeded
  • @lobehub/analytics prod — scan budget exceeded
  • @lobehub/charts prod — scan budget exceeded
  • @lobehub/editor prod — scan budget exceeded
  • @lobehub/icons prod — scan budget exceeded
  • @lobehub/market-sdk prod — scan budget exceeded
  • @lobehub/tts prod — scan budget exceeded
  • @lobehub/ui prod — scan budget exceeded
  • @modelcontextprotocol/sdk prod — scan budget exceeded
  • @napi-rs/canvas prod — scan budget exceeded
  • @neondatabase/serverless prod — scan budget exceeded
  • @next/third-parties prod — scan budget exceeded
  • @opentelemetry/auto-instrumentations-node prod — scan budget exceeded
  • @opentelemetry/exporter-jaeger prod — scan budget exceeded
  • @opentelemetry/resources prod — scan budget exceeded
  • @opentelemetry/sdk-metrics prod — scan budget exceeded
  • @opentelemetry/winston-transport prod — scan budget exceeded
  • @pierre/trees prod — scan budget exceeded
  • @react-pdf/renderer prod — scan budget exceeded
  • @react-three/drei prod — scan budget exceeded
  • @react-three/fiber prod — scan budget exceeded
  • @saintno/comfyui-sdk prod — scan budget exceeded
  • @t3-oss/env-core prod — scan budget exceeded
  • @t3-oss/env-nextjs prod — scan budget exceeded
  • @tanstack/react-query prod — scan budget exceeded
  • @trpc/client prod — scan budget exceeded
  • @trpc/next prod — scan budget exceeded
  • @trpc/react-query prod — scan budget exceeded
  • @trpc/server prod — scan budget exceeded
  • @upstash/qstash prod — scan budget exceeded
  • @upstash/workflow prod — scan budget exceeded
  • @vercel/analytics prod — scan budget exceeded
  • @vercel/edge-config prod — scan budget exceeded
  • @vercel/functions prod — scan budget exceeded
  • @vercel/speed-insights prod — scan budget exceeded
  • @virtuoso.dev/masonry prod — scan budget exceeded
  • @xterm/addon-fit prod — scan budget exceeded
  • @xterm/xterm prod — scan budget exceeded
  • @zumer/snapdom prod — scan budget exceeded
  • ahooks prod — scan budget exceeded
  • antd prod — scan budget exceeded
  • antd-style prod — scan budget exceeded
  • async-retry prod — scan budget exceeded
  • bcryptjs prod — scan budget exceeded
  • better-auth prod — scan budget exceeded
  • brotli-wasm prod — scan budget exceeded
  • buffer.js prod — scan budget exceeded
  • chat prod — scan budget exceeded
  • chroma-js prod — scan budget exceeded
  • class-variance-authority prod — scan budget exceeded
  • cmdk prod — scan budget exceeded
  • cookie prod — scan budget exceeded
  • countries-and-timezones prod — scan budget exceeded
  • d3-dsv prod — scan budget exceeded
  • dayjs prod — scan budget exceeded
  • debug prod — scan budget exceeded
  • dexie prod — scan budget exceeded
  • diff prod — scan budget exceeded
  • discord-api-types prod — scan budget exceeded
  • drizzle-orm prod — scan budget exceeded
  • drizzle-zod prod — scan budget exceeded
  • epub2 prod — scan budget exceeded
  • es-toolkit prod — scan budget exceeded
  • expo-server-sdk prod — scan budget exceeded
  • fast-deep-equal prod — scan budget exceeded
  • fflate prod — scan budget exceeded
  • ffmpeg-static prod — scan budget exceeded
  • file-type prod — scan budget exceeded
  • fuse.js prod — scan budget exceeded
  • gray-matter prod — scan budget exceeded
  • hono prod — scan budget exceeded
  • html-to-text prod — scan budget exceeded
  • i18next prod — scan budget exceeded
  • i18next-browser-languagedetector prod — scan budget exceeded
  • i18next-resources-to-backend prod — scan budget exceeded
  • immer prod — scan budget exceeded
  • ioredis prod — scan budget exceeded
  • jose prod — scan budget exceeded
  • js-sha256 prod — scan budget exceeded
  • jsondiffpatch prod — scan budget exceeded
  • jsonl-parse-stringify prod — scan budget exceeded
  • langfuse prod — scan budget exceeded
  • langfuse-core prod — scan budget exceeded
  • lexical prod — scan budget exceeded
  • lucide-react prod — scan budget exceeded
  • mammoth prod — scan budget exceeded
  • marked prod — scan budget exceeded
  • mdast-util-to-markdown prod — scan budget exceeded
  • motion prod — scan budget exceeded
  • nanoid prod — scan budget exceeded
  • next prod — scan budget exceeded
  • next-mdx-remote prod — scan budget exceeded
  • next-themes prod — scan budget exceeded
  • nextjs-toploader prod — scan budget exceeded
  • node-machine-id prod — scan budget exceeded
  • nodemailer prod — scan budget exceeded
  • numeral prod — scan budget exceeded
  • nuqs prod — scan budget exceeded
  • officeparser prod — scan budget exceeded
  • ogl prod — scan budget exceeded
  • oidc-provider prod — scan budget exceeded
  • ollama prod — scan budget exceeded
  • openai prod — scan budget exceeded
  • openapi-fetch prod — scan budget exceeded
  • partial-json prod — scan budget exceeded
  • path-browserify-esm prod — scan budget exceeded
  • pathe prod — scan budget exceeded
  • pdf-parse prod — scan budget exceeded
  • pdfjs-dist prod — scan budget exceeded
  • pdfkit prod — scan budget exceeded
  • pg prod — scan budget exceeded
  • pinyin-pro prod — scan budget exceeded
  • plaiceholder prod — scan budget exceeded
  • polished prod — scan budget exceeded
  • posthog-js prod — scan budget exceeded
  • pure-rand prod — scan budget exceeded
  • pwa-install-handler prod — scan budget exceeded
  • query-string prod — scan budget exceeded
  • random-words prod — scan budget exceeded
  • rc-util prod — scan budget exceeded
  • react prod — scan budget exceeded
  • react-confetti prod — scan budget exceeded
  • react-dom prod — scan budget exceeded
  • react-fast-marquee prod — scan budget exceeded
  • react-hotkeys-hook prod — scan budget exceeded
  • react-i18next prod — scan budget exceeded
  • react-lazy-load prod — scan budget exceeded
  • react-markdown prod — scan budget exceeded
  • react-pdf prod — scan budget exceeded
  • react-responsive prod — scan budget exceeded
  • react-rnd prod — scan budget exceeded
  • react-router prod — scan budget exceeded
  • react-scan prod — scan budget exceeded
  • react-virtuoso prod — scan budget exceeded
  • react-wrap-balancer prod — scan budget exceeded
  • remark prod — scan budget exceeded
  • remark-gfm prod — scan budget exceeded
  • remark-html prod — scan budget exceeded
  • remove-markdown prod — scan budget exceeded
  • resend prod — scan budget exceeded
  • resolve-accept-language prod — scan budget exceeded
  • rtl-detect prod — scan budget exceeded
  • semver prod — scan budget exceeded
  • sharp prod — scan budget exceeded
  • shiki prod — scan budget exceeded
  • stripe prod — scan budget exceeded
  • superjson prod — scan budget exceeded
  • svix prod — scan budget exceeded
  • swr prod — scan budget exceeded
  • three prod — scan budget exceeded
  • tokenx prod — scan budget exceeded
  • ts-md5 prod — scan budget exceeded
  • ua-parser-js prod — scan budget exceeded
  • undici prod — scan budget exceeded
  • unist-builder prod — scan budget exceeded
  • url-join prod — scan budget exceeded
  • use-merge-value prod — scan budget exceeded
  • uuid prod — scan budget exceeded
  • virtua prod — scan budget exceeded
  • word-extractor prod — scan budget exceeded
  • ws prod — scan budget exceeded
  • xast-util-to-xml prod — scan budget exceeded
  • xastscript prod — scan budget exceeded
  • yaml prod — scan budget exceeded
  • zod prod — scan budget exceeded