Close Open Privacy Scan

bolt Snapshot: commit b666d16
science engine v1.21
schedule 2026-07-18T20:06:05.916779+00:00

verified_user No application data leak found

No high-confidence exfiltration was found in application code.

App Privacy Score

87 /100
Low privacy risk

Low risk · 49 finding(s)

Dependency score: 82 (Low risk)

bar_chart Score Breakdown

egress −10
env_fs −3

list Scan Summary

0 high 0 medium 49 low
First-party packages: 1
Dependency packages: 5
Ecosystem: python

swap_horiz External domains

aka.msapi.slack.comapi.telegram.orgatlas.nomic.aiconsole.groq.comconsole.mistral.aicore.telegram.orgdiscord.comdiscord.ggdiscordpy.readthedocs.iodocs.gpt4all.iodocs.python.orgen.wikipedia.orggithub.comgpt4all.iogroq.comhttpbin.orghuggingface.coipywidgets.readthedocs.iomistral.aiopenai.complatform.openai.compt.wikipedia.orgpypi.orgrequests.readthedocs.iostackoverflow.comterms.naer.edu.twtqdm.github.iowww.nomic.aiwww.python.orgzh.wikipedia.org

</> First-Party Code

first-party (python): gpt4all-bindings/python

python first-party
expand_more 4 low-confidence finding(s)
low egress production #28cbe17c085a618f Hardcoded external endpoint. Review what data is sent to this destination.
repo/gpt4all-bindings/python/gpt4all/gpt4all.py:311
        resp = requests.get("https://gpt4all.io/models/models3.json")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #17980811bed7d02a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/gpt4all-bindings/python/gpt4all/gpt4all.py:411
            response = requests.get(url, stream=True, headers=headers)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #97774e3c2e5be75b Filesystem access.
repo/gpt4all-bindings/python/gpt4all/gpt4all.py:427
        with open(partial_path, "w+b") as partf:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b98cb910a860ceb Filesystem access.
repo/gpt4all-bindings/python/setup.py:65
    with open(pathlib.Path(__file__).parent / "README.md", encoding="utf-8") as fp:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

importlib_resources

python dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #e46b7829ba18fce7 Filesystem access.
pkgs/python/[email protected]/importlib_resources/_common.py:190
        child.write_bytes(source.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80198961aa90914b Filesystem access.
pkgs/python/[email protected]/importlib_resources/_functional.py:25
    return _get_resource(anchor, path_names).read_bytes()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ba54b8fb4b12234 Filesystem access.
pkgs/python/[email protected]/importlib_resources/_functional.py:32
    return resource.read_text(encoding=encoding, errors=errors)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

jinja2

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #a35825014b03de45 Filesystem access.
pkgs/python/[email protected]/src/jinja2/bccache.py:270
            f = open(filename, "rb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ada7c955cd0c1e2d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/src/jinja2/bccache.py:390
            code = self.client.get(self.prefix + bucket.key)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #ec92dbd5a5f90c42 Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:860
                with open(os.path.join(target, filename), "wb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bdd4827535ea17d Filesystem access.
pkgs/python/[email protected]/src/jinja2/environment.py:1611
            real_fp: t.IO[bytes] = open(fp, "wb")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bf3f6f1cf6fdd494 Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:214
        with open(filename, encoding=self.encoding) as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c8dc626cd22ec9f6 Filesystem access.
pkgs/python/[email protected]/src/jinja2/loaders.py:382
            with open(p, "rb") as f:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #253093a100655c78 Filesystem access.
pkgs/python/[email protected]/src/jinja2/utils.py:171
    return open(filename, mode)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

requests

python dependency
expand_more 8 low-confidence finding(s)
low env_fs dependency Excluded from app score #30e87f2c0b1ae0e1 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:857
                    os.environ.get("REQUESTS_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0a4ff0925d419f53 Environment-variable access.
pkgs/python/[email protected]/src/requests/sessions.py:858
                    or os.environ.get("CURL_CA_BUNDLE")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a9caf48cea9093f Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:239
    netrc_file = os.environ.get("NETRC")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ef03dd4b07e8c996 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:798
        old_value = os.environ.get(env_name)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ddece868c6baa2e Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:799
        os.environ[env_name] = value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a6d3993b538cbf1 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:805
                del os.environ[env_name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b1c984e448ad3d23 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:807
                os.environ[env_name] = old_value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f3b21c0cf8672c7 Environment-variable access.
pkgs/python/[email protected]/src/requests/utils.py:820
        return os.environ.get(key) or os.environ.get(key.upper())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

tqdm

python dependency
expand_more 20 low-confidence finding(s)
low env_fs dependency Excluded from app score #7c43c5c1cd6c742d Filesystem access.
pkgs/python/[email protected]/.meta/mkcompletion.py:59
    (Path(__file__).resolve().parent.parent / 'tqdm' / 'completion.sh').write_text(
        completion, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c2f79e394b68defb Filesystem access.
pkgs/python/[email protected]/.meta/mkdocs.py:51
README_rst = (src_dir / '.readme.rst').read_text("utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #48b0af528667a5b5 Filesystem access.
pkgs/python/[email protected]/.meta/mkdocs.py:93
man = (src_dir / '.tqdm.1.md').read_text() + man

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55b49a090a2afe30 Filesystem access.
pkgs/python/[email protected]/.meta/mkdocs.py:104
    (src_dir.parent / 'README.rst').write_text(README_rst, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #27c0bdfba1f7d39e Filesystem access.
pkgs/python/[email protected]/.meta/mksnap.py:65
    (Path(__file__).resolve().parent.parent / 'snapcraft.yaml').write_text(
        snap_yml.decode('utf-8') if hasattr(snap_yml, 'decode') else snap_yml, encoding='utf-8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unreachable #f750d05f51541e56 Filesystem access.
pkgs/python/[email protected]/examples/7zx.py:82
            with open(md, buffering=1) as m:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #fc6ab1420be1dfe6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/tqdm_requests.py:30
response = requests.get(eg_link, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #77a673efe16bd30d Filesystem access.
pkgs/python/[email protected]/examples/tqdm_requests.py:31
with open(eg_out, "wb") as fout:

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #46bf6961b1ccf9fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/tqdm_requests.py:42
response = requests.get(eg_link, stream=True)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #96a748767c78f084 Filesystem access.
pkgs/python/[email protected]/examples/tqdm_requests.py:44
    open(eg_out, "wb"), "write",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unreachable #85770bd07fc031f6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/examples/tqdm_wget.py:105
response = urllib.urlopen(eg_link)  # nosec

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unreachable #7361c656c09f0e0b Filesystem access.
pkgs/python/[email protected]/examples/tqdm_wget.py:106
with tqdm.wrapattr(open(eg_out, "wb"), "write",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b18f4d8c3d582845 Environment-variable access.
pkgs/python/[email protected]/tqdm/autonotebook.py:15
        if any(i == 'QT_API' or i.startswith('SPYDER') for i in os.environ):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f9bd07f615bf55d Filesystem access.
pkgs/python/[email protected]/tqdm/cli.py:270
                dst.write_bytes(fi.read_bytes())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #838a8500115b6cd5 Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/bells.py:17
if getenv("TQDM_SLACK_TOKEN") and getenv("TQDM_SLACK_CHANNEL"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3adefa0855cde5f Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/bells.py:19
elif getenv("TQDM_TELEGRAM_TOKEN") and getenv("TQDM_TELEGRAM_CHAT_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ecd622d6c6253b81 Environment-variable access.
pkgs/python/[email protected]/tqdm/contrib/bells.py:21
elif getenv("TQDM_DISCORD_TOKEN") and getenv("TQDM_DISCORD_CHANNEL_ID"):

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #ad1fd926ca78a7f6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tqdm/contrib/discord.py:45
            req = self.session.post(
                f'{self.API}/channels/{self.channel_id}/messages',
                headers={'Authorization': f'Bot {self.token}', 'User-Agent': self.UA},
                json={'content': f"`{self.text}`"})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #181dbd557e2228d0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/python/[email protected]/tqdm/contrib/telegram.py:42
            req = self.session.post(
                f'{self.API}{self.token}/sendMessage',
                data={'text': f"`{self.text}`", 'chat_id': self.chat_id,
                      'parse_mode': 'MarkdownV2'})

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #f2b2e0f81d0942f6 Environment-variable access.
pkgs/python/[email protected]/tqdm/utils.py:50
            (k[i:].lower(), v) for k, v in os.environ.items() if k.startswith(prefix))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typing-extensions

python dependency
expand_more 7 low-confidence finding(s)
low env_fs dependency Excluded from app score #32a2786c65adfaf9 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1698
            Path(tempdir, "ann_module.py").write_text(ANN_MODULE_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #aa9973881a769a2d Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1699
            Path(tempdir, "ann_module2.py").write_text(ANN_MODULE_2_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #16dbf67fb3a0e096 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:1700
            Path(tempdir, "ann_module3.py").write_text(ANN_MODULE_3_SOURCE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c901d02a5a0cff63 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8783
            Path(tempdir, "inspect_stock_annotations.py").write_text(STOCK_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b3d527e5d4c16de3 Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8784
            Path(tempdir, "inspect_stringized_annotations.py").write_text(STRINGIZED_ANNOTATIONS)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #389ff12ff6cbc86d Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:8785
            Path(tempdir, "inspect_stringized_annotations_2.py").write_text(STRINGIZED_ANNOTATIONS_2)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74862107a152b0ca Filesystem access.
pkgs/python/[email protected]/src/test_typing_extensions.py:9234
            Path(tempdir, "inspect_stringized_annotations_pep_695.py").write_text(STRINGIZED_ANNOTATIONS_PEP_695)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.